summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoe Stringer <joestringer@nicira.com>2014-11-19 22:54:49 +0100
committerDavid S. Miller <davem@davemloft.net>2014-11-21 04:56:13 +0100
commitd3052bb5d306b29c1e7d9e5998c5ac4ca1ff0ca9 (patch)
tree16383bb53c7b2edd338cb465ea6bfc41b368fad6
parentpptp: fix stack info leak in pptp_getname() (diff)
downloadlinux-d3052bb5d306b29c1e7d9e5998c5ac4ca1ff0ca9.tar.xz
linux-d3052bb5d306b29c1e7d9e5998c5ac4ca1ff0ca9.zip
openvswitch: Don't validate IPv6 label masks.
When userspace doesn't provide a mask, OVS datapath generates a fully unwildcarded mask for the flow by copying the flow and setting all bits in all fields. For IPv6 label, this creates a mask that matches on the upper 12 bits, causing the following error: openvswitch: netlink: Invalid IPv6 flow label value (value=ffffffff, max=fffff) This patch ignores the label validation check for masks, avoiding this error. Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/openvswitch/flow_netlink.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
index fa4ec2e4a78b..089b195c064a 100644
--- a/net/openvswitch/flow_netlink.c
+++ b/net/openvswitch/flow_netlink.c
@@ -690,7 +690,7 @@ static int ovs_key_from_nlattrs(struct sw_flow_match *match, u64 attrs,
return -EINVAL;
}
- if (ipv6_key->ipv6_label & htonl(0xFFF00000)) {
+ if (!is_mask && ipv6_key->ipv6_label & htonl(0xFFF00000)) {
OVS_NLERR("IPv6 flow label %x is out of range (max=%x).\n",
ntohl(ipv6_key->ipv6_label), (1 << 20) - 1);
return -EINVAL;