From patchwork Mon Sep 30 20:50:34 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paolo Valerio <pvalerio@redhat.com>
X-Patchwork-Id: 1991197
X-Patchwork-Delegate: aconole@redhat.com
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=AkH7sOkp;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4XHYCF4kjkz1xsv
	for <incoming@patchwork.ozlabs.org>; Tue,  1 Oct 2024 06:51:37 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp3.osuosl.org (Postfix) with ESMTP id 9B9786079F;
	Mon, 30 Sep 2024 20:51:35 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id 7ngJQu_ptDc9; Mon, 30 Sep 2024 20:51:32 +0000 (UTC)
X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56;
 helo=lists.linuxfoundation.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 5472760767
Authentication-Results: smtp3.osuosl.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=AkH7sOkp
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by smtp3.osuosl.org (Postfix) with ESMTPS id 5472760767;
	Mon, 30 Sep 2024 20:51:30 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 823B7C0894;
	Mon, 30 Sep 2024 20:51:30 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 0B188C002B
 for <ovs-dev@openvswitch.org>; Mon, 30 Sep 2024 20:51:28 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp1.osuosl.org (Postfix) with ESMTP id F0EC5802CC
 for <ovs-dev@openvswitch.org>; Mon, 30 Sep 2024 20:51:25 +0000 (UTC)
X-Virus-Scanned: amavis at osuosl.org
Received: from smtp1.osuosl.org ([127.0.0.1])
 by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id oA_me5jbSL2j for <ovs-dev@openvswitch.org>;
 Mon, 30 Sep 2024 20:51:25 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124;
 helo=us-smtp-delivery-124.mimecast.com; envelope-from=pvalerio@redhat.com;
 receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 000C980AB6
Authentication-Results: smtp1.osuosl.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 000C980AB6
Authentication-Results: smtp1.osuosl.org;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.a=rsa-sha256 header.s=mimecast20190719 header.b=AkH7sOkp
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by smtp1.osuosl.org (Postfix) with ESMTPS id 000C980AB6
 for <ovs-dev@openvswitch.org>; Mon, 30 Sep 2024 20:51:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1727729483;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=17qnUoQyMYZkX3gCPBj7d3ZIcGpCgwjuI/FZFb0+1ms=;
 b=AkH7sOkpqr9zIZq3T+Nv6gYRuWGOps0W6VdoDTeLp7zpaXcCFVcMng++C9kthLSTp9QzFa
 0a7yahu6N/Z28ydRnt4pzxgiIMsgY6UnJl3kOqClAVZhv6du9z98Jaj+S1UXLIofdNBEWV
 65F0kiP+n1u3a2dEQ1kcPO9Iq1djNSE=
Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com
 [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-331-1q7xJb0QNGuk2cEXOgIIgA-1; Mon, 30 Sep 2024 16:51:22 -0400
X-MC-Unique: 1q7xJb0QNGuk2cEXOgIIgA-1
Received: by mail-wm1-f71.google.com with SMTP id
 5b1f17b1804b1-42e77b5d3dcso31673485e9.1
 for <ovs-dev@openvswitch.org>; Mon, 30 Sep 2024 13:51:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1727729480; x=1728334280;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=17qnUoQyMYZkX3gCPBj7d3ZIcGpCgwjuI/FZFb0+1ms=;
 b=k0k90ijqHKfuLM0VBYcRfPqG0kz50au3+RFND2dlxTK2eePw6o8cVsBOJ1JJ93kgGv
 RocmWn1vL+F5LgSfnufvPU+5gesFw/HDkMehCKy9suwoHGuQxV5mmgk/aHdGoQANQcgS
 w4o9qdBUS8/a6uheT5HhVCmeZQiu3aDu+4ziQPcC4ifvlI2VJcD8SNsLjgiOixQ6NBU5
 iZrngbPNGMpmvGkusBaCeP0GErUhpmottIPj3nT/U/gsFxqQM1rnBjy5zcfja9fheEU3
 XmLpXNZQV/0XJUos+dUQp79Y1PNiKkFy3Bzt2JwOCULq89b4k6S9lmiBCOTXy6HhK2PJ
 qcpQ==
X-Gm-Message-State: AOJu0YzAcSq5HoL/GCbPnEd6Gu0nwmqa5F5bHigSY8VLuanBLkebyDOq
 t632IDyzcwj0ksGDQoS4fcNfpx7iaATEufHJmDr5ov3fcTZsmy/cPMq57GdFxU0uObj3/aGxuOU
 fWIGalZuULfUVYjrhXRiEHOyBrxsYEgqof+/LJcLTLG5Crhw1NBtW05r1Z0703RqMABYjdywdDx
 2aTXzDyAaonJcudTujKQLuGPCIdHnZIZkUQhRxoO4=
X-Received: by 2002:a05:600c:4751:b0:42c:bf94:f9a6 with SMTP id
 5b1f17b1804b1-42f58485d75mr94529355e9.26.1727729480217;
 Mon, 30 Sep 2024 13:51:20 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IE9thUoHZ9XRW+hxFOmEvvg4d9MU2VNd2+v25ZfuXAy3ZW+TECsCOTvGL0T6eNMJol/FR1CnA==
X-Received: by 2002:a05:600c:4751:b0:42c:bf94:f9a6 with SMTP id
 5b1f17b1804b1-42f58485d75mr94529235e9.26.1727729479673;
 Mon, 30 Sep 2024 13:51:19 -0700 (PDT)
Received: from localhost (net-188-216-80-179.cust.vodafonedsl.it.
 [188.216.80.179]) by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-42e969f23d5sm166123785e9.13.2024.09.30.13.51.18
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 30 Sep 2024 13:51:19 -0700 (PDT)
From: Paolo Valerio <pvalerio@redhat.com>
To: ovs-dev@openvswitch.org
Date: Mon, 30 Sep 2024 22:50:34 +0200
Message-ID: <20240930205034.65484-6-pvalerio@redhat.com>
X-Mailer: git-send-email 2.46.1
In-Reply-To: <20240930205034.65484-1-pvalerio@redhat.com>
References: <20240930205034.65484-1-pvalerio@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Subject: [ovs-dev] [PATCH v2 6/6] dpctl: Do not allow out of range values in
 ct-set-limits.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

