diff options
| -rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index d9b5177989c6..53cb1772f38f 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
| @@ -87,14 +87,10 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff, | |||
| 87 | if (iph == NULL) | 87 | if (iph == NULL) |
| 88 | return -NF_DROP; | 88 | return -NF_DROP; |
| 89 | 89 | ||
| 90 | /* Never happen */ | 90 | /* Conntrack defragments packets, we might still see fragments |
| 91 | if (iph->frag_off & htons(IP_OFFSET)) { | 91 | * inside ICMP packets though. */ |
| 92 | if (net_ratelimit()) { | 92 | if (iph->frag_off & htons(IP_OFFSET)) |
| 93 | printk(KERN_ERR "ipv4_get_l4proto: Frag of proto %u\n", | ||
| 94 | iph->protocol); | ||
| 95 | } | ||
| 96 | return -NF_DROP; | 93 | return -NF_DROP; |
| 97 | } | ||
| 98 | 94 | ||
| 99 | *dataoff = nhoff + (iph->ihl << 2); | 95 | *dataoff = nhoff + (iph->ihl << 2); |
| 100 | *protonum = iph->protocol; | 96 | *protonum = iph->protocol; |