Commit 072ae631 authored by Pravin B Shelar's avatar Pravin B Shelar Committed by Jesse Gross

openvswitch: Validation of IPv6 set port action uses IPv4 header

When the kernel validates set TCP/UDP port actions, it looks at
the ports in the existing flow to make sure that the L4 header exists.
However, these actions always use the IPv4 version of the struct.
Following patch fixes this by checking for flow ip protocol first.
Signed-off-by: default avatarPravin B Shelar <pshelar@nicira.com>
Signed-off-by: default avatarJesse Gross <jesse@nicira.com>
parent 4cb6e116
...@@ -421,6 +421,19 @@ static int validate_sample(const struct nlattr *attr, ...@@ -421,6 +421,19 @@ static int validate_sample(const struct nlattr *attr,
return validate_actions(actions, key, depth + 1); return validate_actions(actions, key, depth + 1);
} }
static int validate_tp_port(const struct sw_flow_key *flow_key)
{
if (flow_key->eth.type == htons(ETH_P_IP)) {
if (flow_key->ipv4.tp.src && flow_key->ipv4.tp.dst)
return 0;
} else if (flow_key->eth.type == htons(ETH_P_IPV6)) {
if (flow_key->ipv6.tp.src && flow_key->ipv6.tp.dst)
return 0;
}
return -EINVAL;
}
static int validate_set(const struct nlattr *a, static int validate_set(const struct nlattr *a,
const struct sw_flow_key *flow_key) const struct sw_flow_key *flow_key)
{ {
...@@ -462,18 +475,13 @@ static int validate_set(const struct nlattr *a, ...@@ -462,18 +475,13 @@ static int validate_set(const struct nlattr *a,
if (flow_key->ip.proto != IPPROTO_TCP) if (flow_key->ip.proto != IPPROTO_TCP)
return -EINVAL; return -EINVAL;
if (!flow_key->ipv4.tp.src || !flow_key->ipv4.tp.dst) return validate_tp_port(flow_key);
return -EINVAL;
break;
case OVS_KEY_ATTR_UDP: case OVS_KEY_ATTR_UDP:
if (flow_key->ip.proto != IPPROTO_UDP) if (flow_key->ip.proto != IPPROTO_UDP)
return -EINVAL; return -EINVAL;
if (!flow_key->ipv4.tp.src || !flow_key->ipv4.tp.dst) return validate_tp_port(flow_key);
return -EINVAL;
break;
default: default:
return -EINVAL; return -EINVAL;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment