diff options
| author | David S. Miller <davem@davemloft.net> | 2018-08-05 17:16:46 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2018-08-05 17:16:46 -0700 |
| commit | c30f1fc041b74ecdb072dd44f858750414b8b19f (patch) | |
| tree | 4ecb0bb64c8baa58162b3f03046c0643a140ece0 /net/ipv6/netfilter | |
| parent | cfb4099fb4c101dad283a163c9525240ef4a1a99 (diff) | |
| parent | fa0f527358bd900ef92f925878ed6bfbd51305cc (diff) | |
| download | linux-c30f1fc041b74ecdb072dd44f858750414b8b19f.tar.bz2 | |
Merge branch 'ip-Use-rb-trees-for-IP-frag-queue'
Peter Oskolkov says:
====================
ip: Use rb trees for IP frag queue.
This patchset
* changes IPv4 defrag behavior to match that of IPv6: overlapping
fragments now cause the whole IP datagram to be discarded (suggested
by David Miller): there are no legitimate use cases for overlapping
fragments;
* changes IPv4 defrag queue from a list to a rb tree (suggested
by Eric Dumazet): this change removes a potential attach vector.
Upcoming patches will contain similar changes for IPv6 frag queue,
as well as a comprehensive IP defrag self-test (temporarily delayed).
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/netfilter')
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_reasm.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index 0610bdab721c..38d69ef516d5 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c @@ -463,6 +463,7 @@ nf_ct_frag6_reasm(struct frag_queue *fq, struct sk_buff *prev, struct net_devic head->csum); fq->q.fragments = NULL; + fq->q.rb_fragments = RB_ROOT; fq->q.fragments_tail = NULL; return true; |