On Fri, Feb 09, 2018 at 11:45:17AM -0600, Mark Michelson wrote: > On 02/09/2018 11:35 AM, Ben Pfaff wrote: > >On Fri, Feb 09, 2018 at 09:11:00AM -0600, Mark Michelson wrote: > >>There was a bug in DNS request handling where the incoming packet was > >>assumed to be IPv4. > >> > >>The result was that for the outgoing packet, we would attempt to write > >>the IPv4 checksum and total length into what was actually an IPv6 > >>header. This resulted in the source IPv6 address getting corrupted. > >>Later, the source and destination IPv6 addresses would get swapped, > >>resulting in the DNS response being sent to a nonsense destination. > >> > >>With this change, we check the ethertype of the packet to determine what > >>l3 information to write, and where to write it. A test is also included > >>that verifies that this works as expected. > >> > >>Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1539608 > >>Signed-off-by: Mark Michelson <mmich...@redhat.com> > > > >Thank you for the fix and the test! I applied this to master and > >branch-2.9. Let me know if you want it backported further. > > > >I folded in the following nonessential correction pointed out by > >"sparse": > > > >--8<--------------------------cut here-------------------------->8-- > > > >diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c > >index 6654d7f49396..14c95ff547ff 100644 > >--- a/ovn/controller/pinctrl.c > >+++ b/ovn/controller/pinctrl.c > >@@ -917,7 +917,7 @@ pinctrl_handle_dns_lookup( > > out_udp->udp_csum = 0; > > struct eth_header *eth = dp_packet_data(&pkt_out); > >- if (eth->eth_type == ntohs(ETH_TYPE_IP)) { > >+ if (eth->eth_type == htons(ETH_TYPE_IP)) { > > struct ip_header *out_ip = dp_packet_l3(&pkt_out); > > out_ip->ip_tot_len = htons(pkt_out.l4_ofs - pkt_out.l3_ofs > > + new_l4_size); > > > > Thanks Ben. This error is present in 2.8 as well.
OK, I backported it there too. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
