tunnel: Validate IP header for userspace tunneling.
Currently, when doing userspace tunneling we don't perform much in
the way of integrity checks on the incoming IP header. The case of
tunneling is different from the usual case of switching since we are
acting as the endpoint here and should not allow invalid packets to
pass.
This adds checks for IP checksum, version, total length, and options and
drops packets that don't pass.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
projects / cascardo / ovs.git / commit