On Fri, Feb 09, 2018 at 11:45:17AM -0600, Mark Michelson wrote:
> On 02/09/2018 11:35 AM, Ben Pfaff wrote:
> >On Fri, Feb 09, 2018 at 09:11:00AM -0600, Mark Michelson wrote:
> >>There was a bug in DNS request handling where the incoming packet was
> >>assumed to be IPv4.
> >>
> >>The result was that for the outgoing packet, we would attempt to write
> >>the IPv4 checksum and total length into what was actually an IPv6
> >>header. This resulted in the source IPv6 address getting corrupted.
> >>Later, the source and destination IPv6 addresses would get swapped,
> >>resulting in the DNS response being sent to a nonsense destination.
> >>
> >>With this change, we check the ethertype of the packet to determine what
> >>l3 information to write, and where to write it. A test is also included
> >>that verifies that this works as expected.
> >>
> >>Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1539608
> >>Signed-off-by: Mark Michelson <mmich...@redhat.com>
> >
> >Thank you for the fix and the test!  I applied this to master and
> >branch-2.9.  Let me know if you want it backported further.
> >
> >I folded in the following nonessential correction pointed out by
> >"sparse":
> >
> >--8<--------------------------cut here-------------------------->8--
> >
> >diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c
> >index 6654d7f49396..14c95ff547ff 100644
> >--- a/ovn/controller/pinctrl.c
> >+++ b/ovn/controller/pinctrl.c
> >@@ -917,7 +917,7 @@ pinctrl_handle_dns_lookup(
> >      out_udp->udp_csum = 0;
> >      struct eth_header *eth = dp_packet_data(&pkt_out);
> >-    if (eth->eth_type == ntohs(ETH_TYPE_IP)) {
> >+    if (eth->eth_type == htons(ETH_TYPE_IP)) {
> >          struct ip_header *out_ip = dp_packet_l3(&pkt_out);
> >          out_ip->ip_tot_len = htons(pkt_out.l4_ofs - pkt_out.l3_ofs
> >                                     + new_l4_size);
> >
> 
> Thanks Ben. This error is present in 2.8 as well.

OK, I backported it there too.
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to