diff options
author | Joe Stringer <joestringer@nicira.com> | 2014-11-19 22:54:49 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-11-21 04:56:13 +0100 |
commit | d3052bb5d306b29c1e7d9e5998c5ac4ca1ff0ca9 (patch) | |
tree | 16383bb53c7b2edd338cb465ea6bfc41b368fad6 /net/openvswitch | |
parent | pptp: fix stack info leak in pptp_getname() (diff) | |
download | linux-d3052bb5d306b29c1e7d9e5998c5ac4ca1ff0ca9.tar.xz linux-d3052bb5d306b29c1e7d9e5998c5ac4ca1ff0ca9.zip |
openvswitch: Don't validate IPv6 label masks.
When userspace doesn't provide a mask, OVS datapath generates a fully
unwildcarded mask for the flow by copying the flow and setting all bits
in all fields. For IPv6 label, this creates a mask that matches on the
upper 12 bits, causing the following error:
openvswitch: netlink: Invalid IPv6 flow label value (value=ffffffff, max=fffff)
This patch ignores the label validation check for masks, avoiding this
error.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/openvswitch')
-rw-r--r-- | net/openvswitch/flow_netlink.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c index fa4ec2e4a78b..089b195c064a 100644 --- a/net/openvswitch/flow_netlink.c +++ b/net/openvswitch/flow_netlink.c @@ -690,7 +690,7 @@ static int ovs_key_from_nlattrs(struct sw_flow_match *match, u64 attrs, return -EINVAL; } - if (ipv6_key->ipv6_label & htonl(0xFFF00000)) { + if (!is_mask && ipv6_key->ipv6_label & htonl(0xFFF00000)) { OVS_NLERR("IPv6 flow label %x is out of range (max=%x).\n", ntohl(ipv6_key->ipv6_label), (1 << 20) - 1); return -EINVAL; |