Patch "netfilter: nf_ct_reasm: fix conntrack reassembly expire code" has been added to the 3.7-stable tree

Fri, 01 Feb 2013 02:25:05 -0800 

This is a note to let you know that I've just added the patch titled

    netfilter: nf_ct_reasm: fix conntrack reassembly expire code

to the 3.7-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     netfilter-nf_ct_reasm-fix-conntrack-reassembly-expire-code.patch
and it can be found in the queue-3.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.


>From 97cf00e93cc24898493e7a058105e3215257ee04 Mon Sep 17 00:00:00 2001
From: Haibo Xi <[email protected]>
Date: Thu, 6 Dec 2012 23:42:17 +0000
Subject: netfilter: nf_ct_reasm: fix conntrack reassembly expire code

From: Haibo Xi <[email protected]>

commit 97cf00e93cc24898493e7a058105e3215257ee04 upstream.

Commit b836c99fd6c9 (ipv6: unify conntrack reassembly expire
code with standard one) use the standard IPv6 reassembly
code(ip6_expire_frag_queue) to handle conntrack reassembly expire.

In ip6_expire_frag_queue, it invoke dev_get_by_index_rcu to get
which device received this expired packet.so we must save ifindex
when NF_conntrack get this packet.

With this patch applied, I can see ICMP Time Exceeded sent
from the receiver when the sender sent out 1/2 fragmented
IPv6 packet.

Signed-off-by: Haibo Xi <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
 net/ipv6/netfilter/nf_conntrack_reasm.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -311,7 +311,10 @@ found:
        else
                fq->q.fragments = skb;
 
-       skb->dev = NULL;
+       if (skb->dev) {
+               fq->iif = skb->dev->ifindex;
+               skb->dev = NULL;
+       }
        fq->q.stamp = skb->tstamp;
        fq->q.meat += skb->len;
        if (payload_len > fq->q.max_size)


Patches currently in stable-queue which might be from [email protected] are

queue-3.7/netfilter-nf_ct_reasm-fix-conntrack-reassembly-expire-code.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to