From 33db4125ec745426c3483d6817d8f7ea5324cd05 Mon Sep 17 00:00:00 2001 From: Joe Stringer Date: Thu, 1 Oct 2015 15:00:37 -0700 Subject: openvswitch: Rename LABEL->LABELS Conntrack LABELS (plural) are exposed by conntrack; rename the OVS name for these to be consistent with conntrack. Fixes: c2ac667 "openvswitch: Allow matching on conntrack label" Signed-off-by: Joe Stringer Acked-by: Pravin B Shelar Signed-off-by: David S. Miller --- net/openvswitch/actions.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net/openvswitch/actions.c') diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c index 315f5330b6e5..e23a61cc3d5c 100644 --- a/net/openvswitch/actions.c +++ b/net/openvswitch/actions.c @@ -968,7 +968,7 @@ static int execute_masked_set_action(struct sk_buff *skb, case OVS_KEY_ATTR_CT_STATE: case OVS_KEY_ATTR_CT_ZONE: case OVS_KEY_ATTR_CT_MARK: - case OVS_KEY_ATTR_CT_LABEL: + case OVS_KEY_ATTR_CT_LABELS: err = -EINVAL; break; } -- cgit v1.2.1 From b8f2257069f179c7bdedc9501c1623070c4c37bb Mon Sep 17 00:00:00 2001 From: Joe Stringer Date: Tue, 6 Oct 2015 10:59:57 -0700 Subject: openvswitch: Fix skb leak in ovs_fragment() If ovs_fragment() was unable to fragment the skb due to an L2 header that exceeds the supported length, skbs would be leaked. Fix the bug. Fixes: 7f8a436eaa2c "openvswitch: Add conntrack action" Signed-off-by: Joe Stringer Acked-by: Pravin B Shelar Signed-off-by: David S. Miller --- net/openvswitch/actions.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'net/openvswitch/actions.c') diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c index e23a61cc3d5c..4cb93f92d6be 100644 --- a/net/openvswitch/actions.c +++ b/net/openvswitch/actions.c @@ -684,7 +684,7 @@ static void ovs_fragment(struct vport *vport, struct sk_buff *skb, u16 mru, { if (skb_network_offset(skb) > MAX_L2_LEN) { OVS_NLERR(1, "L2 header too long to fragment"); - return; + goto err; } if (ethertype == htons(ETH_P_IP)) { @@ -708,8 +708,7 @@ static void ovs_fragment(struct vport *vport, struct sk_buff *skb, u16 mru, struct rt6_info ovs_rt; if (!v6ops) { - kfree_skb(skb); - return; + goto err; } prepare_frag(vport, skb); @@ -728,8 +727,12 @@ static void ovs_fragment(struct vport *vport, struct sk_buff *skb, u16 mru, WARN_ONCE(1, "Failed fragment ->%s: eth=%04x, MRU=%d, MTU=%d.", ovs_vport_name(vport), ntohs(ethertype), mru, vport->dev->mtu); - kfree_skb(skb); + goto err; } + + return; +err: + kfree_skb(skb); } static void do_output(struct datapath *dp, struct sk_buff *skb, int out_port, -- cgit v1.2.1 From ec0d043d05e6e3c0c2fac5de922c800c027c6386 Mon Sep 17 00:00:00 2001 From: Joe Stringer Date: Tue, 6 Oct 2015 10:59:58 -0700 Subject: openvswitch: Ensure flow is valid before executing ct The ct action uses parts of the flow key, so we need to ensure that it is valid before executing that action. Fixes: 7f8a436eaa2c "openvswitch: Add conntrack action" Signed-off-by: Joe Stringer Acked-by: Pravin B Shelar Signed-off-by: David S. Miller --- net/openvswitch/actions.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'net/openvswitch/actions.c') diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c index 4cb93f92d6be..c6a39bf2c3b9 100644 --- a/net/openvswitch/actions.c +++ b/net/openvswitch/actions.c @@ -1102,6 +1102,12 @@ static int do_execute_actions(struct datapath *dp, struct sk_buff *skb, break; case OVS_ACTION_ATTR_CT: + if (!is_flow_key_valid(key)) { + err = ovs_flow_key_update(skb, key); + if (err) + return err; + } + err = ovs_ct_execute(ovs_dp_get_net(dp), skb, key, nla_data(a)); -- cgit v1.2.1