diff options
| author | Jiri Olsa <jolsa@redhat.com> | 2010-09-21 17:17:34 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2010-09-22 16:13:34 -0400 |
| commit | cbdd769ab9de26764bde0520a91536caa1587e13 (patch) | |
| tree | 7a15d114613de0e8e374151628102a76562ebbbd /net | |
| parent | d6120b8afacec587f5feb37781bc751bc5d68a10 (diff) | |
netfilter: nf_conntrack_defrag: check socket type before touching nodefrag flag
we need to check proper socket type within ipv4_conntrack_defrag
function before referencing the nodefrag flag.
For example the tun driver receive path produces skbs with
AF_UNSPEC socket type, and so current code is causing unwanted
fragmented packets going out.
Signed-off-by: Jiri Olsa <jolsa@redhat.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/netfilter/nf_defrag_ipv4.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c index eab8de32f200..f3a9b42b16c6 100644 --- a/net/ipv4/netfilter/nf_defrag_ipv4.c +++ b/net/ipv4/netfilter/nf_defrag_ipv4.c | |||
| @@ -66,9 +66,11 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum, | |||
| 66 | const struct net_device *out, | 66 | const struct net_device *out, |
| 67 | int (*okfn)(struct sk_buff *)) | 67 | int (*okfn)(struct sk_buff *)) |
| 68 | { | 68 | { |
| 69 | struct sock *sk = skb->sk; | ||
| 69 | struct inet_sock *inet = inet_sk(skb->sk); | 70 | struct inet_sock *inet = inet_sk(skb->sk); |
| 70 | 71 | ||
| 71 | if (inet && inet->nodefrag) | 72 | if (sk && (sk->sk_family == PF_INET) && |
| 73 | inet->nodefrag) | ||
| 72 | return NF_ACCEPT; | 74 | return NF_ACCEPT; |
| 73 | 75 | ||
| 74 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | 76 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) |