[ovs-dev] [patch v2] conntrack: Fix ICMPv4 error data L4 length check.

Darrell Ball dlu998 at gmail.com
Thu Aug 29 16:56:26 UTC 2019


On Thu, Aug 29, 2019 at 7:37 AM Ben Pfaff <blp at ovn.org> wrote:

> On Tue, Aug 27, 2019 at 04:59:02PM -0700, Darrell Ball wrote:
> > The ICMPv4 error data L4 length check was found to be too strict for TCP,
> > expecting a minimum of 20 rather than 8 bytes.  This worked by
> > hapenstance for other inner protocols.  The approach is to explicitly
> > handle the ICMPv4 error data L4 length check and to do this for all
> > supported inner protocols in the same way.  Making the code common
> > between protocols also allows the existing ICMPv4 related UDP tests to
> > cover TCP and ICMP inner protocol cases.
> > Note that ICMPv6 does not have an 8 byte limit for error L4 data.
> >
> > Fixes: a489b16854b5 ("conntrack: New userspace connection tracker.")
> > CC: Daniele Di Proietto <diproiettod at ovn.org>
> > Reported-at:
> https://mail.openvswitch.org/pipermail/ovs-dev/2019-August/361949.html
> > Reported-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
> > Signed-off-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
> > Co-authored-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
> > Signed-off-by: Darrell Ball <dlu998 at gmail.com>
>
> Thanks, applied to master and branch-2.12.
>

Thanks
This is eligible to go back to 2.6; it should apply cleanly back to 2.9; I
can look into the remaining ones,
unless Vishal would like to do those.


More information about the dev mailing list