diff options
author | Jiri Olsa <jolsa@redhat.com> | 2010-09-21 21:17:34 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-09-22 13:13:34 -0700 |
commit | cbdd769ab9de26764bde0520a91536caa1587e13 (patch) | |
tree | 7a15d114613de0e8e374151628102a76562ebbbd /net | |
parent | d6120b8afacec587f5feb37781bc751bc5d68a10 (diff) | |
download | lwn-cbdd769ab9de26764bde0520a91536caa1587e13.tar.gz lwn-cbdd769ab9de26764bde0520a91536caa1587e13.zip |
netfilter: nf_conntrack_defrag: check socket type before touching nodefrag flag
we need to check proper socket type within ipv4_conntrack_defrag
function before referencing the nodefrag flag.
For example the tun driver receive path produces skbs with
AF_UNSPEC socket type, and so current code is causing unwanted
fragmented packets going out.
Signed-off-by: Jiri Olsa <jolsa@redhat.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/netfilter/nf_defrag_ipv4.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c index eab8de32f200..f3a9b42b16c6 100644 --- a/net/ipv4/netfilter/nf_defrag_ipv4.c +++ b/net/ipv4/netfilter/nf_defrag_ipv4.c @@ -66,9 +66,11 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum, const struct net_device *out, int (*okfn)(struct sk_buff *)) { + struct sock *sk = skb->sk; struct inet_sock *inet = inet_sk(skb->sk); - if (inet && inet->nodefrag) + if (sk && (sk->sk_family == PF_INET) && + inet->nodefrag) return NF_ACCEPT; #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) |