[ovs-git] [openvswitch/ovs] 413ebd: conntrack: Lookup only 'UNNAT conns' in 'nat_clean...

Ben Pfaff noreply at github.com
Fri Mar 15 22:58:15 UTC 2019


  Branch: refs/heads/branch-2.10
  Home:   https://github.com/openvswitch/ovs
  Commit: 413ebd402247d5ac6f524478028e2bea2651c39b
      https://github.com/openvswitch/ovs/commit/413ebd402247d5ac6f524478028e2bea2651c39b
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2019-03-15 (Fri, 15 Mar 2019)

  Changed paths:
    M lib/conntrack.c

  Log Message:
  -----------
  conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'.

When freeing 'UNNAT conns', lookup only 'UNNAT conns' to
protect against possible address overlap with 'default
conns' during a DOS attempt.  This is very unlikely, but
protection is simple.

Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>




More information about the git mailing list