[ovs-dev] [patch v1] conntrack: Fix icmp error address sanity check.

Darrell Ball dball at vmware.com
Tue Dec 12 02:13:31 UTC 2017


I sent a V2 here
https://patchwork.ozlabs.org/patch/847315/

an extra signoff had snuck into v1

Thanks Darrell

On 12/11/17, 5:22 PM, "Darrell Ball" <dball at vmware.com> wrote:

    Ben
    I sent a 2.7 patch here:
    
    https://patchwork.ozlabs.org/patch/847308/
    
    it should be applicable for 2.6 as well.
    
    Thanks Darrell
    
    
    On 12/11/17, 2:43 PM, "Ben Pfaff" <blp at ovn.org> wrote:
    
        OK, I made that change and applied it to branch-2.8.  It didn't apply
        cleanly to 2.7 or 2.6, can you look at that?
        
        On Mon, Dec 11, 2017 at 10:28:32PM +0000, Darrell Ball wrote:
        > Yes, it is Ben
        > 
        > Thanks Darrell
        > 
        > On 12/11/17, 2:27 PM, "Ben Pfaff" <blp at ovn.org> wrote:
        > 
        >     It fails to apply due to conflicts in system-traffic.at.  Is it safe to
        >     drop that change and apply the rest?
        >     
        >     On Mon, Dec 11, 2017 at 10:22:39PM +0000, Darrell Ball wrote:
        >     > Needs to go back to 2.6; at least the changes in lib/conntrack.c
        >     > 
        >     > Thanks Darrell
        >     > 
        >     > On 12/11/17, 2:20 PM, "ovs-dev-bounces at openvswitch.org on behalf of Ben Pfaff" <ovs-dev-bounces at openvswitch.org on behalf of blp at ovn.org> wrote:
        >     > 
        >     >     On Wed, Dec 06, 2017 at 06:04:20PM -0800, Darrell Ball wrote:
        >     >     > An address sanity check is done on icmp error packets to
        >     >     > check that the icmp error payload makes sense w.r.t. the
        >     >     > packet itself.
        >     >     > 
        >     >     > The sanity check was partially incorrect since it tried
        >     >     > to verify the source address of the error packet against the
        >     >     > original destination, which does not makes since the error
        >     >     > can be generated by any intermediate node.
        >     >     > 
        >     >     > Reported-by: wangzhike <wangzhike at jd.com>
        >     >     > Reported-at: https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_pipermail_ovs-2Ddev_2017-2DDecember_341609.html&d=DwICAg&c=uilaK90D4TOVoH58JNXRgQ&r=BVhFA09CGX7JQ5Ih-uZnsw&m=C2QYD5JosF5j-X3I7nmikMajbKHF9WqhgGQZdigkYP8&s=1wKg_9t4kVTzgXsNG4PwRgPDVzKsu1POFWnH6x-eX-U&e=
        >     >     > Fixes: a489b1685 ("conntrack: New userspace connection tracker.")
        >     >     > CC: Daniele Di Proietto <diproiettod at vmware.com>
        >     >     > Signed-off-by: Darrell Ball <dlu998 at gmail.com>
        >     >     > Signed-off-by: wangzhike <wangzhike at jd.com>
        >     >     > Co-authored-by: wangzhike <wangzhike at jd.com>
        >     >     
        >     >     Thanks Darrell and wangzhike, I applied this to master.
        >     >     
        >     >     Let me know if this or the other series I recently applied needs
        >     >     backporting.
        >     >     _______________________________________________
        >     >     dev mailing list
        >     >     dev at openvswitch.org
        >     >     https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddev&d=DwICAg&c=uilaK90D4TOVoH58JNXRgQ&r=BVhFA09CGX7JQ5Ih-uZnsw&m=C2QYD5JosF5j-X3I7nmikMajbKHF9WqhgGQZdigkYP8&s=DzvbErqrp1sqYj50u5y8oMwBgVZVFjUdhRitCukx98c&e=
        >     >     
        >     > 
        >     
        > 
        
    
    



More information about the dev mailing list