发件人: Darrell Ball [mailto:dlu...@gmail.com] 发送时间: 2019年8月22日 9:00 收件人: Ben Pfaff <b...@ovn.org> 抄送: Li,Rongqing <lirongq...@baidu.com>; ovs-dev@openvswitch.org 主题: Re: [ovs-dev] [PATCH] conntrack: check the result of extract_l3_ipv4/6
On Wed, Aug 21, 2019 at 3:13 PM Ben Pfaff <b...@ovn.org<mailto:b...@ovn.org>> wrote: On Mon, Aug 19, 2019 at 08:35:11AM -0700, Darrell Ball wrote: > Thanks for the patch > > On Sun, Aug 18, 2019 at 11:01 PM Li RongQing > <lirongq...@baidu.com<mailto:lirongq...@baidu.com>> wrote: > > > the result of extract_l3_ipv4/6 should be checked in reverse_nat_packet > > when it is false, meaning this packet is wrong, should not do handle it > > continually > > > > Signed-off-by: Li RongQing > > <lirongq...@baidu.com<mailto:lirongq...@baidu.com>> > > --- > > lib/conntrack.c | 17 +++++++++++++++-- > > 1 file changed, 15 insertions(+), 2 deletions(-) > > > > diff --git a/lib/conntrack.c b/lib/conntrack.c > > index 5f60fea18..c26d5438c 100644 > > --- a/lib/conntrack.c > > +++ b/lib/conntrack.c > > @@ -695,11 +695,18 @@ reverse_nat_packet(struct dp_packet *pkt, const > > struct conn *conn) > > uint16_t orig_l4_ofs = pkt->l4_ofs; > > > > if (conn->key.dl_type == htons(ETH_TYPE_IP)) { > > + bool ok; > > struct ip_header *nh = dp_packet_l3(pkt); > > struct icmp_header *icmp = dp_packet_l4(pkt); > > struct ip_header *inner_l3 = (struct ip_header *) (icmp + 1); > > - extract_l3_ipv4(&inner_key, inner_l3, tail - ((char *)inner_l3) - > > pad, > > > > There is intentionally no checking for success/fail here bcoz the packet > has already > been parsed and found to be ok during conn_key_extract() code path. Reusing > the > same api here is just convenient. Maybe a comment would be warranted to make that clear. that's reasonable; maybe RongQing would like to submit a patch ? Ball: I like you finish it, since you are more clear this codes. Thanks -RongQing _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
