summaryrefslogtreecommitdiff
path: root/Documentation/security
diff options
context:
space:
mode:
authorSimon Horman <horms@verge.net.au>2014-07-21 15:12:34 -0700
committerPravin B Shelar <pshelar@nicira.com>2014-07-24 09:37:21 -0700
commit651887b0c22cffcfce7eb9c29ee23ffb105bdb0b (patch)
tree61cd1dcb4c6f8a2a109d04c30b22a38bda09a428 /Documentation/security
parentf53e38317d581399eb67809d6b6b6c2c107db50c (diff)
openvswitch: Sample action without side effects
The sample action is rather generic, allowing arbitrary actions to be executed based on a probability. However its use, within the Open vSwitch code-base is limited: only a single user-space action is ever nested. A consequence of the current implementation of sample actions is that depending on weather the sample action executed (due to its probability) any side-effects of nested actions may or may not be present before executing subsequent actions. This has the potential to complicate verification of valid actions by the (kernel) datapath. And indeed adding support for push and pop MPLS actions inside sample actions is one case where such case. In order to allow all supported actions to be continue to be nested inside sample actions without the potential need for complex verification code this patch changes the implementation of the sample action in the kernel datapath so that sample actions are more like a function call and any side effects of nested actions are not present when executing subsequent actions. With the above in mind the motivation for this change is twofold: * To contain side-effects the sample action in the hope of making it easier to deal with in the future and; * To avoid some rather complex verification code introduced in the MPLS datapath patch. Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Diffstat (limited to 'Documentation/security')
0 files changed, 0 insertions, 0 deletions