| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190824165846.79627-1-jpettit@ovn.org> Date: Sat, 24 Aug 2019 09:58:45 -0700 From: Justin Pettit <jpettit@....org> To: netdev@...r.kernel.org, Pravin Shelar <pshelar@....org> Cc: Joe Stringer <joe@...d.net.nz> Subject: [PATCH net 1/2] openvswitch: Properly set L4 keys on "later" IP fragments. When IP fragments are reassembled before being sent to conntrack, the key from the last fragment is used. Unless there are reordering issues, the last fragment received will not contain the L4 ports, so the key for the reassembled datagram won't contain them. This patch updates the key once we have a reassembled datagram. Signed-off-by: Justin Pettit <jpettit@....org> --- net/openvswitch/conntrack.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c index 848c6eb55064..f40ad2a42086 100644 --- a/net/openvswitch/conntrack.c +++ b/net/openvswitch/conntrack.c @@ -524,6 +524,10 @@ static int handle_fragments(struct net *net, struct sw_flow_key *key, return -EPFNOSUPPORT; } + /* The key extracted from the fragment that completed this datagram + * likely didn't have an L4 header, so regenerate it. */ + ovs_flow_key_update(skb, key); + key->ip.frag = OVS_FRAG_TYPE_NONE; skb_clear_hash(skb); skb->ignore_df = 1; -- 2.17.1
Powered by blists - more mailing lists