The ovs_scan() doesn't enforce in-range values and so
lsbits are stored in case of out-of-range or negative values.

This way negative or values greater than MAX_UINT32 for "default" are
all accepted in dpctl_ct_set_limits(), but they will eventually be
casted to uint32_t, whereas for zones all the values above are
considered invalid.

Align their behaviors and extend the tests for checking values out of
the range.

Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
---
 lib/dpctl.c             |  5 +++--
 tests/system-traffic.at | 42 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/lib/dpctl.c b/lib/dpctl.c
index 77bf4bf53..2a700f24a 100644
--- a/lib/dpctl.c
+++ b/lib/dpctl.c
@@ -2169,8 +2169,8 @@ dpctl_ct_set_limits(int argc, const char *argv[],
     struct ovs_list zone_limits = OVS_LIST_INITIALIZER(&zone_limits);
     int i =  dp_arg_exists(argc, argv) ? 2 : 1;
     struct ds ds = DS_EMPTY_INITIALIZER;
+    unsigned long long default_limit;
     struct dpif *dpif = NULL;
-    uint32_t default_limit;
     int error;
 
     if (i >= argc) {
@@ -2186,7 +2186,8 @@ dpctl_ct_set_limits(int argc, const char *argv[],
 
     /* Parse default limit */
     if (!strncmp(argv[i], "default=", 8)) {
-        if (ovs_scan(argv[i], "default=%"SCNu32, &default_limit)) {
+        if (str_to_ullong(argv[i] + 8, 10, &default_limit) &&
+            default_limit <= UINT32_MAX) {
             ct_dpif_push_zone_limit(&zone_limits, OVS_ZONE_LIMIT_DEFAULT_ZONE,
                                     default_limit, 0);
             i++;
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index fe115d92b..bcb08b0e8 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -5686,12 +5686,54 @@ priority=100,in_port=2,udp,action=ct(zone=3,commit),1
 
 AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
 
+dnl Test values out of range for the default limit.
+dnl Try to set a negative value.
+AT_CHECK([ovs-appctl dpctl/ct-set-limits default=-1], [2], [ignore], [dnl
+ovs-vswitchd: invalid default limit (Invalid argument)
+ovs-appctl: ovs-vswitchd: server returned an error
+])
+
+dnl Try to set UINT32_MAX.
+AT_CHECK([ovs-appctl dpctl/ct-set-limits default=4294967296], [2], [ignore], [dnl
+ovs-vswitchd: invalid default limit (Invalid argument)
+ovs-appctl: ovs-vswitchd: server returned an error
+])
+
+dnl Same range checks for zones.
+AT_CHECK([ovs-appctl dpctl/ct-set-limits zone=1,limit=-1], [2], [ignore], [dnl
+ovs-vswitchd: failed to parse field limit (Invalid argument)
+ovs-appctl: ovs-vswitchd: server returned an error
+])
+
+AT_CHECK([ovs-appctl dpctl/ct-set-limits zone=1,limit=4294967296], [2], [ignore], [dnl
+ovs-vswitchd: failed to parse field limit (Invalid argument)
+ovs-appctl: ovs-vswitchd: server returned an error
+])
+
+dnl Double check no limits have been applied.
+AT_CHECK([ovs-appctl dpctl/ct-get-limits], [],[dnl
+default limit=0
+])
+
 m4_define([UDP_PKT], [m4_join([,],
   [eth_src=50:54:00:00:00:0$1,eth_dst=50:54:00:00:00:0$2,dl_type=0x0800],
   [nw_src=10.1.1.$1,nw_dst=10.1.1.$2],
   [nw_proto=17,nw_ttl=64,nw_frag=no],
   [udp_src=1,udp_dst=$3])])
 
+AT_CHECK([ovs-appctl dpctl/ct-set-limits zone=1,limit=0])
+pkt=$(ovs-ofctl compose-packet --bare "UDP_PKT([1], [2], [2])")
+AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=${pkt} actions=resubmit(,0)"])
+
+dnl Double check the zl entry exists but no connection was added.
+AT_CHECK([ovs-appctl dpctl/ct-get-limits], [],[dnl
+default limit=0
+zone=1,limit=0,count=0
+])
+
+dnl Remove limit for zone=1.
+AT_CHECK([ovs-appctl dpctl/ct-del-limits zone=1])
+
 AT_CHECK([ovs-appctl dpctl/ct-set-limits default=3])
 AT_CHECK([ovs-appctl dpctl/ct-get-limits], [],[dnl
 default limit=3