openvswitch: Relax set header validation.
When installing a flow with an action to set a particular field we need to validate that the packets that are part of the flow actually contain that header. With IP we use zeroed addresses and with TCP/UDP the check is for zeroed ports. This check is overly broad and can catch packets like DHCP requests that have a zero source address in a legitimate header. This changes the check to look for a zeroed protocol number for IP or for both ports be zero for TCP/UDP before considering the header to not exist. Reported-by: NEthan Jackson <ethan@nicira.com> Signed-off-by: NJesse Gross <jesse@nicira.com>
Showing
想要评论请 注册 或 登录