packages/openvswitch
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openvswitch/conntrack-Fix-check_orig_tuple-Valgrind-false-positi.patch
openeuler-netdev 0c058e5eed update patch
2019-12-26 22:17:49 +08:00

56 lines
2.3 KiB
Diff
Raw Blame History

From cc213ea8956059adadf378ca454678f3d2055e04 Mon Sep 17 00:00:00 2001
From: Darrell Ball <dlu998@gmail.com>
Date: Mon, 23 Sep 2019 16:44:33 -0700
Subject: conntrack: Fix 'check_orig_tuple()' Valgrind false positive.
Valgrind reported that 'pkt->md.ct_orig_tuple.ipv4.ipv4_proto' is
uninitialized in 'check_orig_tuple()', if 'ct_state' is zero. Although
this is true, the check is superceded, as even if it succeeds the check
for natted packets based on 'ct_state' is an ORed condition and is intended
to catch this case.
The check is '!(pkt->md.ct_state & (CS_SRC_NAT | CS_DST_NAT))' which
filters out all packets excepted natted ones. Move this check up to
prevent the Valgrind complaint, which also helps performance and also remove
recenlty added redundant check adding extra cycles.
Fixes: f44733c527da ("conntrack: Validate accessing of conntrack data in pkt_metadata.")
CC: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
---
lib/conntrack.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/lib/conntrack.c b/lib/conntrack.c
index 86c16b2fb..0c917543c 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -1001,11 +1001,11 @@ check_orig_tuple(struct conntrack *ct, struct dp_packet *pkt,
struct conn **conn,
const struct nat_action_info_t *nat_action_info)
{
- if ((ctx_in->key.dl_type == htons(ETH_TYPE_IP) &&
+ if (!(pkt->md.ct_state & (CS_SRC_NAT | CS_DST_NAT)) ||
+ (ctx_in->key.dl_type == htons(ETH_TYPE_IP) &&
!pkt->md.ct_orig_tuple.ipv4.ipv4_proto) ||
(ctx_in->key.dl_type == htons(ETH_TYPE_IPV6) &&
!pkt->md.ct_orig_tuple.ipv6.ipv6_proto) ||
- !(pkt->md.ct_state & (CS_SRC_NAT | CS_DST_NAT)) ||
nat_action_info) {
return false;
}
@@ -1138,8 +1138,7 @@ process_one(struct conntrack *ct, struct dp_packet *pkt,
handle_nat(pkt, conn, zone, ctx->reply, ctx->icmp_related);
}
- } else if (pkt->md.ct_state
- && check_orig_tuple(ct, pkt, ctx, now, &conn, nat_action_info)) {
+ } else if (check_orig_tuple(ct, pkt, ctx, now, &conn, nat_action_info)) {
create_new_conn = conn_update_state(ct, pkt, ctx, conn, now);
} else {
if (ctx->icmp_related) {
--
2.14.1
Reference in New Issue View Git Blame Copy Permalink