On Mon, Dec 11, 2017 at 06:08:53PM -0800, Darrell Ball wrote: > An address sanity check is done on icmp error packets to > check that the icmp error payload makes sense w.r.t. the > packet itself. > > The sanity check was partially incorrect since it tried > to verify the source address of the error packet against the > original destination, which does not makes since the error > can be generated by any intermediate node. > > Reported-by: wangzhike <[email protected]> > Reported-at: > https://mail.openvswitch.org/pipermail/ovs-dev/2017-December/341609.html > Fixes: a489b1685 ("conntrack: New userspace connection tracker.") > CC: Daniele Di Proietto <[email protected]> > Signed-off-by: Darrell Ball <[email protected]> > Signed-off-by: wangzhike <[email protected]> > Co-authored-by: wangzhike <[email protected]>
Thanks! I applied this to branch-2.7 and branch-2.6. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
