From: pablo@netfilter.org
To: stable@vger.kernel.org
Cc: davem@davemloft.net, netfilter-devel@vger.kernel.org
Subject: [stable-3.7 02/14] netfilter: nf_ct_reasm: fix conntrack reassembly expire code
Date: Mon, 28 Jan 2013 20:31:21 +0100 [thread overview]
Message-ID: <1359401493-6196-3-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1359401493-6196-1-git-send-email-pablo@netfilter.org>
From: Haibo Xi <haibbo@gmail.com>
Commit b836c99fd6c9 (ipv6: unify conntrack reassembly expire
code with standard one) use the standard IPv6 reassembly
code(ip6_expire_frag_queue) to handle conntrack reassembly expire.
In ip6_expire_frag_queue, it invoke dev_get_by_index_rcu to get
which device received this expired packet.so we must save ifindex
when NF_conntrack get this packet.
With this patch applied, I can see ICMP Time Exceeded sent
from the receiver when the sender sent out 1/2 fragmented
IPv6 packet.
Signed-off-by: Haibo Xi <haibbo@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/ipv6/netfilter/nf_conntrack_reasm.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 22c8ea9..3dacecc 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -311,7 +311,10 @@ found:
else
fq->q.fragments = skb;
- skb->dev = NULL;
+ if (skb->dev) {
+ fq->iif = skb->dev->ifindex;
+ skb->dev = NULL;
+ }
fq->q.stamp = skb->tstamp;
fq->q.meat += skb->len;
if (payload_len > fq->q.max_size)
--
1.7.10.4
next prev parent reply other threads:[~2013-01-28 19:31 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-28 19:31 [stable-3.7 00/14] netfilter stable fixes for 3.7 pablo
2013-01-28 19:31 ` [stable-3.7 01/14] netfilter: ip[6]t_REJECT: fix wrong transport header pointer in TCP reset pablo
2013-01-28 19:31 ` pablo [this message]
2013-01-28 19:31 ` [stable-3.7 03/14] netfilter: nfnetlink_log: fix mac address for 6in4 tunnels pablo
2013-01-28 19:31 ` [stable-3.7 04/14] netfilter: nfnetlink_log: fix possible compilation issue due to missing include pablo
2013-01-28 19:31 ` [stable-3.7 05/14] netfilter: xt_CT: recover NOTRACK target support pablo
2013-01-28 19:31 ` [stable-3.7 06/14] netfilter: fix missing dependencies for the NOTRACK target pablo
2013-01-28 19:31 ` [stable-3.7 07/14] netfilter: xt_recent: fix namespace destroy path pablo
2013-01-28 19:31 ` [stable-3.7 08/14] netfilter: xt_recent: avoid high order page allocations pablo
2013-01-28 19:31 ` [stable-3.7 09/14] netfilter: xt_hashlimit: fix namespace destroy path pablo
2013-01-28 19:31 ` [stable-3.7 10/14] netfilter: xt_hashlimit: fix race that results in duplicated entries pablo
2013-01-28 19:31 ` [stable-3.7 11/14] netfilter: xt_CT: fix unset return value if conntrack zone are disabled pablo
2013-01-28 19:31 ` [stable-3.7 12/14] netfilter: nf_conntrack: fix BUG_ON while removing nf_conntrack with netns pablo
2013-01-28 19:31 ` [stable-3.7 13/14] netfilter: x_tables: print correct hook names for ARP pablo
2013-01-28 19:31 ` [stable-3.7 14/14] netfilter: ctnetlink: fix leak in error path of ctnetlink_create_expect pablo
2013-01-28 20:52 ` [stable-3.7 00/14] netfilter stable fixes for 3.7 David Miller
2013-02-01 12:34 ` Greg KH
2013-02-01 16:25 ` Pablo Neira Ayuso
2013-02-01 16:39 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1359401493-6196-3-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).