-
Notifications
You must be signed in to change notification settings - Fork 4
P4 Specification Notes
According to the spec, reading a value from an uninitialized header results in an unspecified value. This does not seem like a good failure mechanism. Oops, we assigned a VLAN tag based on an undefined header value, and now we're leaking traffic from a protected network onto an unprotected one. Generally speaking, this presents the opportunity to fail open. It also means that an attacker can craft packets designed to induce uninitialized header access leading to fail-open scenarios. It seems like reading an uninitialized header value should cause a pipeline to abort processing the packet, effectively dropping it. Granted, this could lead to forms of DoS attacks, but that seems better than the unbounded behavior that results from unspecified values propagating through pipeline logic.
Related discussions