[ovs-git] [openvswitch/ovs] fbc7b5: conntrack: Fix icmp error address sanity check.
GitHub
noreply at github.com
Tue Dec 12 19:41:14 UTC 2017
Branch: refs/heads/branch-2.6
Home: https://github.com/openvswitch/ovs
Commit: fbc7b5d9af5bcfc0cd4dc220293b96488573bd0a
https://github.com/openvswitch/ovs/commit/fbc7b5d9af5bcfc0cd4dc220293b96488573bd0a
Author: Darrell Ball <dlu998 at gmail.com>
Date: 2017-12-12 (Tue, 12 Dec 2017)
Changed paths:
M lib/conntrack.c
Log Message:
-----------
conntrack: Fix icmp error address sanity check.
An address sanity check is done on icmp error packets to
check that the icmp error payload makes sense w.r.t. the
packet itself.
The sanity check was partially incorrect since it tried
to verify the source address of the error packet against the
original destination, which does not makes since the error
can be generated by any intermediate node.
Reported-by: wangzhike <wangzhike at jd.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2017-December/341609.html
Fixes: a489b1685 ("conntrack: New userspace connection tracker.")
CC: Daniele Di Proietto <diproiettod at vmware.com>
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: wangzhike <wangzhike at jd.com>
Co-authored-by: wangzhike <wangzhike at jd.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
More information about the git
mailing list