diff options
| author | Vasily Averin <vvs@parallels.com> | 2014-05-02 19:14:04 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-05-05 10:02:59 -0400 |
| commit | 7c3d5ab1f35f5475b1a1fbe74143683cfc092d33 (patch) | |
| tree | aad2a03121cd3c149702d6d6535d1ac001a61b2a /net/ipv4/ip_fragment.c | |
| parent | ecd15dd7e45f3683fa8142b9f2c015dfaa0c243d (diff) | |
ipv4: fix "conntrack zones" support for defrag user check in ip_expire
Defrag user check in ip_expire was not updated after adding support for
"conntrack zones".
This bug manifests as a RFC violation, since the router will send
the icmp time exceeeded message when using conntrack zones.
Signed-off-by: Vasily Averin <vvs@openvz.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv4/ip_fragment.c')
| -rw-r--r-- | net/ipv4/ip_fragment.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index c10a3ce5cbff..ed32313e307c 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c | |||
| @@ -232,8 +232,9 @@ static void ip_expire(unsigned long arg) | |||
| 232 | * "Fragment Reassembly Timeout" message, per RFC792. | 232 | * "Fragment Reassembly Timeout" message, per RFC792. |
| 233 | */ | 233 | */ |
| 234 | if (qp->user == IP_DEFRAG_AF_PACKET || | 234 | if (qp->user == IP_DEFRAG_AF_PACKET || |
| 235 | (qp->user == IP_DEFRAG_CONNTRACK_IN && | 235 | ((qp->user >= IP_DEFRAG_CONNTRACK_IN) && |
| 236 | skb_rtable(head)->rt_type != RTN_LOCAL)) | 236 | (qp->user <= __IP_DEFRAG_CONNTRACK_IN_END) && |
| 237 | (skb_rtable(head)->rt_type != RTN_LOCAL))) | ||
| 237 | goto out_rcu_unlock; | 238 | goto out_rcu_unlock; |
| 238 | 239 | ||
| 239 | 240 | ||