dect/linux-2.6
Archived
14
0
Fork 0
Code Releases Activity

[NETFILTER]: nf_conntrack_ipv4: fix "Frag of proto ..." messages

Browse source 
Since we're now using a generic tuple decoding function in ICMP
connection tracking, ipv4_get_l4proto() might get called with a
fragmented packet from within an ICMP error. Remove the error
message we used to print when this happens.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy 2007-09-11 11:27:01 +02:00 committed by David S. Miller
parent 66eb50d5c9
commit 0fb9670137
1 changed files with 3 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
View file

@ -87,14 +87,10 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
if (iph == NULL)
return -NF_DROP;
/* Never happen */
if (iph->frag_off & htons(IP_OFFSET)) {
if (net_ratelimit()) {
printk(KERN_ERR "ipv4_get_l4proto: Frag of proto %u\n",
iph->protocol);
}
/* Conntrack defragments packets, we might still see fragments
* inside ICMP packets though. */
if (iph->frag_off & htons(IP_OFFSET))
return -NF_DROP;
}
*dataoff = nhoff + (iph->ihl << 2);
*protonum = iph->protocol;