rpms / ovn

Clone
Source Code
GIT

Blame SOURCES/0001-ovn-northd-Validate-dnat_and_snat-external_mac-logic.patch

c8-sig-nfv-openvswitch-2.11 c8-sig-nfv-openvswitch-2.13 c8-sig-nfv-ovn-2021 c8s-sig-nfv-ovn22 c9s-sig-nfv-ovn-2021 c9s-sig-nfv-ovn22 c9s-sig-nfv-ovn23.09 c9s-sig-nfv-ovn24.03
  1.   c8-sig-nfv-openvswitch-2.11
  2.   SOURCES
  3.   0001-ovn-northd-Validate-dnat_and_snat-external_mac-logic.patch
Blob History Raw
bbaaef 
From e02f2e47383097b737bb9a1cf3a371268c0693da Mon Sep 17 00:00:00 2001
bbaaef 
From: Dumitru Ceara <dceara@redhat.com>
bbaaef 
Date: Thu, 7 Nov 2019 13:19:19 +0100
bbaaef 
Subject: [PATCH ovn] ovn-northd: Validate dnat_and_snat
bbaaef 
 external_mac/logical_ip.
bbaaef
bbaaef 
When dnat_and_snat NAT rules are configured, if the user tries to set
bbaaef 
external_mac in the NAT rule record without setting logical_ip
bbaaef 
ovn-northd crashes as there's no validation in place.
bbaaef
bbaaef 
Add checks for valid ethernet address in NAT.external_mac and for
bbaaef 
non-null NAT.logical_ip where applicable.
bbaaef
bbaaef 
Reported-by: Daniel Alvarez Sanchez <dalvarez@redhat.com>
bbaaef 
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1769709
bbaaef 
Signed-off-by: Dumitru Ceara <dceara@redhat.com>
bbaaef 
Signed-off-by: Numan Siddique <numans@ovn.org>
bbaaef 
---
bbaaef 
 ovn/northd/ovn-northd.c | 14 +++++++++++---
bbaaef 
 1 file changed, 11 insertions(+), 3 deletions(-)
bbaaef
bbaaef 
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
bbaaef 
index c23c270..2f0f501 100644
bbaaef 
--- a/ovn/northd/ovn-northd.c
bbaaef 
+++ b/ovn/northd/ovn-northd.c
bbaaef 
@@ -6032,9 +6032,12 @@ add_distributed_nat_routes(struct hmap *lflows, const struct ovn_port *op)
bbaaef 
     for (size_t i = 0; i < op->od->nbr->n_nat; i++) {
bbaaef 
         const struct nbrec_nat *nat = op->od->nbr->nat[i];
bbaaef 
         bool found = false;
bbaaef 
+        struct eth_addr mac;
bbaaef
bbaaef 
         if (strcmp(nat->type, "dnat_and_snat") ||
bbaaef 
-            !nat->external_mac  || !nat->external_ip) {
bbaaef 
+                !nat->external_mac ||
bbaaef 
+                !eth_addr_from_string(nat->external_mac, &mac) ||
bbaaef 
+                !nat->external_ip || !nat->logical_port) {
bbaaef 
             continue;
bbaaef 
         }
bbaaef
bbaaef 
@@ -6083,10 +6086,14 @@ add_distributed_nat_routes(struct hmap *lflows, const struct ovn_port *op)
bbaaef
bbaaef 
         for (size_t j = 0; j < op->od->nbr->n_nat; j++) {
bbaaef 
             const struct nbrec_nat *nat2 = op->od->nbr->nat[j];
bbaaef 
+            struct eth_addr mac2;
bbaaef
bbaaef 
             if (nat == nat2 || strcmp(nat2->type, "dnat_and_snat") ||
bbaaef 
-                !nat2->external_mac || !nat2->external_ip)
bbaaef 
+                    !nat2->external_mac ||
bbaaef 
+                    !eth_addr_from_string(nat2->external_mac, &mac2) ||
bbaaef 
+                    !nat2->external_ip) {
bbaaef 
                 continue;
bbaaef 
+            }
bbaaef
bbaaef 
             family = AF_INET;
bbaaef 
             if (!ip_parse(nat2->external_ip, &ip) || !ip) {
bbaaef 
@@ -7785,7 +7792,8 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
bbaaef 
             if (od->l3dgw_port) {
bbaaef 
                 /* Distributed router. */
bbaaef 
                 if (!strcmp(nat->type, "dnat_and_snat") &&
bbaaef 
-                    nat->external_mac && nat->external_ip) {
bbaaef 
+                        nat->external_mac && nat->external_ip &&
bbaaef 
+                        eth_addr_from_string(nat->external_mac, &mac)) {
bbaaef 
                     for (int j = 0; j < od->nbr->n_nat; j++) {
bbaaef 
                         const struct nbrec_nat *nat2 = od->nbr->nat[j];
bbaaef
bbaaef 
--
bbaaef 
1.8.3.1
bbaaef

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation