diff options
author | Anand Kumar <kumaranand@vmware.com> | 2017-06-09 19:54:45 -0700 |
---|---|---|
committer | Ben Pfaff <blp@ovn.org> | 2017-07-10 11:14:55 -0700 |
commit | b34cd6119aa1ce50d910252202e5eaa13b5fce5e (patch) | |
tree | ed06dafb654091201a809284b306f3dfa31f23f1 /datapath-windows/ovsext/Actions.c | |
parent | ef666482cb8ab034a2aec3cec6ae07bd7b62136b (diff) | |
download | openvswitch-b34cd6119aa1ce50d910252202e5eaa13b5fce5e.tar.gz |
datapath-windows: Add validations in fragmentation module
- Minimum valid fragment size is 400 bytes, any fragment smaller
is likely to be intentionally crafted (CVE-2000-0305).
- Validate maximum length of an Ip datagram
- Added counters to keep track of number of fragments for a given
Ip datagram.
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Diffstat (limited to 'datapath-windows/ovsext/Actions.c')
-rw-r--r-- | datapath-windows/ovsext/Actions.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/datapath-windows/ovsext/Actions.c b/datapath-windows/ovsext/Actions.c index 3ea066b85..ebe8264aa 100644 --- a/datapath-windows/ovsext/Actions.c +++ b/datapath-windows/ovsext/Actions.c @@ -2181,7 +2181,7 @@ OvsDoExecuteActions(POVS_SWITCH_CONTEXT switchContext, if (status != NDIS_STATUS_SUCCESS) { /* Pending NBLs are consumed by Defragmentation. */ if (status != NDIS_STATUS_PENDING) { - OVS_LOG_ERROR("CT Action failed"); + OVS_LOG_ERROR("CT Action failed status = %lu", status); dropReason = L"OVS-conntrack action failed"; } else { /* We added a new pending NBL to be consumed later. |