When freeing 'UNNAT conns', lookup only 'UNNAT conns' to
protect against possible address overlap with 'default
conns' during a DOS attempt. This is very unlikely, but
protection is simple.
Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
Signed-off-by: Darrell Ball
---
This patch is targeted for earlier releases as new RCU patches
inherently don't have this race.
Backport to 2.8.
v6: Changed comment to lock annotation.
v5: Add fixes tag.
v1->v4: No changes to this patch.
lib/conntrack.c | 25 +
1 file changed, 21 insertions(+), 4 deletions(-)
diff --git a/lib/conntrack.c b/lib/conntrack.c
index dd6e19b..5235690 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -776,6 +776,22 @@ conn_lookup_def(const struct conn_key *key,
return conn;
}
+static struct conn *
+conn_lookup_unnat(const struct conn_key *key,
+ const struct conntrack_bucket *ctb, uint32_t hash)
+OVS_REQUIRES(ctb->lock)
+{
+struct conn *conn = NULL;
+
+HMAP_FOR_EACH_WITH_HASH (conn, node, hash, >connections) {
+if (!conn_key_cmp(>key, key)
+&& conn->conn_type == CT_CONN_TYPE_UN_NAT) {
+break;
+}
+}
+return conn;
+}
+
static void
conn_seq_skew_set(struct conntrack *ct, const struct conn_key *key,
long long now, int seq_skew, bool seq_skew_dir)
@@ -799,12 +815,13 @@ nat_clean(struct conntrack *ct, struct conn *conn,
nat_conn_keys_remove(>nat_conn_keys, >rev_key, ct->hash_basis);
ct_rwlock_unlock(>resources_lock);
ct_lock_unlock(>lock);
-unsigned bucket_rev_conn =
-hash_to_bucket(conn_key_hash(>rev_key, ct->hash_basis));
+uint32_t hash = conn_key_hash(>rev_key, ct->hash_basis);
+unsigned bucket_rev_conn = hash_to_bucket(hash);
ct_lock_lock(>buckets[bucket_rev_conn].lock);
ct_rwlock_wrlock(>resources_lock);
-long long now = time_msec();
-struct conn *rev_conn = conn_lookup(ct, >rev_key, now);
+struct conn *rev_conn = conn_lookup_unnat(>rev_key,
+ >buckets[bucket_rev_conn],
+ hash);
struct nat_conn_key_node *nat_conn_key_node =
nat_conn_keys_lookup(>nat_conn_keys, >rev_key,
ct->hash_basis);
--
1.9.1
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev