summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Olsa <jolsa@redhat.com>2010-09-21 21:17:34 +0000
committerDavid S. Miller <davem@davemloft.net>2010-09-22 13:13:34 -0700
commitcbdd769ab9de26764bde0520a91536caa1587e13 (patch)
tree7a15d114613de0e8e374151628102a76562ebbbd
parentd6120b8afacec587f5feb37781bc751bc5d68a10 (diff)
downloadkernel-common-cbdd769ab9de26764bde0520a91536caa1587e13.tar.gz
kernel-common-cbdd769ab9de26764bde0520a91536caa1587e13.tar.bz2
kernel-common-cbdd769ab9de26764bde0520a91536caa1587e13.zip
netfilter: nf_conntrack_defrag: check socket type before touching nodefrag flag
we need to check proper socket type within ipv4_conntrack_defrag function before referencing the nodefrag flag. For example the tun driver receive path produces skbs with AF_UNSPEC socket type, and so current code is causing unwanted fragmented packets going out. Signed-off-by: Jiri Olsa <jolsa@redhat.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/netfilter/nf_defrag_ipv4.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c
index eab8de32f200..f3a9b42b16c6 100644
--- a/net/ipv4/netfilter/nf_defrag_ipv4.c
+++ b/net/ipv4/netfilter/nf_defrag_ipv4.c
@@ -66,9 +66,11 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
+ struct sock *sk = skb->sk;
struct inet_sock *inet = inet_sk(skb->sk);
- if (inet && inet->nodefrag)
+ if (sk && (sk->sk_family == PF_INET) &&
+ inet->nodefrag)
return NF_ACCEPT;
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)