On Tue, Dec 10, 2019 at 09:05:58AM -0500, Michael S. Tsirkin wrote: > On Fri, Dec 06, 2019 at 03:39:12PM +0100, Stefano Garzarella wrote: > > When we receive a new packet from the guest, we check if the > > src_cid is correct, but we forgot to check the dst_cid. > > > > The host should accept only packets where dst_cid is > > equal to the host CID. > > > > Signed-off-by: Stefano Garzarella <sgarzare@xxxxxxxxxx> > > what's the implication of processing incorrect dst cid? > I think mostly it's malformed guests, right? Exaclty, as for the src_cid. In both cases the packet may be delivered to the wrong socket in the host, because in the virtio_transport_recv_pkt() we are using the src_cid and dst_cid to look for the socket where to queue the packet. > Everyone else just passes the known host cid ... Yes, good guests should do it, and we do it :-) Thanks, Stefano
