[ovs-git] [openvswitch/ovs] 4d70ae: conntrack: Lookup only 'UNNAT conns' in 'nat_clean...

Ben Pfaff noreply at github.com
Fri Mar 15 22:58:05 UTC 2019


  Branch: refs/heads/branch-2.11
  Home:   https://github.com/openvswitch/ovs
  Commit: 4d70ae743613e8e5e7b6fefd661a584b7f26fc40
      https://github.com/openvswitch/ovs/commit/4d70ae743613e8e5e7b6fefd661a584b7f26fc40
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2019-03-15 (Fri, 15 Mar 2019)

  Changed paths:
    M lib/conntrack.c

  Log Message:
  -----------
  conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'.

When freeing 'UNNAT conns', lookup only 'UNNAT conns' to
protect against possible address overlap with 'default
conns' during a DOS attempt.  This is very unlikely, but
protection is simple.

Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>




More information about the git mailing list