ofagent: Fix a possible crash in arp responder

Be careful for exceptions when feeding packet-in data,
which is generated by tenant VMs and thus can not be trusted,
to Ryu packet library.

Closes-Bug: #1365255
Change-Id: Ia8bacfb55def563a1b23a47709ae72bd4fce0fce

diff --git a/neutron/plugins/ofagent/agent/arp_lib.py b/neutron/plugins/ofagent/agent/arp_lib.py
index c83e94352874e1bbed1238eb7fb634400b35ccf3..e97394dc2a325cebb65f9e2c68a35ed2cbdce939 100644 (file)
--- a/neutron/plugins/ofagent/agent/arp_lib.py
+++ b/neutron/plugins/ofagent/agent/arp_lib.py
@@ -143,7 +143,13 @@ class ArpLib(object):
         ofp = datapath.ofproto
         port = msg.match['in_port']
         metadata = msg.match.get('metadata')
-        pkt = packet.Packet(msg.data)
+        # NOTE(yamamoto): Ryu packet library can raise various exceptions
+        # on a corrupted packet.
+        try:
+            pkt = packet.Packet(msg.data)
+        except Exception as e:
+            LOG.info(_LI("Unparsable packet: got exception %s"), e)
+            return
         LOG.info(_LI("packet-in dpid %(dpid)s in_port %(port)s pkt %(pkt)s"),
                  {'dpid': dpid_lib.dpid_to_str(datapath.id),
                  'port': port, 'pkt': pkt})

diff --git a/neutron/tests/unit/ofagent/test_arp_lib.py b/neutron/tests/unit/ofagent/test_arp_lib.py
index a0b0dcdafc31a75800dc427739e37244576ef849..27dc8b28b95a3ba1491753021623047a0005d4ae 100644 (file)
--- a/neutron/tests/unit/ofagent/test_arp_lib.py
+++ b/neutron/tests/unit/ofagent/test_arp_lib.py
@@ -289,6 +289,11 @@ class TestArpLib(OFAAgentTestCase):
         self._fake_get_protocol_arp = False
         self._test_packet_in_handler_drop()
 
+    def test_packet_in_handler_corrupted(self):
+        mock.patch('ryu.lib.packet.packet.Packet',
+                   side_effect=ValueError).start()
+        self._test_packet_in_handler_drop()
+
     def test_packet_in_handler_unknown_network(self):
         self.arplib._arp_tbl = {
             self.nets[0].net: {self.nets[0].ip: self.nets[0].mac}}