Commit 3661c068 authored by Daniele Di Proietto's avatar Daniele Di Proietto

bridge: Do not add bridges with '/' in name.

This effectively stops vswitchd from creating bridges with '/' in the
name. OVS used to print a warning but the bridge was created anyway.

This restriction is implemented because the bridge name is part of a
filesystem path.

This check is no substitute for Mandatory Access Control, but it
certainly helps to catch the error early.
Signed-off-by: default avatarDaniele Di Proietto <>
[ added a test]
Acked-by: default avatarBen Pfaff <>
parent 4034cac0
......@@ -153,3 +153,33 @@ AT_CHECK([sed -n "
dnl ----------------------------------------------------------------------
AT_SETUP([ovs-vswitchd - do not create sockets with unsafe names])
# On Unix systems, test for sockets with "test -S".
# On Windows systems, we simulate a socket with a regular file that contains
# a TCP port number, so use "test -f" there instead.
if test $IS_WIN32 = yes; then
# Create a bridge with an ordinary name and make sure that the management
# socket gets creatd.
AT_CHECK([ovs-vsctl add-br a -- set bridge a datapath-type=dummy])
AT_CHECK([test -$S a.mgmt])
# Create a bridge with an unsafe name and make sure that the management
# socket does not get created.
mkdir b
AT_CHECK([ovs-vsctl add-br b/c -- set bridge b/c datapath-type=dummy], [0],
[], [ovs-vsctl: Error detected while setting up 'b/c'. See ovs-vswitchd log for details.
AT_CHECK([test ! -e b/c.mgmt])
OVS_VSWITCHD_STOP(['/ignoring bridge with invalid name/d'])
......@@ -1671,6 +1671,7 @@ static void
add_del_bridges(const struct ovsrec_open_vswitch *cfg)
struct bridge *br, *next;
struct shash_node *node;
struct shash new_br;
size_t i;
......@@ -1701,8 +1702,8 @@ add_del_bridges(const struct ovsrec_open_vswitch *cfg)
/* Add new bridges. */
for (i = 0; i < cfg->n_bridges; i++) {
const struct ovsrec_bridge *br_cfg = cfg->bridges[i];
SHASH_FOR_EACH(node, &new_br) {
const struct ovsrec_bridge *br_cfg = node->data;
struct bridge *br = bridge_lookup(br_cfg->name);
if (!br) {
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment