[ovs-dev] [patch v1] conntrack: Fix icmp error address sanity check.

Ben Pfaff blp at ovn.org
Mon Dec 11 22:27:20 UTC 2017 

It fails to apply due to conflicts in system-traffic.at.  Is it safe to
drop that change and apply the rest?

On Mon, Dec 11, 2017 at 10:22:39PM +0000, Darrell Ball wrote:
> Needs to go back to 2.6; at least the changes in lib/conntrack.c
> 
> Thanks Darrell
> 
> On 12/11/17, 2:20 PM, "ovs-dev-bounces at openvswitch.org on behalf of Ben Pfaff" <ovs-dev-bounces at openvswitch.org on behalf of blp at ovn.org> wrote:
> 
>     On Wed, Dec 06, 2017 at 06:04:20PM -0800, Darrell Ball wrote:
>     > An address sanity check is done on icmp error packets to
>     > check that the icmp error payload makes sense w.r.t. the
>     > packet itself.
>     > 
>     > The sanity check was partially incorrect since it tried
>     > to verify the source address of the error packet against the
>     > original destination, which does not makes since the error
>     > can be generated by any intermediate node.
>     > 
>     > Reported-by: wangzhike <wangzhike at jd.com>
>     > Reported-at: https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_pipermail_ovs-2Ddev_2017-2DDecember_341609.html&d=DwICAg&c=uilaK90D4TOVoH58JNXRgQ&r=BVhFA09CGX7JQ5Ih-uZnsw&m=C2QYD5JosF5j-X3I7nmikMajbKHF9WqhgGQZdigkYP8&s=1wKg_9t4kVTzgXsNG4PwRgPDVzKsu1POFWnH6x-eX-U&e=
>     > Fixes: a489b1685 ("conntrack: New userspace connection tracker.")
>     > CC: Daniele Di Proietto <diproiettod at vmware.com>
>     > Signed-off-by: Darrell Ball <dlu998 at gmail.com>
>     > Signed-off-by: wangzhike <wangzhike at jd.com>
>     > Co-authored-by: wangzhike <wangzhike at jd.com>
>     
>     Thanks Darrell and wangzhike, I applied this to master.
>     
>     Let me know if this or the other series I recently applied needs
>     backporting.
>     _______________________________________________
>     dev mailing list
>     dev at openvswitch.org
>     https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddev&d=DwICAg&c=uilaK90D4TOVoH58JNXRgQ&r=BVhFA09CGX7JQ5Ih-uZnsw&m=C2QYD5JosF5j-X3I7nmikMajbKHF9WqhgGQZdigkYP8&s=DzvbErqrp1sqYj50u5y8oMwBgVZVFjUdhRitCukx98c&e=
>     
>

More information about the dev mailing list