[ovs-dev] [patch v1] conntrack: Fix ICMPV4 error data L4 length check.

Vishal Deep Ajmera vishal.deep.ajmera at ericsson.com
Tue Aug 27 09:02:05 UTC 2019


Hi Darrell,

Thanks for the patch. When I applied the patch to latest master, 
I see that we take care of length check (< 8) only for ICMPv6 and 
not for ICMPv4. We need to do it for ICMPv4 as well.

Also, we are already using 'related' to skip or not to skip length check.

 * If 'related' is NULL, it means that we're already parsing a header nested
 * in an ICMP error.  In this case, we skip checksum and length validation.

However we continue to validate length in extract_l4_tcp (<8 or <20). 
I understand that check for minimum 8 bytes header is needed to make
sure we can extract tcp port numbers.

Can we instead try to converge all checks at one place and still take care 
of nested header? In my opinion it will simplify the code.

Warm Regards,
Vishal Ajmera


More information about the dev mailing list