[ovs-dev] [patch v1] conntrack: Fix icmp error address sanity check.
Ben Pfaff
blp at ovn.org
Mon Dec 11 22:27:20 UTC 2017
It fails to apply due to conflicts in system-traffic.at. Is it safe to
drop that change and apply the rest?
On Mon, Dec 11, 2017 at 10:22:39PM +0000, Darrell Ball wrote:
> Needs to go back to 2.6; at least the changes in lib/conntrack.c
>
> Thanks Darrell
>
> On 12/11/17, 2:20 PM, "ovs-dev-bounces at openvswitch.org on behalf of Ben Pfaff" <ovs-dev-bounces at openvswitch.org on behalf of blp at ovn.org> wrote:
>
> On Wed, Dec 06, 2017 at 06:04:20PM -0800, Darrell Ball wrote:
> > An address sanity check is done on icmp error packets to
> > check that the icmp error payload makes sense w.r.t. the
> > packet itself.
> >
> > The sanity check was partially incorrect since it tried
> > to verify the source address of the error packet against the
> > original destination, which does not makes since the error
> > can be generated by any intermediate node.
> >
> > Reported-by: wangzhike <wangzhike at jd.com>
> > Reported-at: https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_pipermail_ovs-2Ddev_2017-2DDecember_341609.html&d=DwICAg&c=uilaK90D4TOVoH58JNXRgQ&r=BVhFA09CGX7JQ5Ih-uZnsw&m=C2QYD5JosF5j-X3I7nmikMajbKHF9WqhgGQZdigkYP8&s=1wKg_9t4kVTzgXsNG4PwRgPDVzKsu1POFWnH6x-eX-U&e=
> > Fixes: a489b1685 ("conntrack: New userspace connection tracker.")
> > CC: Daniele Di Proietto <diproiettod at vmware.com>
> > Signed-off-by: Darrell Ball <dlu998 at gmail.com>
> > Signed-off-by: wangzhike <wangzhike at jd.com>
> > Co-authored-by: wangzhike <wangzhike at jd.com>
>
> Thanks Darrell and wangzhike, I applied this to master.
>
> Let me know if this or the other series I recently applied needs
> backporting.
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddev&d=DwICAg&c=uilaK90D4TOVoH58JNXRgQ&r=BVhFA09CGX7JQ5Ih-uZnsw&m=C2QYD5JosF5j-X3I7nmikMajbKHF9WqhgGQZdigkYP8&s=DzvbErqrp1sqYj50u5y8oMwBgVZVFjUdhRitCukx98c&e=
>
>
More information about the dev
mailing list