diff options
| author | Justin Pettit <jpettit@nicira.com> | 2012-12-13 16:22:55 -0800 |
|---|---|---|
| committer | Justin Pettit <jpettit@nicira.com> | 2012-12-13 16:39:10 -0800 |
| commit | d3141c107ca88d306687cd4d7e7ea90142e3a70a (patch) | |
| tree | c6906f972f2c88defe51fe6e43a36406b796b41b | |
| parent | 6ed32382fd9807deb5b090cf4a2c187c1c63b937 (diff) | |
| download | openvswitch-d3141c107ca88d306687cd4d7e7ea90142e3a70a.tar.gz | |
meta-flow: Don't allow negative port numbers.
If a negative number is supplied, the parsing code used to convert it
into a signed one. We ran into an incident where a third-party script
was attempting to get the OpenFlow port number for an interface, but got
-1 from the database, since the number had not yet been assigned. This
was converted to 65535, which maps to OFPP_NONE and all flows with
ingress port OFPP_NONE were modified. This commit disallows negative
port numbers to help prevent broken integration scripts from disturbing
the flow table.
Issue #14036
Signed-off-by: Justin Pettit <jpettit@nicira.com>
| -rw-r--r-- | lib/meta-flow.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/meta-flow.c b/lib/meta-flow.c index 8b60b35f1..de11bdf7b 100644 --- a/lib/meta-flow.c +++ b/lib/meta-flow.c @@ -2082,7 +2082,10 @@ mf_from_ofp_port_string(const struct mf_field *mf, const char *s, uint16_t port; assert(mf->n_bytes == sizeof(ovs_be16)); - if (ofputil_port_from_string(s, &port)) { + if (*s == '-') { + return xasprintf("%s: negative values not supported for %s", + s, mf->name); + } else if (ofputil_port_from_string(s, &port)) { *valuep = htons(port); *maskp = htons(UINT16_MAX); return NULL; |