SunnyQjm/openflow
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Safety checks for ARP packets

Browse Source 
Verify that ARP packets are for IP and that the protocol length is 4
before extracting source/destination IP addresses.
This commit is contained in:
Glen Gibb
2009-11-10 13:39:56 -08:00
parent b011d58f5d
commit bc2026689b
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/flow.c
+4 -2
View File
@@ -211,8 +211,10 @@ flow_extract(struct ofpbuf *packet, uint16_t in_port, struct flow *flow)
} else if (flow->dl_type == htons(ETH_TYPE_ARP)) {
const struct arp_eth_header *arp = pull_arp(&b);
if (arp) {
flow->nw_src = arp->ar_spa;
flow->nw_dst = arp->ar_tpa;
if (arp->ar_pro == htons(ARP_PRO_IP) && arp->ar_pln == IP_ADDR_LEN) {
flow->nw_src = arp->ar_spa;
flow->nw_dst = arp->ar_tpa;
}
flow->nw_proto = ntohs(arp->ar_op) && 0xff;
}
}
lib/packets.h
+2
View File
@@ -200,6 +200,8 @@ BUILD_ASSERT_DECL(VLAN_ETH_HEADER_LEN == sizeof(struct vlan_eth_header));
#define IP_IS_FRAGMENT(ip_frag_off) \
((ip_frag_off) & htons(IP_MORE_FRAGMENTS | IP_FRAG_OFF_MASK))
#define IP_ADDR_LEN 4
#define IP_HEADER_LEN 20
struct ip_header {
uint8_t ip_ihl_ver;