diff options
| author | David S. Miller | 2018-08-06 02:16:46 +0200 |
|---|---|---|
| committer | David S. Miller | 2018-08-06 02:16:46 +0200 |
| commit | c30f1fc041b74ecdb072dd44f858750414b8b19f (patch) | |
| tree | 4ecb0bb64c8baa58162b3f03046c0643a140ece0 /net/ipv6/netfilter/nf_conntrack_reasm.c | |
| parent | net/tls: Mark the end in scatterlist table (diff) | |
| parent | ip: use rb trees for IP frag queue. (diff) | |
| download | kernel-qcow2-linux-c30f1fc041b74ecdb072dd44f858750414b8b19f.tar.gz kernel-qcow2-linux-c30f1fc041b74ecdb072dd44f858750414b8b19f.tar.xz kernel-qcow2-linux-c30f1fc041b74ecdb072dd44f858750414b8b19f.zip | |
Merge branch 'ip-Use-rb-trees-for-IP-frag-queue'
Peter Oskolkov says:
====================
ip: Use rb trees for IP frag queue.
This patchset
* changes IPv4 defrag behavior to match that of IPv6: overlapping
fragments now cause the whole IP datagram to be discarded (suggested
by David Miller): there are no legitimate use cases for overlapping
fragments;
* changes IPv4 defrag queue from a list to a rb tree (suggested
by Eric Dumazet): this change removes a potential attach vector.
Upcoming patches will contain similar changes for IPv6 frag queue,
as well as a comprehensive IP defrag self-test (temporarily delayed).
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/netfilter/nf_conntrack_reasm.c')
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_reasm.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index 0610bdab721c..38d69ef516d5 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c @@ -463,6 +463,7 @@ nf_ct_frag6_reasm(struct frag_queue *fq, struct sk_buff *prev, struct net_devic head->csum); fq->q.fragments = NULL; + fq->q.rb_fragments = RB_ROOT; fq->q.fragments_tail = NULL; return true; |