| Message ID | 4B5E53EE.9010703@cn.fujitsu.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
From: Shan Wei <shanwei@cn.fujitsu.com> Date: Tue, 26 Jan 2010 10:31:10 +0800 > IPv6 connection track and IPv6 stack separately use a different queue to > manage received fragments. The former uses nf_ct_frag6_queue structure, > the latter uses frag_queue structure. > > When creating new queue for IPv6 connection track, ip6_frag_init() > that belongs to IPv6 stack is called to initial nf_ct_frag6_queue structure. > This broken the saddr&daddr member in nf_ct_frag6_queue, and then hash value > generated by nf_hashfn() is not equal with that generated by fq_find(). > So, a new received fragment can't be inserted to right queue. > > The patch fixes the bug with protocol-related initialization routine. > The patch-set have been tested. > > Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com> This breakage was recently introduced by: commit 0b5ccb2ee250136dd7385b1c7da28417d0d4d32d Author: Patrick McHardy <kaber@trash.net> Date: Tue Dec 15 16:59:18 2009 +0100 ipv6: reassembly: use seperate reassembly queues for conntrack and local delivery Currently the same reassembly queue might be used for packets reassembled by conntrack in different positions in the stack (PREROUTING/LOCAL_OUT), as well as local delivery. This can cause "packet jumps" when the fragment completing a reassembled packet is queued from a different position in the stack than the previous ones. Add a "user" identifier to the reassembly queue key to seperate the queues of each caller, similar to what we do for IPv4. Signed-off-by: Patrick McHardy <kaber@trash.net> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Patches looks good to me. But nf_ct_frag_match in the this patch is added by [PATCH 2/2]. Subject mistake ? -- Yasuyuki Kozakai From: Shan Wei <shanwei@cn.fujitsu.com> Date: Tue, 26 Jan 2010 10:31:10 +0800 > > IPv6 connection track and IPv6 stack separately use a different queue to > manage received fragments. The former uses nf_ct_frag6_queue structure, > the latter uses frag_queue structure. > > When creating new queue for IPv6 connection track, ip6_frag_init() > that belongs to IPv6 stack is called to initial nf_ct_frag6_queue structure. > This broken the saddr&daddr member in nf_ct_frag6_queue, and then hash value > generated by nf_hashfn() is not equal with that generated by fq_find(). > So, a new received fragment can't be inserted to right queue. > > The patch fixes the bug with protocol-related initialization routine. > The patch-set have been tested. > > > Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com> > --- > include/net/ipv6.h | 1 - > net/ipv6/netfilter/nf_conntrack_reasm.c | 13 ++++++++++++- > net/ipv6/reassembly.c | 3 +-- > 3 files changed, 13 insertions(+), 4 deletions(-) > > diff --git a/include/net/ipv6.h b/include/net/ipv6.h > index cbd768b..a7112da 100644 > --- a/include/net/ipv6.h > +++ b/include/net/ipv6.h > @@ -364,7 +364,6 @@ struct ip6_create_arg { > struct in6_addr *dst; > }; > > -void ip6_frag_init(struct inet_frag_queue *q, void *a); > > static inline int ipv6_addr_any(const struct in6_addr *a) > { > diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c > index 66b6161..4a61d14 100644 > --- a/net/ipv6/netfilter/nf_conntrack_reasm.c > +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c > @@ -146,6 +146,17 @@ static void nf_ct_frag6_evictor(void) > local_bh_enable(); > } > > +static void nf_ct_queue_init(struct inet_frag_queue *q, void *a) > +{ > + struct nf_ct_frag6_queue *fq; > + struct ip6_create_arg *arg = a; > + > + fq = container_of(q, struct nf_ct_frag6_queue, q); > + fq->id = arg->id; > + ipv6_addr_copy(&fq->saddr, arg->src); > + ipv6_addr_copy(&fq->daddr, arg->dst); > +} > + > static int nf_ct_frag_match(struct inet_frag_queue *q, void *a) > { > struct nf_ct_frag6_queue *fq; > @@ -672,7 +683,7 @@ void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb, > int nf_ct_frag6_init(void) > { > nf_frags.hashfn = nf_hashfn; > - nf_frags.constructor = ip6_frag_init; > + nf_frags.constructor = nf_ct_frag_init; > nf_frags.destructor = NULL; > nf_frags.skb_free = nf_skb_free; > nf_frags.qsize = sizeof(struct nf_ct_frag6_queue); > diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c > index 2fa4355..9f9b6a2 100644 > --- a/net/ipv6/reassembly.c > +++ b/net/ipv6/reassembly.c > @@ -157,7 +157,7 @@ static inline void frag_kfree_skb(struct netns_frags *nf, > kfree_skb(skb); > } > > -void ip6_frag_init(struct inet_frag_queue *q, void *a) > +static void ip6_frag_init(struct inet_frag_queue *q, void *a) > { > struct frag_queue *fq = container_of(q, struct frag_queue, q); > struct ip6_create_arg *arg = a; > @@ -167,7 +167,6 @@ void ip6_frag_init(struct inet_frag_queue *q, void *a) > ipv6_addr_copy(&fq->saddr, arg->src); > ipv6_addr_copy(&fq->daddr, arg->dst); > } > -EXPORT_SYMBOL(ip6_frag_init); > > /* Destruction primitives. */ > > -- > 1.6.3.3 > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/include/net/ipv6.h b/include/net/ipv6.h index cbd768b..a7112da 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -364,7 +364,6 @@ struct ip6_create_arg { struct in6_addr *dst; }; -void ip6_frag_init(struct inet_frag_queue *q, void *a); static inline int ipv6_addr_any(const struct in6_addr *a) { diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index 66b6161..4a61d14 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c @@ -146,6 +146,17 @@ static void nf_ct_frag6_evictor(void) local_bh_enable(); } +static void nf_ct_queue_init(struct inet_frag_queue *q, void *a) +{ + struct nf_ct_frag6_queue *fq; + struct ip6_create_arg *arg = a; + + fq = container_of(q, struct nf_ct_frag6_queue, q); + fq->id = arg->id; + ipv6_addr_copy(&fq->saddr, arg->src); + ipv6_addr_copy(&fq->daddr, arg->dst); +} + static int nf_ct_frag_match(struct inet_frag_queue *q, void *a) { struct nf_ct_frag6_queue *fq; @@ -672,7 +683,7 @@ void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb, int nf_ct_frag6_init(void) { nf_frags.hashfn = nf_hashfn; - nf_frags.constructor = ip6_frag_init; + nf_frags.constructor = nf_ct_frag_init; nf_frags.destructor = NULL; nf_frags.skb_free = nf_skb_free; nf_frags.qsize = sizeof(struct nf_ct_frag6_queue); diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index 2fa4355..9f9b6a2 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c @@ -157,7 +157,7 @@ static inline void frag_kfree_skb(struct netns_frags *nf, kfree_skb(skb); } -void ip6_frag_init(struct inet_frag_queue *q, void *a) +static void ip6_frag_init(struct inet_frag_queue *q, void *a) { struct frag_queue *fq = container_of(q, struct frag_queue, q); struct ip6_create_arg *arg = a; @@ -167,7 +167,6 @@ void ip6_frag_init(struct inet_frag_queue *q, void *a) ipv6_addr_copy(&fq->saddr, arg->src); ipv6_addr_copy(&fq->daddr, arg->dst); } -EXPORT_SYMBOL(ip6_frag_init); /* Destruction primitives. */
IPv6 connection track and IPv6 stack separately use a different queue to manage received fragments. The former uses nf_ct_frag6_queue structure, the latter uses frag_queue structure. When creating new queue for IPv6 connection track, ip6_frag_init() that belongs to IPv6 stack is called to initial nf_ct_frag6_queue structure. This broken the saddr&daddr member in nf_ct_frag6_queue, and then hash value generated by nf_hashfn() is not equal with that generated by fq_find(). So, a new received fragment can't be inserted to right queue. The patch fixes the bug with protocol-related initialization routine. The patch-set have been tested. Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com> --- include/net/ipv6.h | 1 - net/ipv6/netfilter/nf_conntrack_reasm.c | 13 ++++++++++++- net/ipv6/reassembly.c | 3 +-- 3 files changed, 13 insertions(+), 4 deletions(-)