[ovs-git] [openvswitch/ovs] a5b3a6: conntrack: Fix ICMPv4 error data L4 length check.

Ben Pfaff noreply at github.com
Thu Aug 29 14:37:34 UTC 2019


  Branch: refs/heads/branch-2.12
  Home:   https://github.com/openvswitch/ovs
  Commit: a5b3a6675ec3b5c98070bb48a5891e387ebdc1e0
      https://github.com/openvswitch/ovs/commit/a5b3a6675ec3b5c98070bb48a5891e387ebdc1e0
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2019-08-29 (Thu, 29 Aug 2019)

  Changed paths:
    M lib/conntrack.c
    M lib/packets.h

  Log Message:
  -----------
  conntrack: Fix ICMPv4 error data L4 length check.

The ICMPv4 error data L4 length check was found to be too strict for TCP,
expecting a minimum of 20 rather than 8 bytes.  This worked by
hapenstance for other inner protocols.  The approach is to explicitly
handle the ICMPv4 error data L4 length check and to do this for all
supported inner protocols in the same way.  Making the code common
between protocols also allows the existing ICMPv4 related UDP tests to
cover TCP and ICMP inner protocol cases.
Note that ICMPv6 does not have an 8 byte limit for error L4 data.

Fixes: a489b16854b5 ("conntrack: New userspace connection tracker.")
CC: Daniele Di Proietto <diproiettod at ovn.org>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2019-August/361949.html
Reported-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
Signed-off-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
Co-authored-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>




More information about the git mailing list