git.proxmox.com Git - mirror_ovs.git/commit

author	Darrell Ball <dlu998@gmail.com>
	Thu, 7 Dec 2017 02:04:20 +0000 (18:04 -0800)
committer	Ben Pfaff <blp@ovn.org>
	Mon, 11 Dec 2017 22:18:18 +0000 (14:18 -0800)
commit	a81da080574295ffeb8445723ee15902ae90aa10
tree	9204ca2d6f2d434df2d536aed71ac67c605f1e24	tree
parent	3a2a425b4c4ebd49dcf07e5eb6d901c98424b999	commit \| diff

conntrack: Fix icmp error address sanity check.

An address sanity check is done on icmp error packets to
check that the icmp error payload makes sense w.r.t. the
packet itself.

The sanity check was partially incorrect since it tried
to verify the source address of the error packet against the
original destination, which does not makes since the error
can be generated by any intermediate node.

Reported-by: wangzhike <wangzhike@jd.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2017-December/341609.html
Fixes: a489b1685 ("conntrack: New userspace connection tracker.")
CC: Daniele Di Proietto <diproiettod@vmware.com>
Signed-off-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: wangzhike <wangzhike@jd.com>
Co-authored-by: wangzhike <wangzhike@jd.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

lib/conntrack.c		diff \| blob \| blame \| history
tests/system-traffic.at		diff \| blob \| blame \| history