IPv6 connection track and IPv6 stack separately use a different queue to
manage received fragments. The former uses nf_ct_frag6_queue structure,
the latter uses frag_queue structure.
When creating new queue for IPv6 connection track, ip6_frag_init()
that belongs to IPv6 stack is called to initial nf_ct_frag6_queue structure.
This broken the saddr&daddr member in nf_ct_frag6_queue, and then hash value
generated by nf_hashfn() is not equal with that generated by fq_find().
So, a new received fragment can't be inserted to right queue.
The patch fixes the bug with protocol-related initialization routine.
The patch-set have been tested.
Signed-off-by: Shan Wei <shanwei@xxxxxxxxxxxxxx>
---
include/net/ipv6.h | 1 -
net/ipv6/netfilter/nf_conntrack_reasm.c | 13 ++++++++++++-
net/ipv6/reassembly.c | 3 +--
3 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index cbd768b..a7112da 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -364,7 +364,6 @@ struct ip6_create_arg {
struct in6_addr *dst;
};
-void ip6_frag_init(struct inet_frag_queue *q, void *a);
static inline int ipv6_addr_any(const struct in6_addr *a)
{
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 66b6161..4a61d14 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -146,6 +146,17 @@ static void nf_ct_frag6_evictor(void)
local_bh_enable();
}
+static void nf_ct_queue_init(struct inet_frag_queue *q, void *a)
+{
+ struct nf_ct_frag6_queue *fq;
+ struct ip6_create_arg *arg = a;
+
+ fq = container_of(q, struct nf_ct_frag6_queue, q);
+ fq->id = arg->id;
+ ipv6_addr_copy(&fq->saddr, arg->src);
+ ipv6_addr_copy(&fq->daddr, arg->dst);
+}
+
static int nf_ct_frag_match(struct inet_frag_queue *q, void *a)
{
struct nf_ct_frag6_queue *fq;
@@ -672,7 +683,7 @@ void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb,
int nf_ct_frag6_init(void)
{
nf_frags.hashfn = nf_hashfn;
- nf_frags.constructor = ip6_frag_init;
+ nf_frags.constructor = nf_ct_frag_init;
nf_frags.destructor = NULL;
nf_frags.skb_free = nf_skb_free;
nf_frags.qsize = sizeof(struct nf_ct_frag6_queue);
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 2fa4355..9f9b6a2 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -157,7 +157,7 @@ static inline void frag_kfree_skb(struct netns_frags *nf,
kfree_skb(skb);
}
-void ip6_frag_init(struct inet_frag_queue *q, void *a)
+static void ip6_frag_init(struct inet_frag_queue *q, void *a)
{
struct frag_queue *fq = container_of(q, struct frag_queue, q);
struct ip6_create_arg *arg = a;
@@ -167,7 +167,6 @@ void ip6_frag_init(struct inet_frag_queue *q, void *a)
ipv6_addr_copy(&fq->saddr, arg->src);
ipv6_addr_copy(&fq->daddr, arg->dst);
}
-EXPORT_SYMBOL(ip6_frag_init);
/* Destruction primitives. */
--
1.6.3.3
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
