On Wed, Aug 21, 2019 at 3:13 PM Ben Pfaff <[email protected]> wrote: > On Mon, Aug 19, 2019 at 08:35:11AM -0700, Darrell Ball wrote: > > Thanks for the patch > > > > On Sun, Aug 18, 2019 at 11:01 PM Li RongQing <[email protected]> > wrote: > > > > > the result of extract_l3_ipv4/6 should be checked in reverse_nat_packet > > > when it is false, meaning this packet is wrong, should not do handle it > > > continually > > > > > > Signed-off-by: Li RongQing <[email protected]> > > > --- > > > lib/conntrack.c | 17 +++++++++++++++-- > > > 1 file changed, 15 insertions(+), 2 deletions(-) > > > > > > diff --git a/lib/conntrack.c b/lib/conntrack.c > > > index 5f60fea18..c26d5438c 100644 > > > --- a/lib/conntrack.c > > > +++ b/lib/conntrack.c > > > @@ -695,11 +695,18 @@ reverse_nat_packet(struct dp_packet *pkt, const > > > struct conn *conn) > > > uint16_t orig_l4_ofs = pkt->l4_ofs; > > > > > > if (conn->key.dl_type == htons(ETH_TYPE_IP)) { > > > + bool ok; > > > struct ip_header *nh = dp_packet_l3(pkt); > > > struct icmp_header *icmp = dp_packet_l4(pkt); > > > struct ip_header *inner_l3 = (struct ip_header *) (icmp + 1); > > > - extract_l3_ipv4(&inner_key, inner_l3, tail - ((char > *)inner_l3) - > > > pad, > > > > > > > There is intentionally no checking for success/fail here bcoz the packet > > has already > > been parsed and found to be ok during conn_key_extract() code path. > Reusing > > the > > same api here is just convenient. > > Maybe a comment would be warranted to make that clear. >
that's reasonable; maybe RongQing would like to submit a patch ? _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
