All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 3661c068 authored by Daniele Di Proietto's avatar Daniele Di Proietto

bridge: Do not add bridges with '/' in name.

This effectively stops vswitchd from creating bridges with '/' in the
name. OVS used to print a warning but the bridge was created anyway.

This restriction is implemented because the bridge name is part of a
filesystem path.

This check is no substitute for Mandatory Access Control, but it
certainly helps to catch the error early.
Signed-off-by: default avatarDaniele Di Proietto <diproiettod@vmware.com>
[blp@ovn.org added a test]
Acked-by: default avatarBen Pfaff <blp@ovn.org>
parent 4034cac0
...@@ -153,3 +153,33 @@ AT_CHECK([sed -n " ...@@ -153,3 +153,33 @@ AT_CHECK([sed -n "
]) ])
AT_CLEANUP AT_CLEANUP
dnl ----------------------------------------------------------------------
AT_SETUP([ovs-vswitchd - do not create sockets with unsafe names])
OVS_VSWITCHD_START
# On Unix systems, test for sockets with "test -S".
#
# On Windows systems, we simulate a socket with a regular file that contains
# a TCP port number, so use "test -f" there instead.
if test $IS_WIN32 = yes; then
S=f
else
S=S
fi
# Create a bridge with an ordinary name and make sure that the management
# socket gets creatd.
AT_CHECK([ovs-vsctl add-br a -- set bridge a datapath-type=dummy])
AT_CHECK([test -$S a.mgmt])
# Create a bridge with an unsafe name and make sure that the management
# socket does not get created.
mkdir b
AT_CHECK([ovs-vsctl add-br b/c -- set bridge b/c datapath-type=dummy], [0],
[], [ovs-vsctl: Error detected while setting up 'b/c'. See ovs-vswitchd log for details.
])
AT_CHECK([test ! -e b/c.mgmt])
OVS_VSWITCHD_STOP(['/ignoring bridge with invalid name/d'])
AT_CLEANUP
...@@ -1671,6 +1671,7 @@ static void ...@@ -1671,6 +1671,7 @@ static void
add_del_bridges(const struct ovsrec_open_vswitch *cfg) add_del_bridges(const struct ovsrec_open_vswitch *cfg)
{ {
struct bridge *br, *next; struct bridge *br, *next;
struct shash_node *node;
struct shash new_br; struct shash new_br;
size_t i; size_t i;
...@@ -1701,8 +1702,8 @@ add_del_bridges(const struct ovsrec_open_vswitch *cfg) ...@@ -1701,8 +1702,8 @@ add_del_bridges(const struct ovsrec_open_vswitch *cfg)
} }
/* Add new bridges. */ /* Add new bridges. */
for (i = 0; i < cfg->n_bridges; i++) { SHASH_FOR_EACH(node, &new_br) {
const struct ovsrec_bridge *br_cfg = cfg->bridges[i]; const struct ovsrec_bridge *br_cfg = node->data;
struct bridge *br = bridge_lookup(br_cfg->name); struct bridge *br = bridge_lookup(br_cfg->name);
if (!br) { if (!br) {
bridge_create(br_cfg); bridge_create(br_cfg);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment