Commit cbdd769a authored Sep 21, 2010 by Jiri Olsa Committed by David S. Miller Sep 22, 2010

netfilter: nf_conntrack_defrag: check socket type before touching nodefrag flag



we need to check proper socket type within ipv4_conntrack_defrag
function before referencing the nodefrag flag.

For example the tun driver receive path produces skbs with
AF_UNSPEC socket type, and so current code is causing unwanted
fragmented packets going out.

Signed-off-by: Jiri Olsa <jolsa@redhat.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent d6120b8a

net/ipv4/netfilter/nf_defrag_ipv4.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -66,9 +66,11 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
		const struct net_device *out,
		int (okfn)(struct sk_buff ))
		{
		struct sock *sk = skb->sk;
		struct inet_sock *inet = inet_sk(skb->sk);

		if (inet && inet->nodefrag)
		if (sk && (sk->sk_family == PF_INET) &&
		inet->nodefrag)
		return NF_ACCEPT;

		#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)