luck/tmp_suning_uos_patched
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ipv4: fix "conntrack zones" support for defrag user check in ip_expire

Browse Source 
Defrag user check in ip_expire was not updated after adding support for
"conntrack zones".

This bug manifests as a RFC violation, since the router will send
the icmp time exceeeded message when using conntrack zones.

Signed-off-by: Vasily Averin <vvs@openvz.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Vasily Averin 2014-05-03 03:14:04 +04:00 committed by Pablo Neira Ayuso
parent ecd15dd7e4
commit 7c3d5ab1f3
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
net/ipv4/ip_fragment.c
View File

@ -232,8 +232,9 @@ static void ip_expire(unsigned long arg)
* "Fragment Reassembly Timeout" message, per RFC792.
*/
if (qp->user == IP_DEFRAG_AF_PACKET ||
(qp->user == IP_DEFRAG_CONNTRACK_IN &&
skb_rtable(head)->rt_type != RTN_LOCAL))
((qp->user >= IP_DEFRAG_CONNTRACK_IN) &&
(qp->user <= __IP_DEFRAG_CONNTRACK_IN_END) &&
(skb_rtable(head)->rt_type != RTN_LOCAL)))
goto out_rcu_unlock;