From: Justin Pettit Date: Fri, 14 Dec 2012 00:22:55 +0000 (-0800) Subject: meta-flow: Don't allow negative port numbers. X-Git-Tag: sliver-openvswitch-1.9.90-3~10^2~90 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=05dddbac2fd8652409a1a377fcebfd46c35673be;p=sliver-openvswitch.git meta-flow: Don't allow negative port numbers. If a negative number is supplied, the parsing code used to convert it into a signed one. We ran into an incident where a third-party script was attempting to get the OpenFlow port number for an interface, but got -1 from the database, since the number had not yet been assigned. This was converted to 65535, which maps to OFPP_NONE and all flows with ingress port OFPP_NONE were modified. This commit disallows negative port numbers to help prevent broken integration scripts from disturbing the flow table. Issue #14036 Signed-off-by: Justin Pettit --- diff --git a/lib/meta-flow.c b/lib/meta-flow.c index 749898fce..27f3904fa 100644 --- a/lib/meta-flow.c +++ b/lib/meta-flow.c @@ -2087,7 +2087,10 @@ mf_from_ofp_port_string(const struct mf_field *mf, const char *s, uint16_t port; assert(mf->n_bytes == sizeof(ovs_be16)); - if (ofputil_port_from_string(s, &port)) { + if (*s == '-') { + return xasprintf("%s: negative values not supported for %s", + s, mf->name); + } else if (ofputil_port_from_string(s, &port)) { *valuep = htons(port); *maskp = htons(UINT16_MAX); return NULL;