[ovs-git] [openvswitch/ovs] e917d3: conntrack: Fix fragmentation checks.

GitHub noreply at github.com
Thu Jul 5 20:43:52 UTC 2018 

  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: e917d3ee9a1953dc60d8643baeca83d2843518b8
      https://github.com/openvswitch/ovs/commit/e917d3ee9a1953dc60d8643baeca83d2843518b8
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2018-07-05 (Thu, 05 Jul 2018)

  Changed paths:
    M lib/conntrack.c
    M tests/system-traffic.at

  Log Message:
  -----------
  conntrack: Fix fragmentation checks.

The ipv4 fragmentation check is broken and allows fragments through.
There were fragile and poorly maintainable checks in extract_l3_ipv*
designed to save a few cycles.  The checks make assumptions about what
sanity checks may have been done and could be skipped based on inferring
from the value of another paramater that should be unrelated (l4
pointer needing assignment).  Since the benefit is minimal, remove
the special checks and always do sanity checks.

Four tests are added to better maintain fragmentation support.

This needs backporting to 2.9.

Fixes: c8b1ad49da68("conntrack: Reorder sanity checks in extract_l3_ipvx().")
Fixes: a489b16854b5("conntrack: New userspace connection tracker.")
Signed-off-by: Darrell Ball <dlu998 at gmail.com>


  Commit: b21ac618e014f022ee77d62eaaf470154a250022
      https://github.com/openvswitch/ovs/commit/b21ac618e014f022ee77d62eaaf470154a250022
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2018-07-05 (Thu, 05 Jul 2018)

  Changed paths:
    M tests/system-kmod-macros.at
    M tests/system-traffic.at
    M tests/system-userspace-macros.at

  Log Message:
  -----------
  tests: Add more fragmentation tests.

Tests are added to cover out of order fragments, overlapping fragments
and multiple extension headers in the case of IPv6.

Signed-off-by: Darrell Ball <dlu998 at gmail.com>


Compare: https://github.com/openvswitch/ovs/compare/cdc9a84ad2e3...b21ac618e014
      **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.

More information about the git mailing list