On Fri, Feb 09, 2018 at 09:11:00AM -0600, Mark Michelson wrote:
> There was a bug in DNS request handling where the incoming packet was
> assumed to be IPv4.
> 
> The result was that for the outgoing packet, we would attempt to write
> the IPv4 checksum and total length into what was actually an IPv6
> header. This resulted in the source IPv6 address getting corrupted.
> Later, the source and destination IPv6 addresses would get swapped,
> resulting in the DNS response being sent to a nonsense destination.
> 
> With this change, we check the ethertype of the packet to determine what
> l3 information to write, and where to write it. A test is also included
> that verifies that this works as expected.
> 
> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1539608
> Signed-off-by: Mark Michelson <mmich...@redhat.com>

Thank you for the fix and the test!  I applied this to master and
branch-2.9.  Let me know if you want it backported further.

I folded in the following nonessential correction pointed out by
"sparse":

--8<--------------------------cut here-------------------------->8--

diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c
index 6654d7f49396..14c95ff547ff 100644
--- a/ovn/controller/pinctrl.c
+++ b/ovn/controller/pinctrl.c
@@ -917,7 +917,7 @@ pinctrl_handle_dns_lookup(
     out_udp->udp_csum = 0;
 
     struct eth_header *eth = dp_packet_data(&pkt_out);
-    if (eth->eth_type == ntohs(ETH_TYPE_IP)) {
+    if (eth->eth_type == htons(ETH_TYPE_IP)) {
         struct ip_header *out_ip = dp_packet_l3(&pkt_out);
         out_ip->ip_tot_len = htons(pkt_out.l4_ofs - pkt_out.l3_ofs
                                    + new_l4_size);
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to