[ovs-dev] [PATCH v2 net] openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len

David Miller davem at davemloft.net
Wed Jun 24 21:35:40 UTC 2020


From: Lorenzo Bianconi <lorenzo at kernel.org>
Date: Tue, 23 Jun 2020 18:33:15 +0200

> ovs connection tracking module performs de-fragmentation on incoming
> fragmented traffic. Take info account if traffic has been de-fragmented
> in execute_check_pkt_len action otherwise we will perform the wrong
> nested action considering the original packet size. This issue typically
> occurs if ovs-vswitchd adds a rule in the pipeline that requires connection
> tracking (e.g. OVN stateful ACLs) before execute_check_pkt_len action.
> Moreover take into account GSO fragment size for GSO packet in
> execute_check_pkt_len routine
> 
> Fixes: 4d5ec89fc8d14 ("net: openvswitch: Add a new action check_pkt_len")
> Signed-off-by: Lorenzo Bianconi <lorenzo at kernel.org>

Applied and queued up for -stable, thank you.


More information about the dev mailing list