Hello Darrell, On Wed, Dec 19, 2018 at 9:16 AM Darrell Ball <[email protected]> wrote:
> 1/ > What is the use case for multiple adjustments? > This code has been tested externally to Vmware as well. > Also multiple adjustments may be indicative of an exploit attempt or other > problem, so lets delineate > the use case first; please add a 'real' test case for this. > Connect a ftp client to a server with nat (with the nat triggering a tcp seq ajustement), then enter several commands and watch the tcp seq numbers on the command connection. See patch 5 for the test, I put it later in the series to avoid test failures. > 2/ > IF we end up supporting multiple adjustments, as it stands now the patch > fails these tests > conntrack - NAT > > 96: conntrack - FTP NAT postrecirc seqadj FAILED ( > system-traffic.at:4391) > 98: conntrack - FTP NAT orig tuple seqadj FAILED ( > system-traffic.at:4515) > Argh, indeed, I guess patch 2 should come first, will check. -- David Marchand _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
