On Tue, Nov 29, 2016 at 02:17:34AM +0100, Florian Westphal wrote: > Dmitry Vyukov reported GPF in network stack that Andrey traced down to > negative nh offset in nf_ct_frag6_queue(). > > Problem is that all network headers before fragment header are pulled. > Normal ipv6 reassembly will drop the skb when errors occur further down > the line. > > netfilter doesn't do this, and instead passed the original fragment > along. That was also fine back when netfilter ipv6 defrag worked with > cloned fragments, as the original, pristine fragment was passed on. > > So we either have to undo the pull op, or discard such fragments. > Since they're malformed after all (e.g. overlapping fragment) it seems > preferrable to just drop them. > > Same for temporary errors -- it doesn't make sense to accept (and > perhaps forward!) only some fragments of same datagram. Applied, thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
