[ovs-dev] [PATCH branch-2.6 v2] conntrack: Fix ICMPv4 error data L4 length check.

Ben Pfaff blp at ovn.org
Mon Sep 30 20:33:21 UTC 2019


On Sun, Sep 29, 2019 at 04:11:27PM +0530, Vishal Deep Ajmera via dev wrote:
> From: Darrell Ball <dlu998 at gmail.com>
> 
> The ICMPv4 error data L4 length check was found to be too strict for TCP,
> expecting a minimum of 20 rather than 8 bytes.  This worked by
> hapenstance for other inner protocols.  The approach is to explicitly
> handle the ICMPv4 error data L4 length check and to do this for all
> supported inner protocols in the same way.  Making the code common
> between protocols also allows the existing ICMPv4 related UDP tests to
> cover TCP and ICMP inner protocol cases.
> Note that ICMPv6 does not have an 8 byte limit for error L4 data.
> 
> Fixes: a489b16854b5 ("conntrack: New userspace connection tracker.")
> CC: Daniele Di Proietto <diproiettod at ovn.org>
> Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2019-August/361949.html
> Reported-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
> Signed-off-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
> Co-authored-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
> Signed-off-by: Darrell Ball <dlu998 at gmail.com>

Thanks, applied to branch-2.6.


More information about the dev mailing list