diff options
author | Eric Dumazet <edumazet@google.com> | 2015-11-05 20:34:06 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-11-05 20:36:09 +0100 |
commit | f668f5f7e0861087ef9d64d473a9c1399fc25471 (patch) | |
tree | 1c8d2a2a9ac34b6b5340a1d102288c7f1aa33e22 /net | |
parent | tcp: fix req->saved_syn race (diff) | |
download | linux-f668f5f7e0861087ef9d64d473a9c1399fc25471.tar.xz linux-f668f5f7e0861087ef9d64d473a9c1399fc25471.zip |
ipv4: use sk_fullsock() in ipv4_conntrack_defrag()
Before converting a 'socket pointer' into inet socket,
use sk_fullsock() to detect timewait or request sockets.
Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of listener")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/netfilter/nf_defrag_ipv4.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c index 0e5591c2ee9f..6fb869f646bf 100644 --- a/net/ipv4/netfilter/nf_defrag_ipv4.c +++ b/net/ipv4/netfilter/nf_defrag_ipv4.c @@ -67,10 +67,9 @@ static unsigned int ipv4_conntrack_defrag(void *priv, const struct nf_hook_state *state) { struct sock *sk = skb->sk; - struct inet_sock *inet = inet_sk(skb->sk); - if (sk && (sk->sk_family == PF_INET) && - inet->nodefrag) + if (sk && sk_fullsock(sk) && (sk->sk_family == PF_INET) && + inet_sk(sk)->nodefrag) return NF_ACCEPT; #if IS_ENABLED(CONFIG_NF_CONNTRACK) |