Hi Darrell, Thanks for the patch. When I applied the patch to latest master, I see that we take care of length check (< 8) only for ICMPv6 and not for ICMPv4. We need to do it for ICMPv4 as well.
Also, we are already using 'related' to skip or not to skip length check. * If 'related' is NULL, it means that we're already parsing a header nested * in an ICMP error. In this case, we skip checksum and length validation. However we continue to validate length in extract_l4_tcp (<8 or <20). I understand that check for minimum 8 bytes header is needed to make sure we can extract tcp port numbers. Can we instead try to converge all checks at one place and still take care of nested header? In my opinion it will simplify the code. Warm Regards, Vishal Ajmera _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev