In conntrack lookup, ICMP type and code fields were not being used to determine a matching entry. As a result, ICMP4_ECHO_REQUEST packet could be tracked as ICMP4_ECHO_REPLY packet and vice versa, which is invalid.
To fix this, add ICMP type and code fields for matching a conntrack entry. Signed-off-by: Anand Kumar <[email protected]> Acked-by: Sairam Venugopal <[email protected]> --- datapath-windows/ovsext/Conntrack.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c index 07a9583..e97d6ce 100644 --- a/datapath-windows/ovsext/Conntrack.c +++ b/datapath-windows/ovsext/Conntrack.c @@ -383,15 +383,13 @@ OvsDetectCtPacket(OvsForwardingContext *fwdCtx, BOOLEAN OvsCtKeyAreSame(OVS_CT_KEY ctxKey, OVS_CT_KEY entryKey) { - return ((ctxKey.src.addr.ipv4 == entryKey.src.addr.ipv4) && - (ctxKey.src.addr.ipv4_aligned == entryKey.src.addr.ipv4_aligned) && - (ctxKey.src.port == entryKey.src.port) && - (ctxKey.dst.addr.ipv4 == entryKey.dst.addr.ipv4) && - (ctxKey.dst.addr.ipv4_aligned == entryKey.dst.addr.ipv4_aligned) && - (ctxKey.dst.port == entryKey.dst.port) && - (ctxKey.dl_type == entryKey.dl_type) && - (ctxKey.nw_proto == entryKey.nw_proto) && - (ctxKey.zone == entryKey.zone)); + return ((NdisEqualMemory(&ctxKey.src, &entryKey.src, + sizeof(struct ct_endpoint))) && + (NdisEqualMemory(&ctxKey.dst, &entryKey.dst, + sizeof(struct ct_endpoint))) && + (ctxKey.dl_type == entryKey.dl_type) && + (ctxKey.nw_proto == entryKey.nw_proto) && + (ctxKey.zone == entryKey.zone)); } static __inline VOID -- 2.9.3.windows.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
