| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Mar 2021 20:03:10 +0200
From: Louis Peens <louis.peens@...igine.com>
To: Marcelo Leitner <mleitner@...hat.com>
Cc: wenxu <wenxu@...oud.cn>, Ilya Maximets <i.maximets@....org>,
"ovs-dev@...nvswitch.org" <ovs-dev@...nvswitch.org>,
Paul Blakey <paulb@...dia.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Yinjun Zhang <yinjun.zhang@...igine.com>,
Simon Horman <simon.horman@...ronome.com>
Subject: Re: [ovs-dev] tc-conntrack: inconsistent behaviour with icmpv6
On 2021/03/26 18:58, Marcelo Leitner wrote:
> On Tue, Mar 16, 2021 at 05:12:22PM +0200, Louis Peens wrote:
>> So in the end I think there are two problems - the on you identified with only checking
>> the mask in commit 1bcc51ac0731. And then the second bigger one is that the behaviour
>> differs depending on whether the recirc upcall is after the a rule installed in tc
>> or a rule installed in ovs, as Marcelo mentioned.
>
> Hi Louis,
>
> Not sure if you noticed but both fixes landed in upstream kernel
> already.
> That's basically:
> afa536d8405a ("net/sched: cls_flower: fix only mask bit check in the
> validate_ct_state")
> d29334c15d33 ("net/sched: act_api: fix miss set post_ct for ovs after
> do conntrack in act_ct")
>
> If testing again, it's probably better if you use the latest one.
Hi Marcelo
Thanks for the ping, I saw the mask fix, but I did indeed miss the
post_ct fix. Looking at the change it looks like it would address
the issue that we saw. Will test it out and report back in case
something is still wrong, but hopefully this is the end of the
chain. Thanks for the help everyone.
Regards
Louis
>
> Thanks,
> Marcelo
>
Powered by blists - more mailing lists