[ovs-git] [openvswitch/ovs] 898739: conntrack: Fix icmp error address sanity check.

GitHub noreply at github.com
Tue Dec 12 19:41:06 UTC 2017

  Branch: refs/heads/branch-2.7
  Home:   https://github.com/openvswitch/ovs
  Commit: 898739743482600955697598ef02dea2f3e1b621
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2017-12-12 (Tue, 12 Dec 2017)

  Changed paths:
    M lib/conntrack.c

  Log Message:
  conntrack: Fix icmp error address sanity check.

An address sanity check is done on icmp error packets to
check that the icmp error payload makes sense w.r.t. the
packet itself.

The sanity check was partially incorrect since it tried
to verify the source address of the error packet against the
original destination, which does not makes since the error
can be generated by any intermediate node.

Reported-by: wangzhike <wangzhike at jd.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2017-December/341609.html
Fixes: a489b1685 ("conntrack: New userspace connection tracker.")
CC: Daniele Di Proietto <diproiettod at vmware.com>
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: wangzhike <wangzhike at jd.com>
Co-authored-by: wangzhike <wangzhike at jd.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>

More information about the git mailing list