[ovs-git] [openvswitch/ovs] 8d29cd: conntrack: Check all addresses for ephemeral ports...

GitHub noreply at github.com
Thu Dec 27 18:23:58 UTC 2018


  Branch: refs/heads/branch-2.10
  Home:   https://github.com/openvswitch/ovs
  Commit: 8d29cdc0fdefe5d941381b2a8e748185f959f84f
      https://github.com/openvswitch/ovs/commit/8d29cdc0fdefe5d941381b2a8e748185f959f84f
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2018-12-27 (Thu, 27 Dec 2018)

  Changed paths:
    M lib/conntrack.c

  Log Message:
  -----------
  conntrack: Check all addresses for ephemeral ports.

When fallback to ephemeral ports triggers to find a NAT translation,
it may happen that the full address range is not explored; i.e. if
all ephemeral ports are being used for the address range >= the
first address checked and there are other addresses in the
available range, then they would not be explored for availability.
The likelihood of hitting this condition is rare. The fix is to
reset the first address to the minimum address when starting to
search ephemeral ports.  Found by inspection.

Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: f1ba82913a40e790f9a415febc4eb3efdb601264
      https://github.com/openvswitch/ovs/commit/f1ba82913a40e790f9a415febc4eb3efdb601264
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2018-12-27 (Thu, 27 Dec 2018)

  Changed paths:
    M lib/conntrack.c
    M lib/dpctl.man

  Log Message:
  -----------
  conntrack: Enforce conn_type for flush tuple.

The user should only reference a conntrack entry by the forward
direction context, as per 'conntrack_flush()', enforce this by
checking for 'default' conn_type.  The likelihood of a user
not using the original tuple is low, but it should be guarded
against, logged and documented.

Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


Compare: https://github.com/openvswitch/ovs/compare/797d8b3b5637...f1ba82913a40
      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.


More information about the git mailing list