netfilter: nf_ct_reasm: fix conntrack reassembly expire code
Commit b836c99fd6 (ipv6: unify conntrack reassembly expire
code with standard one) use the standard IPv6 reassembly
code(ip6_expire_frag_queue) to handle conntrack reassembly expire.
In ip6_expire_frag_queue, it invoke dev_get_by_index_rcu to get
which device received this expired packet.so we must save ifindex
when NF_conntrack get this packet.
With this patch applied, I can see ICMP Time Exceeded sent
from the receiver when the sender sent out 1/2 fragmented
IPv6 packet.
Signed-off-by: Haibo Xi <haibbo@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Haibo Xi
Pablo Neira Ayuso
Родитель
d7a769ff0e
Коммит
97cf00e93c
|
|
@ -311,7 +311,10 @@ found:
|
|||
else
|
||||
fq->q.fragments = skb;
|
||||
|
||||
skb->dev = NULL;
|
||||
if (skb->dev) {
|
||||
fq->iif = skb->dev->ifindex;
|
||||
skb->dev = NULL;
|
||||
}
|
||||
fq->q.stamp = skb->tstamp;
|
||||
fq->q.meat += skb->len;
|
||||
if (payload_len > fq->q.max_size)
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче