[ovs-dev] [patch v1] conntrack: Fix ICMPV4 error data L4 length check.

Vishal Deep Ajmera vishal.deep.ajmera at ericsson.com
Wed Aug 28 08:43:08 UTC 2019

That is interesting
i just tried applying on top of tree and I see that the git applies some changes (2 lines)
in extract_l4_icmp6() rather the intended extract_l4_icmp() as in the patch I sent out.
My guess is that the surrounding lines are identical in the 2 functions and I had other
patches in the same branch shifting the patch downward, hence git applied the changes
to extract_l4_icmp6() rather than extract_l4_icmp()

I'll make the changes on a clean branch and resend.

Thanks. I applied this patch and looks ok to me.

JTBC, the 8 byte ICMP error data L4 length restriction is only for V4.
ICMP6 does not have this restriction; see https://tools.ietf.org/html/rfc4443

In my opinion, we should limit the check to < 8 bytes even in case of ICMPv6 as that is all
is required from the TCP header to extract port numbers and aligns it with ICMPv4.
Specially because RFC is not mandating minimum size for L4 header in case of ICMPv6.

More information about the dev mailing list