openkylin
/
platform_kernel-5.15
mirror of https://gitee.com/openkylin/platform_kernel-5.15.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

netfilter: nf_conntrack_defrag: check socket type before touching nodefrag flag 

we need to check proper socket type within ipv4_conntrack_defrag
function before referencing the nodefrag flag.

For example the tun driver receive path produces skbs with
AF_UNSPEC socket type, and so current code is causing unwanted
fragmented packets going out.

Signed-off-by: Jiri Olsa <jolsa@redhat.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Jiri Olsa 2010-09-21 21:17:34 +00:00 committed by David S. Miller
parent d6120b8afa
commit cbdd769ab9
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
net/ipv4/netfilter/nf_defrag_ipv4.c
View File

@ -66,9 +66,11 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
const struct net_device *out, const struct net_device *out,
int (*okfn)(struct sk_buff *)) int (*okfn)(struct sk_buff *))
{ {
struct sock *sk = skb->sk;
struct inet_sock *inet = inet_sk(skb->sk); struct inet_sock *inet = inet_sk(skb->sk);
if (inet && inet->nodefrag) if (sk && (sk->sk_family == PF_INET) &&
inet->nodefrag)
return NF_ACCEPT; return NF_ACCEPT;
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)