netfilter: nf_ct_reasm: fix conntrack reassembly expire code

commit 97cf00e93cc24898493e7a058105e3215257ee04 upstream. Commit b836c99fd6c9 (ipv6: unify conntrack reassembly expire code with standard one) use the standard IPv6 reassembly code(ip6_expire_frag_queue) to handle conntrack reassembly expire. In ip6_expire_frag_queue, it invoke dev_get_by_index_rcu to get which device received this expired packet.so we must save ifindex when NF_conntrack get this packet. With this patch applied, I can see ICMP Time Exceeded sent from the receiver when the sender sent out 1/2 fragmented IPv6 packet. Signed-off-by: Haibo Xi <haibbo@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Haibo Xi <haibbo@gmail.com> 2012-12-06 23:42:17 +0000
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2013-02-03 18:27:06 -0600
commit: 950d73bf1b0da05186948457cdc4b957d5dbdc7c (patch)
tree: a754f88bbd125b86f4a78ee2f868043cbed137f3 /net
parent: 93beec7f7bba67a025f4038ebfadaa8d14c9042e (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 22c8ea951185..3dacecc99065 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -311,7 +311,10 @@ found:
 	else
 		fq->q.fragments = skb;
 
-	skb->dev = NULL;
+	if (skb->dev) {
+		fq->iif = skb->dev->ifindex;
+		skb->dev = NULL;
+	}
 	fq->q.stamp = skb->tstamp;
 	fq->q.meat += skb->len;
 	if (payload_len > fq->q.max_size)
author	Haibo Xi <haibbo@gmail.com>	2012-12-06 23:42:17 +0000
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2013-02-03 18:27:06 -0600
commit	950d73bf1b0da05186948457cdc4b957d5dbdc7c (patch)
tree	a754f88bbd125b86f4a78ee2f868043cbed137f3 /net
parent	93beec7f7bba67a025f4038ebfadaa8d14c9042e (diff)