Mike Pattrick via dev <ovs-dev@openvswitch.org> writes: > Currently conntrack will refuse to extract metadata from fragmented > IPv4 packets. Usually the fragments would be processed by the ipf > module, but this isn't the case for ICMP related packets. The current > handling will result in these being incorrectly processed. > > This patch checks for a frag offset instead of just frag flags, which is > similar to how conntrack handles fragments in the kernel. > > Reported-at: https://issues.redhat.com/browse/FDP-136 > Reported-by: Ales Musil <amu...@redhat.com> > Fixes: a489b16854b5 ("conntrack: New userspace connection tracker.") > Signed-off-by: Mike Pattrick <m...@redhat.com> > ---
Thanks, applied and backported. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
