diff options
| author |   Patrick McHardy <kaber@trash.net> | 2010-02-19 18:18:37 +0100 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-02-19 18:18:37 +0100 |
| commit | 9e2dcf72023d1447f09c47d77c99b0c49659e5ce (patch) | |
| tree | 38fdd50b7344f1cc6447a8420df313e74e0ccf7c /net/netfilter | |
| parent | netfilter: nf_queue: fix NF_STOLEN skb leak (diff) | |
| download | linux-dev-9e2dcf72023d1447f09c47d77c99b0c49659e5ce.tar.xz linux-dev-9e2dcf72023d1447f09c47d77c99b0c49659e5ce.zip | |
netfilter: nf_conntrack_reasm: properly handle packets fragmented into a single fragment
When an ICMPV6_PKT_TOOBIG message is received with a MTU below 1280,
all further packets include a fragment header.
Unlike regular defragmentation, conntrack also needs to "reassemble"
those fragments in order to obtain a packet without the fragment
header for connection tracking. Currently nf_conntrack_reasm checks
whether a fragment has either IP6_MF set or an offset != 0, which
makes it ignore those fragments.
Remove the invalid check and make reassembly handle fragment queues
containing only a single fragment.
Reported-and-tested-by: Ulrich Weber <uweber@astaro.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter')
0 files changed, 0 insertions, 0 deletions