[ovs-dev] 答复: [PATCH] conntrack: check the result of extract_l3_ipv4/6

Li,Rongqing lirongqing at baidu.com
Thu Aug 22 05:28:37 UTC 2019



发件人: Darrell Ball [mailto:dlu998 at gmail.com]
发送时间: 2019年8月22日 9:00
收件人: Ben Pfaff <blp at ovn.org>
抄送: Li,Rongqing <lirongqing at baidu.com>; ovs-dev at openvswitch.org
主题: Re: [ovs-dev] [PATCH] conntrack: check the result of extract_l3_ipv4/6



On Wed, Aug 21, 2019 at 3:13 PM Ben Pfaff <blp at ovn.org<mailto:blp at ovn.org>> wrote:
On Mon, Aug 19, 2019 at 08:35:11AM -0700, Darrell Ball wrote:
> Thanks for the patch
>
> On Sun, Aug 18, 2019 at 11:01 PM Li RongQing <lirongqing at baidu.com<mailto:lirongqing at baidu.com>> wrote:
>
> > the result of extract_l3_ipv4/6 should be checked in reverse_nat_packet
> > when it is false, meaning this packet is wrong, should not do handle it
> > continually
> >
> > Signed-off-by: Li RongQing <lirongqing at baidu.com<mailto:lirongqing at baidu.com>>
> > ---
> >  lib/conntrack.c | 17 +++++++++++++++--
> >  1 file changed, 15 insertions(+), 2 deletions(-)
> >
> > diff --git a/lib/conntrack.c b/lib/conntrack.c
> > index 5f60fea18..c26d5438c 100644
> > --- a/lib/conntrack.c
> > +++ b/lib/conntrack.c
> > @@ -695,11 +695,18 @@ reverse_nat_packet(struct dp_packet *pkt, const
> > struct conn *conn)
> >      uint16_t orig_l4_ofs = pkt->l4_ofs;
> >
> >      if (conn->key.dl_type == htons(ETH_TYPE_IP)) {
> > +        bool ok;
> >          struct ip_header *nh = dp_packet_l3(pkt);
> >          struct icmp_header *icmp = dp_packet_l4(pkt);
> >          struct ip_header *inner_l3 = (struct ip_header *) (icmp + 1);
> > -        extract_l3_ipv4(&inner_key, inner_l3, tail - ((char *)inner_l3) -
> > pad,
> >
>
> There is intentionally no checking for success/fail here bcoz the packet
> has already
> been parsed and found to be ok during conn_key_extract() code path. Reusing
> the
> same api here is just convenient.

Maybe a comment would be warranted to make that clear.

that's reasonable; maybe RongQing would like to submit a patch ?


Ball:


I like you finish it, since you are more clear this codes.

Thanks

-RongQing


More information about the dev mailing list