ofagent: Fix a possible crash in arp responder
Be careful for exceptions when feeding packet-in data, which is generated by tenant VMs and thus can not be trusted, to Ryu packet library. Closes-Bug: #1365255 Change-Id: Ia8bacfb55def563a1b23a47709ae72bd4fce0fce
This commit is contained in:
parent
1f80d73277
commit
ab786890f2
@ -143,7 +143,13 @@ class ArpLib(object):
|
|||||||
ofp = datapath.ofproto
|
ofp = datapath.ofproto
|
||||||
port = msg.match['in_port']
|
port = msg.match['in_port']
|
||||||
metadata = msg.match.get('metadata')
|
metadata = msg.match.get('metadata')
|
||||||
pkt = packet.Packet(msg.data)
|
# NOTE(yamamoto): Ryu packet library can raise various exceptions
|
||||||
|
# on a corrupted packet.
|
||||||
|
try:
|
||||||
|
pkt = packet.Packet(msg.data)
|
||||||
|
except Exception as e:
|
||||||
|
LOG.info(_LI("Unparsable packet: got exception %s"), e)
|
||||||
|
return
|
||||||
LOG.info(_LI("packet-in dpid %(dpid)s in_port %(port)s pkt %(pkt)s"),
|
LOG.info(_LI("packet-in dpid %(dpid)s in_port %(port)s pkt %(pkt)s"),
|
||||||
{'dpid': dpid_lib.dpid_to_str(datapath.id),
|
{'dpid': dpid_lib.dpid_to_str(datapath.id),
|
||||||
'port': port, 'pkt': pkt})
|
'port': port, 'pkt': pkt})
|
||||||
|
@ -289,6 +289,11 @@ class TestArpLib(OFAAgentTestCase):
|
|||||||
self._fake_get_protocol_arp = False
|
self._fake_get_protocol_arp = False
|
||||||
self._test_packet_in_handler_drop()
|
self._test_packet_in_handler_drop()
|
||||||
|
|
||||||
|
def test_packet_in_handler_corrupted(self):
|
||||||
|
mock.patch('ryu.lib.packet.packet.Packet',
|
||||||
|
side_effect=ValueError).start()
|
||||||
|
self._test_packet_in_handler_drop()
|
||||||
|
|
||||||
def test_packet_in_handler_unknown_network(self):
|
def test_packet_in_handler_unknown_network(self):
|
||||||
self.arplib._arp_tbl = {
|
self.arplib._arp_tbl = {
|
||||||
self.nets[0].net: {self.nets[0].ip: self.nets[0].mac}}
|
self.nets[0].net: {self.nets[0].ip: self.nets[0].mac}}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user