Mike Pattrick <[email protected]> writes: > When conntrack is reassembling packet fragments, the same reassembly > context can be shared across multiple threads handling different packets > simultaneously. Once a full packet is assembled, it is added to a packet > batch for processing, this is most likely the batch that added it in the > first place, but that isn't a guarantee. > > The packets in these batches should be segregated by network protocol > version (ipv4 vs ipv6) for conntrack defragmentation to function > appropriately. However, there are conditions where we would add a > reassembled packet of one type to a batch of another. > > This change introduces checks to make sure that reassembled or expired > fragments are only added to packet batches of the same type. > > Fixes: 4ea96698f667 ("Userspace datapath: Add fragmentation handling.") > Reported-at: https://issues.redhat.com/browse/FDP-560 > Signed-off-by: Mike Pattrick <[email protected]> > ---
Applied, and backported to branches down to 2.17 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
