[ovs-dev] [patch v6 2/3] conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'.
Ben Pfaff
blp at ovn.org
Fri Mar 15 22:58:32 UTC 2019
On Fri, Mar 15, 2019 at 03:01:19PM -0700, Darrell Ball wrote:
> When freeing 'UNNAT conns', lookup only 'UNNAT conns' to
> protect against possible address overlap with 'default
> conns' during a DOS attempt. This is very unlikely, but
> protection is simple.
>
> Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
> Signed-off-by: Darrell Ball <dlu998 at gmail.com>
> ---
>
> This patch is targeted for earlier releases as new RCU patches
> inherently don't have this race.
>
> Backport to 2.8.
Applied to master, 2.11, 2.10.
More information about the dev
mailing list