lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <e8b98109-7cea-8f85-c54c-11ce78aa4bc1@corigine.com>
Date:   Fri, 26 Mar 2021 20:03:10 +0200
From:   Louis Peens <louis.peens@...igine.com>
To:     Marcelo Leitner <mleitner@...hat.com>
Cc:     wenxu <wenxu@...oud.cn>, Ilya Maximets <i.maximets@....org>,
        "ovs-dev@...nvswitch.org" <ovs-dev@...nvswitch.org>,
        Paul Blakey <paulb@...dia.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        Yinjun Zhang <yinjun.zhang@...igine.com>,
        Simon Horman <simon.horman@...ronome.com>
Subject: Re: [ovs-dev] tc-conntrack: inconsistent behaviour with icmpv6



On 2021/03/26 18:58, Marcelo Leitner wrote:
> On Tue, Mar 16, 2021 at 05:12:22PM +0200, Louis Peens wrote:
>> So in the end I think there are two problems - the on you identified with only checking
>> the mask in commit 1bcc51ac0731. And then the second bigger one is that the behaviour
>> differs depending on whether the recirc upcall is after the a rule installed in tc
>> or a rule installed in ovs, as Marcelo mentioned.
> 
> Hi Louis,
> 
> Not sure if you noticed but both fixes landed in upstream kernel
> already.
> That's basically:
> afa536d8405a ("net/sched: cls_flower: fix only mask bit check in the
> validate_ct_state")
> d29334c15d33 ("net/sched: act_api: fix miss set post_ct for ovs after
> do conntrack in act_ct")
> 
> If testing again, it's probably better if you use the latest one.
Hi Marcelo

Thanks for the ping, I saw the mask fix, but I did indeed miss the
post_ct fix. Looking at the change it looks like it would address
the issue that we saw. Will test it out and report back in case
something is still wrong, but hopefully this is the end of the
chain. Thanks for the help everyone.

Regards
Louis

> 
> Thanks,
> Marcelo
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