From: Shan Wei <shanwei@xxxxxxxxxxxxxx>
Date: Tue, 26 Jan 2010 10:31:10 +0800
> IPv6 connection track and IPv6 stack separately use a different queue to
> manage received fragments. The former uses nf_ct_frag6_queue structure,
> the latter uses frag_queue structure.
>
> When creating new queue for IPv6 connection track, ip6_frag_init()
> that belongs to IPv6 stack is called to initial nf_ct_frag6_queue structure.
> This broken the saddr&daddr member in nf_ct_frag6_queue, and then hash value
> generated by nf_hashfn() is not equal with that generated by fq_find().
> So, a new received fragment can't be inserted to right queue.
>
> The patch fixes the bug with protocol-related initialization routine.
> The patch-set have been tested.
>
> Signed-off-by: Shan Wei <shanwei@xxxxxxxxxxxxxx>
This breakage was recently introduced by:
commit 0b5ccb2ee250136dd7385b1c7da28417d0d4d32d
Author: Patrick McHardy <kaber@xxxxxxxxx>
Date: Tue Dec 15 16:59:18 2009 +0100
ipv6: reassembly: use seperate reassembly queues for conntrack and local delivery
Currently the same reassembly queue might be used for packets reassembled
by conntrack in different positions in the stack (PREROUTING/LOCAL_OUT),
as well as local delivery. This can cause "packet jumps" when the fragment
completing a reassembled packet is queued from a different position in the
stack than the previous ones.
Add a "user" identifier to the reassembly queue key to seperate the queues
of each caller, similar to what we do for IPv4.
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
