ofp-ct: Return error for unknown property in CT flush.

CT flush extension would silently ignore unknown properties, which could lead to potential surprise by deleting more than it was requested to. Return error on unknown property instead to avoid this problem and at the same time inform the user that the specified property is not supported. Fixes: 08146bf ("openflow: Add extension to flush CT by generic match.") Signed-off-by: Ales Musil <amusil@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
openvswitch · Dec 4, 2023 · a34e306 · a34e306
1 parent 20022fb
commit a34e306
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/lib/ofp-ct.c b/lib/ofp-ct.c
@@ -31,6 +31,9 @@
 #include "openvswitch/ofp-prop.h"
 #include "openvswitch/ofp-util.h"
 #include "openvswitch/packets.h"
+#include "openvswitch/vlog.h"
+
+VLOG_DEFINE_THIS_MODULE(ofp_ct);
 
 static void
 ofp_ct_tuple_format(struct ds *ds, const struct ofp_ct_tuple *tuple,
@@ -286,6 +289,10 @@ ofp_ct_tuple_decode_nested(struct ofpbuf *property, struct ofp_ct_tuple *tuple,
         case NXT_CT_TUPLE_ICMP_CODE:
             error = ofpprop_parse_u8(&inner, &tuple->icmp_code);
             break;
+
+        default:
+            error = OFPPROP_UNKNOWN(false, "NXT_CT_TUPLE", type);
+            break;
         }
 
         if (error) {
@@ -377,6 +384,10 @@ ofp_ct_match_decode(struct ofp_ct_match *match, bool *with_zone,
             }
             error = ofpprop_parse_u16(&property, zone_id);
             break;
+
+        default:
+            error = OFPPROP_UNKNOWN(false, "NXT_CT_FLUSH", type);
+            break;
         }
 
         if (error) {

diff --git a/tests/ofp-print.at b/tests/ofp-print.at
@@ -4180,4 +4180,22 @@ AT_CHECK([ovs-ofctl ofp-print "\
 00 01 00 20 00 00 00 00 \
 00 00 00 14 00 00 00 00 00 00 00 00 00 00 ff ff 0a 0a 00 02 00 00 00 00 \
 " | grep -q OFPBPC_BAD_VALUE], [0])
+
+AT_CHECK([ovs-ofctl ofp-print "\
+01 04 00 20 00 00 00 03 00 00 23 20 00 00 00 20 \
+06 \
+00 00 00 00 00 00 00 \
+00 80 00 08 00 00 00 00 \
+"| grep -q OFPBPC_BAD_TYPE], [0], [ignore], [stderr])
+AT_CHECK([grep -q "unknown NXT_CT_FLUSH property type 128" stderr], [0])
+
+AT_CHECK([ovs-ofctl ofp-print "\
+01 04 00 28 00 00 00 03 00 00 23 20 00 00 00 20 \
+06 \
+00 00 00 00 00 00 00 \
+00 00 00 10 00 00 00 00 \
+00 80 00 08 00 50 00 00 \
+"| grep -q OFPBPC_BAD_TYPE], [0], [ignore], [stderr])
+AT_CHECK([grep -q "unknown NXT_CT_TUPLE property type 128" stderr], [0])
+
 AT_CLEANUP