On Wed, Dec 19, 2018 at 12:57 AM David Marchand <david.march...@redhat.com> wrote:
> Hello Darrell, > > On Wed, Dec 19, 2018 at 9:16 AM Darrell Ball <dlu...@gmail.com> wrote: > >> 1/ >> What is the use case for multiple adjustments? >> This code has been tested externally to Vmware as well. >> Also multiple adjustments may be indicative of an exploit attempt or >> other problem, so lets delineate >> the use case first; please add a 'real' test case for this. >> > > Connect a ftp client to a server with nat (with the nat triggering a tcp > seq ajustement), then enter several commands and watch the tcp seq numbers > on the command connection. > See patch 5 for the test, I put it later in the series to avoid test > failures. > fold patch 5 into patch 1 and I'll take another look. > > >> 2/ >> IF we end up supporting multiple adjustments, as it stands now the patch >> fails these tests >> conntrack - NAT >> >> 96: conntrack - FTP NAT postrecirc seqadj FAILED ( >> system-traffic.at:4391) >> 98: conntrack - FTP NAT orig tuple seqadj FAILED ( >> system-traffic.at:4515) >> > > Argh, indeed, I guess patch 2 should come first, will check. > I am not sure Patch 2 is needed at all; it breaks the common code path intent as well. > > > -- > David Marchand > _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
