iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2b60af0178
linux/net/ipv6/netfilter
History
Patrick McHardy 2b60af0178 netfilter: nf_conntrack_ipv6: fix tracking of ICMPv6 error messages containing fragments 
ICMPv6 error messages are tracked by extracting the conntrack tuple of
the inner packet and looking up the corresponding conntrack entry. Tuple
extraction uses the ->get_l4proto() callback, which in case of fragments
returns NEXTHDR_FRAGMENT instead of the upper protocol, even for the
first fragment when the entire next header is present, resulting in a
failure to find the correct connection tracking entry.

This patch changes ipv6_get_l4proto() to use ipv6_skip_exthdr() instead
of nf_ct_ipv6_skip_exthdr() in order to skip fragment headers when the
fragment offset is zero.

Signed-off-by: Patrick McHardy <kaber@trash.net>
2012-08-30 03:00:11 +02:00
..
ip6_tables.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
ip6t_ah.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6t_eui64.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_frag.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6t_hbh.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6t_ipv6header.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ip6t_mh.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_REJECT.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
ip6t_rpfilter.c netfilter: add ipv6 reverse path filter match 2011-12-13 11:34:43 +01:00
ip6t_rt.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6table_filter.c netfilter: PTR_RET can be used 2012-08-14 02:31:47 +02:00
ip6table_mangle.c netfilter: PTR_RET can be used 2012-08-14 02:31:47 +02:00
ip6table_raw.c netfilter: PTR_RET can be used 2012-08-14 02:31:47 +02:00
ip6table_security.c netfilter: PTR_RET can be used 2012-08-14 02:31:47 +02:00
Kconfig netfilter: remove ip_queue support 2012-05-08 20:25:42 +02:00
Makefile netfilter: remove ip_queue support 2012-05-08 20:25:42 +02:00
nf_conntrack_l3proto_ipv6.c netfilter: nf_conntrack_ipv6: fix tracking of ICMPv6 error messages containing fragments 2012-08-30 03:00:11 +02:00
nf_conntrack_proto_icmpv6.c netfilter: nf_conntrack: generalize nf_ct_l4proto_net 2012-07-04 19:37:22 +02:00
nf_conntrack_reasm.c netfilter: nf_conntrack_ipv6: improve fragmentation handling 2012-08-30 03:00:10 +02:00
nf_defrag_ipv6_hooks.c Fix common misspellings 2011-03-31 11:26:23 -03:00