From patchwork Thu Apr 23 16:25:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 1275866 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=AkNrroDp; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 497N2d2ztfz9sRN for ; Fri, 24 Apr 2020 02:25:44 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 0EF5086DD0; Thu, 23 Apr 2020 16:25:41 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NaWtJz59FNAo; Thu, 23 Apr 2020 16:25:39 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id A165086DB0; Thu, 23 Apr 2020 16:25:39 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 87802C1797; Thu, 23 Apr 2020 16:25:39 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id A4604C0175 for ; Thu, 23 Apr 2020 16:25:38 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 8B92D87DB3 for ; Thu, 23 Apr 2020 16:25:38 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hfyPQmh2dzsj for ; Thu, 23 Apr 2020 16:25:37 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) by whitealder.osuosl.org (Postfix) with ESMTPS id 9ABEE877D0 for ; Thu, 23 Apr 2020 16:25:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1587659136; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wMOoj8LmveO+FRaxDT8M3k1CujMvJ9mDNIrRQXfl5N0=; b=AkNrroDpTPjCBuVtDdS/xYw/K8Je5+18qa8QmzSOq/xGBqs6A7oFI/b2vv68fSj6r7JEEv Cqrq/OfUoG1vR4CQ/L94ygGnbSyQwdDKMjc/ythLYGTEBNP/ZMQ19RCVqghn7hYVKgvlwr yc7HeXKdVCSeeMgVtIIuXP7rqqyeVU0= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-167-Tb2J5oSNO9O10yGxLumlrA-1; Thu, 23 Apr 2020 12:25:31 -0400 X-MC-Unique: Tb2J5oSNO9O10yGxLumlrA-1 Received: by mail-wm1-f70.google.com with SMTP id n127so2577322wme.4 for ; Thu, 23 Apr 2020 09:25:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=Sj3h4sCHOiOe73GjxV7KvvQToS/+4GaP0E+HmiDG108=; b=pi0mJYdkXxj65HScvGwHUO0S/40j8OWlpPLtCoioriPwhRhQx210W18caNMXAFuDEr 2uxRq84g+VIEmU2pKAG2Zul+HLv3YqwmVC6M49045gbwOi6Z+b456+mcTER5B2Zk6v+Y FPagKKIDjNetMbEiIr058647YZ9H/yQa6lIoCu5qS9s38+OZDFHh/4/iFi65eaPvvPbX 7VmcmBdTUGx/Z7ANF2dnleqcWyaVymwTz8QdJvfKIJWG//ivoq+iKDAST1HSgI0P6izg HQXjhQXPcLjSqSTcXkqx2Q0dcZr67k8WpAs6DBfcY5jcTAyfk/NZ1YaXIqq92S2hVKwB tJlA== X-Gm-Message-State: AGi0PuYacYUcbiydOh8B4xzA9z+Cs0AnJviX6lbLGzFh8/Y3KU6zNgW9 jxzAVa86D/hQ7z6gPQ13lV0KLfrRaUdzj7gBxROQSn4VEoV7Ss4b2iWbD220kUlpgpuqzlR7ikv a8QupdEEsbq0ZLZ6geQ== X-Received: by 2002:adf:dd8a:: with SMTP id x10mr5920853wrl.308.1587659130303; Thu, 23 Apr 2020 09:25:30 -0700 (PDT) X-Google-Smtp-Source: APiQypIkiJcOvDoMlRvtInu0vlrLKHB27j+azkpgt6j1XP2JCf8uud0aT4JisDkEsEMkeJoDXlkITQ== X-Received: by 2002:adf:dd8a:: with SMTP id x10mr5920829wrl.308.1587659130034; Thu, 23 Apr 2020 09:25:30 -0700 (PDT) Received: from localhost.localdomain.com ([151.66.196.206]) by smtp.gmail.com with ESMTPSA id y63sm4473070wmg.21.2020.04.23.09.25.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Apr 2020 09:25:29 -0700 (PDT) From: Lorenzo Bianconi To: ovs-dev@openvswitch.org Date: Thu, 23 Apr 2020 18:25:20 +0200 Message-Id: <9c1c64e651df22df64d2e7d235df189dd4c83349.1587658935.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.25.3 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn] IPv6 PD: time parameter checks X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" RFC3633 imposes the following constraints for IPv6 pd time parameters: Identity Association for Prefix Delegation Option: -------------------------------------------------- t1 must not be greater than t2 if both of them are greater than 0 IA_PD Prefix option: -------------------- preferred lifetime must not be greater than valid lifetime Add checks for previous constraints in ovn implementation Signed-off-by: Lorenzo Bianconi --- controller/pinctrl.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/controller/pinctrl.c b/controller/pinctrl.c index 8592d4e3f..7ac487f05 100644 --- a/controller/pinctrl.c +++ b/controller/pinctrl.c @@ -653,6 +653,11 @@ pinctrl_parse_dhcpv6_advt(struct rconn *swconn, const struct flow *ip_flow, case DHCPV6_OPT_IA_PD: { struct dhcpv6_opt_ia_na *ia_na = (struct dhcpv6_opt_ia_na *)in_opt; int orig_len = len, hdr_len = 0, size = sizeof *in_opt + 12; + uint32_t t1 = ntohl(ia_na->t1), t2 = ntohl(ia_na->t2); + + if (t1 > t2 && t2 > 0) { + goto out; + } aid = ntohl(ia_na->iaid); memcpy(&data[len], in_opt, size); @@ -667,6 +672,15 @@ pinctrl_parse_dhcpv6_advt(struct rconn *swconn, const struct flow *ip_flow, } if (ntohs(in_opt->code) == DHCPV6_OPT_IA_PREFIX) { + struct dhcpv6_opt_ia_prefix *ia_hdr = + (struct dhcpv6_opt_ia_prefix *)in_opt; + uint32_t plife_time = ntohl(ia_hdr->plife_time); + uint32_t vlife_time = ntohl(ia_hdr->vlife_time); + + if (plife_time > vlife_time) { + goto out; + } + memcpy(&data[len], in_opt, flen); hdr_len += flen; len += flen; @@ -831,9 +845,12 @@ pinctrl_parse_dhcpv6_reply(struct dp_packet *pkt_in, struct dhcpv6_opt_ia_prefix *ia_hdr = (struct dhcpv6_opt_ia_prefix *)(in_dhcpv6_data + size); - prefix_len = ia_hdr->plen; plife_time = ntohl(ia_hdr->plife_time); vlife_time = ntohl(ia_hdr->vlife_time); + if (plife_time > vlife_time) { + break; + } + prefix_len = ia_hdr->plen; memcpy(&ipv6, &ia_hdr->ipv6, sizeof (struct in6_addr)); } if (ntohs(in_opt->code) == DHCPV6_OPT_STATUS_CODE) {