[ovs-git] [openvswitch/ovs] a01710: conntrack: Fix ICMPv4 error data L4 length check.
Ben Pfaff
noreply at github.com
Mon Sep 30 20:38:47 UTC 2019
Branch: refs/heads/branch-2.6
Home: https://github.com/openvswitch/ovs
Commit: a01710e1c2500df26f010b43f01972f6224a51d5
https://github.com/openvswitch/ovs/commit/a01710e1c2500df26f010b43f01972f6224a51d5
Author: Darrell Ball <dlu998 at gmail.com>
Date: 2019-09-30 (Mon, 30 Sep 2019)
Changed paths:
M lib/conntrack.c
M lib/packets.h
Log Message:
-----------
conntrack: Fix ICMPv4 error data L4 length check.
The ICMPv4 error data L4 length check was found to be too strict for TCP,
expecting a minimum of 20 rather than 8 bytes. This worked by
hapenstance for other inner protocols. The approach is to explicitly
handle the ICMPv4 error data L4 length check and to do this for all
supported inner protocols in the same way. Making the code common
between protocols also allows the existing ICMPv4 related UDP tests to
cover TCP and ICMP inner protocol cases.
Note that ICMPv6 does not have an 8 byte limit for error L4 data.
Fixes: a489b16854b5 ("conntrack: New userspace connection tracker.")
CC: Daniele Di Proietto <diproiettod at ovn.org>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2019-August/361949.html
Reported-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
Signed-off-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
Co-authored-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
More information about the git
mailing list