[ovs-git] [openvswitch/ovs] 6c2a93: conntrack: Fix ICMPv4 error data L4 length check.

Ben Pfaff noreply at github.com
Thu Aug 29 14:36:53 UTC 2019


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: 6c2a93064afe8d812e4506880d1fd8f96108f92a
      https://github.com/openvswitch/ovs/commit/6c2a93064afe8d812e4506880d1fd8f96108f92a
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2019-08-29 (Thu, 29 Aug 2019)

  Changed paths:
    M lib/conntrack.c
    M lib/packets.h

  Log Message:
  -----------
  conntrack: Fix ICMPv4 error data L4 length check.

The ICMPv4 error data L4 length check was found to be too strict for TCP,
expecting a minimum of 20 rather than 8 bytes.  This worked by
hapenstance for other inner protocols.  The approach is to explicitly
handle the ICMPv4 error data L4 length check and to do this for all
supported inner protocols in the same way.  Making the code common
between protocols also allows the existing ICMPv4 related UDP tests to
cover TCP and ICMP inner protocol cases.
Note that ICMPv6 does not have an 8 byte limit for error L4 data.

Fixes: a489b16854b5 ("conntrack: New userspace connection tracker.")
CC: Daniele Di Proietto <diproiettod at ovn.org>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2019-August/361949.html
Reported-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
Signed-off-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
Co-authored-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>




More information about the git mailing list