[NETFILTER]: nf_conntrack_ipv4: fix "Frag of proto ..." messages (0fb96701) · Commits · e / devices / android_kernel_xiaomi_markw

Since we're now using a generic tuple decoding function in ICMP connection tracking, ipv4_get_l4proto() might get called with a fragmented packet from within an ICMP error. Remove the error message we used to print when this happens. Signed-off-by:

Patrick McHardy <kaber@trash.net> Signed-off-by:

David S. Miller <davem@davemloft.net>

net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c

+3 −7

Original line number	Diff line number	Diff line
		@@ -87,14 +87,10 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
		if (iph == NULL)
		return -NF_DROP;

		/* Never happen */
		if (iph->frag_off & htons(IP_OFFSET)) {
		if (net_ratelimit()) {
		printk(KERN_ERR "ipv4_get_l4proto: Frag of proto %u\n",
		iph->protocol);
		}
		/* Conntrack defragments packets, we might still see fragments
		* inside ICMP packets though. */
		if (iph->frag_off & htons(IP_OFFSET))
		return -NF_DROP;
		}

		*dataoff = nhoff + (iph->ihl << 2);
		*protonum = iph->protocol;