summaryrefslogtreecommitdiff
path: root/net/openvswitch/flow_netlink.c
diff options
context:
space:
mode:
authorJoe Stringer <joestringer@nicira.com>2015-10-06 20:59:59 +0300
committerDavid S. Miller <davem@davemloft.net>2015-10-07 15:03:05 +0300
commit6f225952461b5e9b5520d0dc6e2ff0af57874fbb (patch)
tree640b5ffa111825c21aa8ff7847e3d466b1922005 /net/openvswitch/flow_netlink.c
parentec0d043d05e6e3c0c2fac5de922c800c027c6386 (diff)
downloadlinux-6f225952461b5e9b5520d0dc6e2ff0af57874fbb.tar.xz
openvswitch: Reject ct_state unsupported bits
Previously, if userspace specified ct_state bits in the flow key which are currently undefined (and therefore unsupported), then they would be ignored. This could cause unexpected behaviour in future if userspace is extended to support additional bits but attempts to communicate with the current version of the kernel. This patch rectifies the situation by rejecting such ct_state bits. Fixes: 7f8a436eaa2c "openvswitch: Add conntrack action" Signed-off-by: Joe Stringer <joestringer@nicira.com> Acked-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/openvswitch/flow_netlink.c')
-rw-r--r--net/openvswitch/flow_netlink.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
index a60e3b7684bc..d47b5c5c640e 100644
--- a/net/openvswitch/flow_netlink.c
+++ b/net/openvswitch/flow_netlink.c
@@ -816,6 +816,12 @@ static int metadata_from_nlattrs(struct net *net, struct sw_flow_match *match,
ovs_ct_verify(net, OVS_KEY_ATTR_CT_STATE)) {
u8 ct_state = nla_get_u8(a[OVS_KEY_ATTR_CT_STATE]);
+ if (!is_mask && !ovs_ct_state_supported(ct_state)) {
+ OVS_NLERR(log, "ct_state flags %02x unsupported",
+ ct_state);
+ return -EINVAL;
+ }
+
SW_FLOW_KEY_PUT(match, ct.state, ct_state, is_mask);
*attrs &= ~(1ULL << OVS_KEY_ATTR_CT_STATE);
}