[ovs-git] [openvswitch/ovs] a81da0: conntrack: Fix icmp error address sanity check.
GitHub
noreply at github.com
Mon Dec 11 22:19:25 UTC 2017
Branch: refs/heads/master
Home: https://github.com/openvswitch/ovs
Commit: a81da080574295ffeb8445723ee15902ae90aa10
https://github.com/openvswitch/ovs/commit/a81da080574295ffeb8445723ee15902ae90aa10
Author: Darrell Ball <dlu998 at gmail.com>
Date: 2017-12-11 (Mon, 11 Dec 2017)
Changed paths:
M lib/conntrack.c
M tests/system-traffic.at
Log Message:
-----------
conntrack: Fix icmp error address sanity check.
An address sanity check is done on icmp error packets to
check that the icmp error payload makes sense w.r.t. the
packet itself.
The sanity check was partially incorrect since it tried
to verify the source address of the error packet against the
original destination, which does not makes since the error
can be generated by any intermediate node.
Reported-by: wangzhike <wangzhike at jd.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2017-December/341609.html
Fixes: a489b1685 ("conntrack: New userspace connection tracker.")
CC: Daniele Di Proietto <diproiettod at vmware.com>
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: wangzhike <wangzhike at jd.com>
Co-authored-by: wangzhike <wangzhike at jd.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
More information about the git
mailing list