[ovs-git] [openvswitch/ovs] 171629: conntrack: Fix fragmentation checks.

GitHub noreply at github.com
Thu Jul 5 20:57:52 UTC 2018

  Branch: refs/heads/branch-2.9
  Home:   https://github.com/openvswitch/ovs
  Commit: 171629246aac346879aca6bf1f90079f1b9a602c
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2018-07-05 (Thu, 05 Jul 2018)

  Changed paths:
    M lib/conntrack.c
    M tests/system-traffic.at

  Log Message:
  conntrack: Fix fragmentation checks.

The ipv4 fragmentation check is broken and allows fragments through.
There were fragile and poorly maintainable checks in extract_l3_ipv*
designed to save a few cycles.  The checks make assumptions about what
sanity checks may have been done and could be skipped based on inferring
from the value of another paramater that should be unrelated (l4
pointer needing assignment).  Since the benefit is minimal, remove
the special checks and always do sanity checks.

Four tests are added to better maintain fragmentation support.

This needs backporting to 2.9.

Fixes: c8b1ad49da68("conntrack: Reorder sanity checks in extract_l3_ipvx().")
Fixes: a489b16854b5("conntrack: New userspace connection tracker.")
Signed-off-by: Darrell Ball <dlu998 at gmail.com>

      **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.

More information about the git mailing list