| Message ID | 9c1c64e651df22df64d2e7d235df189dd4c83349.1587658935.git.lorenzo.bianconi@redhat.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [ovs-dev,ovn] IPv6 PD: time parameter checks | expand |
On Thu, Apr 23, 2020 at 9:55 PM Lorenzo Bianconi <lorenzo.bianconi@redhat.com> wrote: > > RFC3633 imposes the following constraints for IPv6 pd time parameters: > > Identity Association for Prefix Delegation Option: > -------------------------------------------------- > t1 must not be greater than t2 if both of them are greater than 0 > > IA_PD Prefix option: > -------------------- > preferred lifetime must not be greater than valid lifetime > > Add checks for previous constraints in ovn implementation > > Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Thanks Lorenzo. I applied this patch to master. Numan > --- > controller/pinctrl.c | 19 ++++++++++++++++++- > 1 file changed, 18 insertions(+), 1 deletion(-) > > diff --git a/controller/pinctrl.c b/controller/pinctrl.c > index 8592d4e3f..7ac487f05 100644 > --- a/controller/pinctrl.c > +++ b/controller/pinctrl.c > @@ -653,6 +653,11 @@ pinctrl_parse_dhcpv6_advt(struct rconn *swconn, const struct flow *ip_flow, > case DHCPV6_OPT_IA_PD: { > struct dhcpv6_opt_ia_na *ia_na = (struct dhcpv6_opt_ia_na *)in_opt; > int orig_len = len, hdr_len = 0, size = sizeof *in_opt + 12; > + uint32_t t1 = ntohl(ia_na->t1), t2 = ntohl(ia_na->t2); > + > + if (t1 > t2 && t2 > 0) { > + goto out; > + } > > aid = ntohl(ia_na->iaid); > memcpy(&data[len], in_opt, size); > @@ -667,6 +672,15 @@ pinctrl_parse_dhcpv6_advt(struct rconn *swconn, const struct flow *ip_flow, > } > > if (ntohs(in_opt->code) == DHCPV6_OPT_IA_PREFIX) { > + struct dhcpv6_opt_ia_prefix *ia_hdr = > + (struct dhcpv6_opt_ia_prefix *)in_opt; > + uint32_t plife_time = ntohl(ia_hdr->plife_time); > + uint32_t vlife_time = ntohl(ia_hdr->vlife_time); > + > + if (plife_time > vlife_time) { > + goto out; > + } > + > memcpy(&data[len], in_opt, flen); > hdr_len += flen; > len += flen; > @@ -831,9 +845,12 @@ pinctrl_parse_dhcpv6_reply(struct dp_packet *pkt_in, > struct dhcpv6_opt_ia_prefix *ia_hdr = > (struct dhcpv6_opt_ia_prefix *)(in_dhcpv6_data + size); > > - prefix_len = ia_hdr->plen; > plife_time = ntohl(ia_hdr->plife_time); > vlife_time = ntohl(ia_hdr->vlife_time); > + if (plife_time > vlife_time) { > + break; > + } > + prefix_len = ia_hdr->plen; > memcpy(&ipv6, &ia_hdr->ipv6, sizeof (struct in6_addr)); > } > if (ntohs(in_opt->code) == DHCPV6_OPT_STATUS_CODE) { > -- > 2.25.3 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev >
diff --git a/controller/pinctrl.c b/controller/pinctrl.c index 8592d4e3f..7ac487f05 100644 --- a/controller/pinctrl.c +++ b/controller/pinctrl.c @@ -653,6 +653,11 @@ pinctrl_parse_dhcpv6_advt(struct rconn *swconn, const struct flow *ip_flow, case DHCPV6_OPT_IA_PD: { struct dhcpv6_opt_ia_na *ia_na = (struct dhcpv6_opt_ia_na *)in_opt; int orig_len = len, hdr_len = 0, size = sizeof *in_opt + 12; + uint32_t t1 = ntohl(ia_na->t1), t2 = ntohl(ia_na->t2); + + if (t1 > t2 && t2 > 0) { + goto out; + } aid = ntohl(ia_na->iaid); memcpy(&data[len], in_opt, size); @@ -667,6 +672,15 @@ pinctrl_parse_dhcpv6_advt(struct rconn *swconn, const struct flow *ip_flow, } if (ntohs(in_opt->code) == DHCPV6_OPT_IA_PREFIX) { + struct dhcpv6_opt_ia_prefix *ia_hdr = + (struct dhcpv6_opt_ia_prefix *)in_opt; + uint32_t plife_time = ntohl(ia_hdr->plife_time); + uint32_t vlife_time = ntohl(ia_hdr->vlife_time); + + if (plife_time > vlife_time) { + goto out; + } + memcpy(&data[len], in_opt, flen); hdr_len += flen; len += flen; @@ -831,9 +845,12 @@ pinctrl_parse_dhcpv6_reply(struct dp_packet *pkt_in, struct dhcpv6_opt_ia_prefix *ia_hdr = (struct dhcpv6_opt_ia_prefix *)(in_dhcpv6_data + size); - prefix_len = ia_hdr->plen; plife_time = ntohl(ia_hdr->plife_time); vlife_time = ntohl(ia_hdr->vlife_time); + if (plife_time > vlife_time) { + break; + } + prefix_len = ia_hdr->plen; memcpy(&ipv6, &ia_hdr->ipv6, sizeof (struct in6_addr)); } if (ntohs(in_opt->code) == DHCPV6_OPT_STATUS_CODE) {
RFC3633 imposes the following constraints for IPv6 pd time parameters: Identity Association for Prefix Delegation Option: -------------------------------------------------- t1 must not be greater than t2 if both of them are greater than 0 IA_PD Prefix option: -------------------- preferred lifetime must not be greater than valid lifetime Add checks for previous constraints in ovn implementation Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> --- controller/pinctrl.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-)