meta-flow: Don't allow negative port numbers.

If a negative number is supplied, the parsing code used to convert it into a signed one. We ran into an incident where a third-party script was attempting to get the OpenFlow port number for an interface, but got -1 from the database, since the number had not yet been assigned. This was converted to 65535, which maps to OFPP_NONE and all flows with ingress port OFPP_NONE were modified. This commit disallows negative port numbers to help prevent broken integration scripts from disturbing the flow table. Issue #14036 Signed-off-by: Justin Pettit <jpettit@nicira.com>
2025-08-31 22:35:15 +00:00 · 2012-12-13 16:22:55 -08:00
parent d047fd17b8
commit 05dddbac2f
1 changed files with 4 additions and 1 deletions
--- a/lib/meta-flow.c
+++ b/lib/meta-flow.c
@@ -2087,7 +2087,10 @@ mf_from_ofp_port_string(const struct mf_field *mf, const char *s,
    uint16_t port;

    assert(mf->n_bytes == sizeof(ovs_be16));
-    if (ofputil_port_from_string(s, &port)) {
+    if (*s == '-') {
+        return xasprintf("%s: negative values not supported for %s",
+                         s, mf->name);
+    } else if (ofputil_port_from_string(s, &port)) {
        *valuep = htons(port);
        *maskp = htons(UINT16_MAX);
        return NULL;