From patchwork Tue Jun 23 08:17:50 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dumitru Ceara <dceara@redhat.com>
X-Patchwork-Id: 1314985
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=140.211.166.138; helo=whitealder.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=redhat.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=SpSIxIS9;
	dkim-atps=neutral
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 49rfMM2w8jz9sQx
	for <incoming@patchwork.ozlabs.org>; Tue, 23 Jun 2020 18:19:27 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id AC47F86E18;
	Tue, 23 Jun 2020 08:19:25 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id K2ZpWGlD1JdM; Tue, 23 Jun 2020 08:19:24 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by whitealder.osuosl.org (Postfix) with ESMTP id D6127869F2;
	Tue, 23 Jun 2020 08:19:24 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 9A708C0891;
	Tue, 23 Jun 2020 08:19:24 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 36FFEC016F
 for <dev@openvswitch.org>; Tue, 23 Jun 2020 08:19:23 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by silver.osuosl.org (Postfix) with ESMTP id 12DC4203FC
 for <dev@openvswitch.org>; Tue, 23 Jun 2020 08:19:23 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id dK-h0RVMl7cG for <dev@openvswitch.org>;
 Tue, 23 Jun 2020 08:19:22 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com
 [207.211.31.81])
 by silver.osuosl.org (Postfix) with ESMTPS id E62342036E
 for <dev@openvswitch.org>; Tue, 23 Jun 2020 08:19:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1592900360;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:content-type:content-type;
 bh=F6ZYHt8KuqfCWx1ZY+H3SvWsGoRWsox49+ZCLrEmg6k=;
 b=SpSIxIS9tGTT6kW/FCqg8o8c8iIeRqDAKQfffaCKhRov1yDwJKeW+nHs6WMNZ83qYqRCAS
 ZoS+gh0xD+Es/d0BO7RvKrb/zJADe6UriQUX/P3LaC44Zx1w1dDYtyjBGVatT+pnvndCXR
 CBRs1B7MWSLQK6FlMAsXzsHEbxyAU10=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-385-R-sIr9LGMmOESJvoFvD_aw-1; Tue, 23 Jun 2020 04:18:54 -0400
X-MC-Unique: R-sIr9LGMmOESJvoFvD_aw-1
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7CF72A0C09
 for <dev@openvswitch.org>; Tue, 23 Jun 2020 08:18:53 +0000 (UTC)
Received: from dceara.remote.csb (ovpn-114-124.ams2.redhat.com
 [10.36.114.124])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 079AA5C3F8
 for <dev@openvswitch.org>; Tue, 23 Jun 2020 08:18:52 +0000 (UTC)
From: Dumitru Ceara <dceara@redhat.com>
To: dev@openvswitch.org
Date: Tue, 23 Jun 2020 10:17:50 +0200
Message-Id: <1592900270-30788-1-git-send-email-dceara@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Subject: [ovs-dev] [PATCH ovn] lex: Allow unmasked bits in value/mask tokens.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

It's quite restrictive to not accept ACLs/policies that match on a CIDR
that has non-zero host bits. Right now this generates a lexer error that
can only be detected in the logs.

There's no real harm in automatically zero-ing the unmasked bits.

Reported-at: https://bugzilla.redhat.com/1812820
Reported-by: Ying Xu <yinxu@redhat.com>
Signed-off-by: Dumitru Ceara <dceara@redhat.com>
Acked-by: Mark Michelson <mmichels@redhat.com>
---
 lib/lex.c    | 10 ++--------
 tests/ovn.at |  8 ++++----
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/lib/lex.c b/lib/lex.c
index 94f6c77..4d92199 100644
--- a/lib/lex.c
+++ b/lib/lex.c
@@ -485,16 +485,10 @@ lex_parse_mask(const char *p, struct lex_token *token)
         return p;
     }
 
-    /* Check invariant that a 1-bit in the value corresponds to a 1-bit in the
+    /* Apply invariant that a 1-bit in the value corresponds to a 1-bit in the
      * mask. */
     for (int i = 0; i < ARRAY_SIZE(token->mask.be32); i++) {
-        ovs_be32 v = token->value.be32[i];
-        ovs_be32 m = token->mask.be32[i];
-
-        if (v & ~m) {
-            lex_error(token, "Value contains unmasked 1-bits.");
-            break;
-        }
+        token->value.be32[i] &= token->mask.be32[i];
     }
 
     /* Done! */
diff --git a/tests/ovn.at b/tests/ovn.at
index 1ff7952..0c0daed 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -79,7 +79,7 @@ a/b => a error("`/' is only valid as part of `//' or `/*'.") b
 
 0/0
 0/1
-1/0 => error("Value contains unmasked 1-bits.")
+1/0 => 0/0
 1/1
 128/384
 1/3
@@ -99,7 +99,7 @@ a/b => a error("`/' is only valid as part of `//' or `/*'.") b
 0X => error("Hex digits expected following 0X.")
 0x0/0x0 => 0/0
 0x0/0x1 => 0/0x1
-0x1/0x0 => error("Value contains unmasked 1-bits.")
+0x1/0x0 => 0/0
 0xffff/0x1ffff
 0x. => error("Invalid syntax in hexadecimal constant.")
 
@@ -109,7 +109,7 @@ a/b => a error("`/' is only valid as part of `//' or `/*'.") b
 192.168.0.0/255.255.0.0 => 192.168.0.0/16
 192.168.0.0/255.255.255.0 => 192.168.0.0/24
 192.168.0.0/255.255.0.255
-192.168.0.0/255.0.0.0 => error("Value contains unmasked 1-bits.")
+192.168.0.0/255.0.0.0 => 192.0.0.0/8
 192.168.0.0/32
 192.168.0.0/255.255.255.255 => 192.168.0.0/32
 1.2.3.4:5 => 1.2.3.4 : 5
@@ -135,7 +135,7 @@ FE:DC:ba:98:76:54 => fe:dc:ba:98:76:54
 01:00:00:00:00:00/01:00:00:00:00:00
 ff:ff:ff:ff:ff:ff/ff:ff:ff:ff:ff:ff
 fe:ff:ff:ff:ff:ff/ff:ff:ff:ff:ff:ff
-ff:ff:ff:ff:ff:ff/fe:ff:ff:ff:ff:ff => error("Value contains unmasked 1-bits.")
+ff:ff:ff:ff:ff:ff/fe:ff:ff:ff:ff:ff => fe:ff:ff:ff:ff:ff/fe:ff:ff:ff:ff:ff
 fe:x => error("Invalid numeric constant.")
 00:01:02:03:04:x => error("Invalid numeric constant.")