ofp-actions: enforce valid range for table_id in goto_table instruction

Found a bug that OVS allows goto_table_id to be smaller than (or equal to) the current table id where the flow resides. It potentially creates an infinite loop when composing actions for a packet. To fix it, we just let OVS returns an error message to prevent such flow to be programmed. Signed-off-by: Jing Ai <jinga@google.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
2025-08-31 06:15:47 +00:00 · 2013-06-05 13:18:09 -07:00
parent 084c3bb434
commit bff7eeb648
6 changed files with 29 additions and 6 deletions
--- a/lib/ofp-util.c
+++ b/lib/ofp-util.c
@@ -1502,7 +1502,8 @@ ofputil_decode_flow_mod(struct ofputil_flow_mod *fm,
            return error;
        }

-        error = ofpacts_pull_openflow11_instructions(&b, b.size, ofpacts);
+        error = ofpacts_pull_openflow11_instructions(&b, b.size, ofm->table_id,
+                                                     ofpacts);
        if (error) {
            return error;
        }
@@ -2014,7 +2015,8 @@ ofputil_decode_flow_stats_reply(struct ofputil_flow_stats *fs,
        }

        if (ofpacts_pull_openflow11_instructions(msg, length - sizeof *ofs -
-                                                 padded_match_len, ofpacts)) {
+                                                 padded_match_len,
+                                                 ofs->table_id, ofpacts)) {
            VLOG_WARN_RL(&bad_ofmsg_rl, "OFPST_FLOW reply bad instructions");
            return EINVAL;
        }