rpms / ovn

Clone
Source Code
GIT

Blame SOURCES/0001-IPv6-PD-time-parameter-checks.patch

c8-sig-nfv-openvswitch-2.11 c8-sig-nfv-openvswitch-2.13 c8-sig-nfv-ovn-2021 c8s-sig-nfv-ovn22 c9s-sig-nfv-ovn-2021 c9s-sig-nfv-ovn22 c9s-sig-nfv-ovn23.09 c9s-sig-nfv-ovn24.03
  1.   773311d4e5a94d6e76ff0b570394feaaeea03d05
  2.   SOURCES
  3.   0001-IPv6-PD-time-parameter-checks.patch
Blob History Raw
773311 
From 942f7b2b9e3acfc7b1d6ea5c48fc22171b14549a Mon Sep 17 00:00:00 2001
773311 
Message-Id: <942f7b2b9e3acfc7b1d6ea5c48fc22171b14549a.1588586761.git.lorenzo.bianconi@redhat.com>
773311 
From: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
773311 
Date: Thu, 23 Apr 2020 18:25:20 +0200
773311 
Subject: [PATCH] IPv6 PD: time parameter checks
773311
773311 
RFC3633 imposes the following constraints for IPv6 pd time parameters:
773311
773311 
Identity Association for Prefix Delegation Option:
773311 
--------------------------------------------------
773311 
t1 must not be greater than t2 if both of them are greater than 0
773311
773311 
IA_PD Prefix option:
773311 
--------------------
773311 
preferred lifetime must not be greater than valid lifetime
773311
773311 
Add checks for previous constraints in ovn implementation
773311
773311 
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
773311 
Signed-off-by: Numan Siddique <numans@ovn.org>
773311 
---
773311 
 controller/pinctrl.c | 19 ++++++++++++++++++-
773311 
 1 file changed, 18 insertions(+), 1 deletion(-)
773311
773311 
--- a/controller/pinctrl.c
773311 
+++ b/controller/pinctrl.c
773311 
@@ -653,6 +653,11 @@ pinctrl_parse_dhcpv6_advt(struct rconn *
773311 
         case DHCPV6_OPT_IA_PD: {
773311 
             struct dhcpv6_opt_ia_na *ia_na = (struct dhcpv6_opt_ia_na *)in_opt;
773311 
             int orig_len = len, hdr_len = 0, size = sizeof *in_opt + 12;
773311 
+            uint32_t t1 = ntohl(ia_na->t1), t2 = ntohl(ia_na->t2);
773311 
+
773311 
+            if (t1 > t2 && t2 > 0) {
773311 
+                goto out;
773311 
+            }
773311
773311 
             aid = ntohl(ia_na->iaid);
773311 
             memcpy(&data[len], in_opt, size);
773311 
@@ -667,6 +672,15 @@ pinctrl_parse_dhcpv6_advt(struct rconn *
773311 
                 }
773311
773311 
                 if (ntohs(in_opt->code) == DHCPV6_OPT_IA_PREFIX) {
773311 
+                    struct dhcpv6_opt_ia_prefix *ia_hdr =
773311 
+                        (struct dhcpv6_opt_ia_prefix *)in_opt;
773311 
+                    uint32_t plife_time = ntohl(ia_hdr->plife_time);
773311 
+                    uint32_t vlife_time = ntohl(ia_hdr->vlife_time);
773311 
+
773311 
+                    if (plife_time > vlife_time) {
773311 
+                        goto out;
773311 
+                    }
773311 
+
773311 
                     memcpy(&data[len], in_opt, flen);
773311 
                     hdr_len += flen;
773311 
                     len += flen;
773311 
@@ -831,9 +845,12 @@ pinctrl_parse_dhcpv6_reply(struct dp_pac
773311 
                     struct dhcpv6_opt_ia_prefix *ia_hdr =
773311 
                         (struct dhcpv6_opt_ia_prefix *)(in_dhcpv6_data + size);
773311
773311 
-                    prefix_len = ia_hdr->plen;
773311 
                     plife_time = ntohl(ia_hdr->plife_time);
773311 
                     vlife_time = ntohl(ia_hdr->vlife_time);
773311 
+                    if (plife_time > vlife_time) {
773311 
+                        break;
773311 
+                    }
773311 
+                    prefix_len = ia_hdr->plen;
773311 
                     memcpy(&ipv6, &ia_hdr->ipv6, sizeof (struct in6_addr));
773311 
                     status = true;
773311 
                 }

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation