Bug#254645: fix?
tag 254645 +pending +patch
quit
On Sun, Oct 24, 2004 at 09:55:08PM -0400, Clint Adams wrote:
>
> I hope that
>
> net/ipv4/netfilter/ip_conntrack_core.c@1.68
>
> fixes the problem; I have not tested it.
For the record, a backport of this patch has been put into SVN.
Feedback is welcome.
--
Horms
#! /bin/sh -e
## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Description: check for already tracked/untracked before fragment check
## DP: Patch author: kaber@coreworks.de
## DP: Upstream status: backport from 2.6.9
. $(dirname $0)/DPATCH
@DPATCH@
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/09/28 20:34:58-07:00 kaber@coreworks.de
# [NETFILTER]: move check for already tracked/untracked before fragment check
#
# Signed-off-by: Patrick McHardy <kaber@trash.net>
# Signed-off-by: David S. Miller <davem@davemloft.net>
#
# net/ipv4/netfilter/ip_conntrack_core.c
# 2004/09/28 20:34:27-07:00 kaber@coreworks.de +6 -6
# [NETFILTER]: move check for already tracked/untracked before fragment check
#
# Signed-off-by: Patrick McHardy <kaber@trash.net>
# Signed-off-by: David S. Miller <davem@davemloft.net>
#
# Ported to 2.6.8 for Debian by Horms
#
--- a/net/ipv4/netfilter/ip_conntrack_core.c 2004-10-25 12:50:52.000000000 +0900
+++ b/net/ipv4/netfilter/ip_conntrack_core.c 2004-10-25 12:51:10.000000000 +0900
@@ -795,6 +795,10 @@
int set_reply;
int ret;
+ /* Previously seen (loopback or untracked)? Ignore. */
+ if ((*pskb)->nfct)
+ return NF_ACCEPT;
+
/* Never happen */
if ((*pskb)->nh.iph->frag_off & htons(IP_OFFSET)) {
if (net_ratelimit()) {
@@ -822,10 +826,6 @@
}
#endif
- /* Previously seen (loopback or untracked)? Ignore. */
- if ((*pskb)->nfct)
- return NF_ACCEPT;
-
proto = ip_ct_find_proto((*pskb)->nh.iph->protocol);
/* It may be an icmp error... */
Reply to: