On Wed, Dec 06, 2017 at 06:04:20PM -0800, Darrell Ball wrote: > An address sanity check is done on icmp error packets to > check that the icmp error payload makes sense w.r.t. the > packet itself. > > The sanity check was partially incorrect since it tried > to verify the source address of the error packet against the > original destination, which does not makes since the error > can be generated by any intermediate node. > > Reported-by: wangzhike <[email protected]> > Reported-at: > https://mail.openvswitch.org/pipermail/ovs-dev/2017-December/341609.html > Fixes: a489b1685 ("conntrack: New userspace connection tracker.") > CC: Daniele Di Proietto <[email protected]> > Signed-off-by: Darrell Ball <[email protected]> > Signed-off-by: wangzhike <[email protected]> > Co-authored-by: wangzhike <[email protected]>
Thanks Darrell and wangzhike, I applied this to master. Let me know if this or the other series I recently applied needs backporting. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
