[ovs-git] [openvswitch/ovs] 171629: conntrack: Fix fragmentation checks.
noreply at github.com
Thu Jul 5 20:57:52 UTC 2018
Author: Darrell Ball <dlu998 at gmail.com>
Date: 2018-07-05 (Thu, 05 Jul 2018)
conntrack: Fix fragmentation checks.
The ipv4 fragmentation check is broken and allows fragments through.
There were fragile and poorly maintainable checks in extract_l3_ipv*
designed to save a few cycles. The checks make assumptions about what
sanity checks may have been done and could be skipped based on inferring
from the value of another paramater that should be unrelated (l4
pointer needing assignment). Since the benefit is minimal, remove
the special checks and always do sanity checks.
Four tests are added to better maintain fragmentation support.
This needs backporting to 2.9.
Fixes: c8b1ad49da68("conntrack: Reorder sanity checks in extract_l3_ipvx().")
Fixes: a489b16854b5("conntrack: New userspace connection tracker.")
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
**NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the git