netfilter: nf_ct_reasm: fix conntrack reassembly expire code

commit 97cf00e93cc24898493e7a058105e3215257ee04 upstream.

Commit b836c99fd6c9 (ipv6: unify conntrack reassembly expire
code with standard one) use the standard IPv6 reassembly
code(ip6_expire_frag_queue) to handle conntrack reassembly expire.

In ip6_expire_frag_queue, it invoke dev_get_by_index_rcu to get
which device received this expired packet.so we must save ifindex
when NF_conntrack get this packet.

With this patch applied, I can see ICMP Time Exceeded sent
from the receiver when the sender sent out 1/2 fragmented
IPv6 packet.

Signed-off-by: Haibo Xi <haibbo@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 22c8ea9511852e963b982ad68ed7066bda262ad2..3dacecc9906597e3f44fa9475dda0afb8f4981c2 100644 (file)
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -311,7 +311,10 @@ found:
        else
                fq->q.fragments = skb;
 
-       skb->dev = NULL;
+       if (skb->dev) {
+               fq->iif = skb->dev->ifindex;
+               skb->dev = NULL;
+       }
        fq->q.stamp = skb->tstamp;
        fq->q.meat += skb->len;
        if (payload_len > fq->q.max_size)