On 12/28/24 04:42, Levente Csikor via discuss wrote: > Hi Santiago, > > I am on vacation with limited access to my emails, but you can find the > CoNEXT and relevant papers/presentations on my website between years 2018 and > 2020. > > https://cslev.vip/publications/?tgid=12&yr=&type=&usr=&auth=#tppubs > > Use the Links label to get the download links to the materials themselves. > > AFAIK, there is no official remedy to this as the root cause stems from the > algorithm itself. However, "third-party solutions" (that might have other > side-effects), such as changing the expiration time for Megaflow cache > entries, or monitoring the datapath and removing certain entries accordingly, > or trying to optimize your flow rules can be an approach as a remedy.
FWIW, the datapath implementation have changed noticeably in the past few years as well. E.g. new caching strategies were introduced in the Linux kernel datapath since then. So, while the issue stems from the algorithm, original findings may also need a re-evalation of the impact. Best regards, Ilya Maximets. > > Cheers, > levi > > On Fri, 2024-12-20 at 14:39 -0300, Santiago Ruano Rincón via discuss wrote: >> Dear Open vSwitch developers, >> >> Reviewing some open issues in Debian I found openvswitch's CVE-2019-25076: >> https://security-tracker.debian.org/tracker/CVE-2019-25076 >> <https://security-tracker.debian.org/tracker/CVE-2019-25076>. >> Probably my search skills are not good today, but I have been unable to >> find any information about the status of this issue upstream. >> >> Unfortunately, I don't have access to the paper published at CoNEXT '19 >> / ACM, so I am probably missing some details. I understand though that >> the attack surface of this issue is quite limited, and its severity is >> not important. >> Under the risk of making a dumb question, may I ask you if there is a >> plan to fix/mitigate this? >> >> Best regards, >> >> -- Santiago >> _______________________________________________ >> discuss mailing list >> disc...@openvswitch.org <mailto:disc...@openvswitch.org> >> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss >> <https://mail.openvswitch.org/mailman/listinfo/ovs-discuss> > > _______________________________________________ > discuss mailing list > disc...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
