summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVasily Averin <vvs@parallels.com>2014-05-03 03:14:04 +0400
committerPablo Neira Ayuso <pablo@netfilter.org>2014-05-05 16:02:59 +0200
commit7c3d5ab1f35f5475b1a1fbe74143683cfc092d33 (patch)
treeaad2a03121cd3c149702d6d6535d1ac001a61b2a
parentecd15dd7e45f3683fa8142b9f2c015dfaa0c243d (diff)
ipv4: fix "conntrack zones" support for defrag user check in ip_expire
Defrag user check in ip_expire was not updated after adding support for "conntrack zones". This bug manifests as a RFC violation, since the router will send the icmp time exceeeded message when using conntrack zones. Signed-off-by: Vasily Averin <vvs@openvz.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/ipv4/ip_fragment.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index c10a3ce5cbff..ed32313e307c 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -232,8 +232,9 @@ static void ip_expire(unsigned long arg)
* "Fragment Reassembly Timeout" message, per RFC792.
*/
if (qp->user == IP_DEFRAG_AF_PACKET ||
- (qp->user == IP_DEFRAG_CONNTRACK_IN &&
- skb_rtable(head)->rt_type != RTN_LOCAL))
+ ((qp->user >= IP_DEFRAG_CONNTRACK_IN) &&
+ (qp->user <= __IP_DEFRAG_CONNTRACK_IN_END) &&
+ (skb_rtable(head)->rt_type != RTN_LOCAL)))
goto out_rcu_unlock;