[ovs-git] [openvswitch/ovs] f276e7: conntrack: Fix icmp error address sanity check.

GitHub noreply at github.com
Mon Dec 11 22:42:34 UTC 2017


  Branch: refs/heads/branch-2.8
  Home:   https://github.com/openvswitch/ovs
  Commit: f276e791d6c843b186b13d8f8f2244ba72f45bf3
      https://github.com/openvswitch/ovs/commit/f276e791d6c843b186b13d8f8f2244ba72f45bf3
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2017-12-11 (Mon, 11 Dec 2017)

  Changed paths:
    M lib/conntrack.c

  Log Message:
  -----------
  conntrack: Fix icmp error address sanity check.

An address sanity check is done on icmp error packets to
check that the icmp error payload makes sense w.r.t. the
packet itself.

The sanity check was partially incorrect since it tried
to verify the source address of the error packet against the
original destination, which does not makes since the error
can be generated by any intermediate node.

Reported-by: wangzhike <wangzhike at jd.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2017-December/341609.html
Fixes: a489b1685 ("conntrack: New userspace connection tracker.")
CC: Daniele Di Proietto <diproiettod at vmware.com>
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: wangzhike <wangzhike at jd.com>
Co-authored-by: wangzhike <wangzhike at jd.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>




More information about the git mailing list