diff options
author | Patrick McHardy <kaber@trash.net> | 2009-12-15 16:59:18 +0100 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2009-12-15 16:59:18 +0100 |
commit | 0b5ccb2ee250136dd7385b1c7da28417d0d4d32d (patch) | |
tree | b0630141672471d5c800867cd8dbee425308bc73 /include/net | |
parent | 9abfe315de96aa5c9878b2f627542bc54901c6e9 (diff) | |
download | kernel-crypto-0b5ccb2ee250136dd7385b1c7da28417d0d4d32d.tar.gz kernel-crypto-0b5ccb2ee250136dd7385b1c7da28417d0d4d32d.tar.xz kernel-crypto-0b5ccb2ee250136dd7385b1c7da28417d0d4d32d.zip |
ipv6: reassembly: use seperate reassembly queues for conntrack and local delivery
Currently the same reassembly queue might be used for packets reassembled
by conntrack in different positions in the stack (PREROUTING/LOCAL_OUT),
as well as local delivery. This can cause "packet jumps" when the fragment
completing a reassembled packet is queued from a different position in the
stack than the previous ones.
Add a "user" identifier to the reassembly queue key to seperate the queues
of each caller, similar to what we do for IPv4.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/ipv6.h | 7 | ||||
-rw-r--r-- | include/net/netfilter/ipv6/nf_conntrack_ipv6.h | 2 |
2 files changed, 8 insertions, 1 deletions
diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 92db8617d18..d6916035bce 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -350,8 +350,15 @@ static inline int ipv6_prefix_equal(const struct in6_addr *a1, struct inet_frag_queue; +enum ip6_defrag_users { + IP6_DEFRAG_LOCAL_DELIVER, + IP6_DEFRAG_CONNTRACK_IN, + IP6_DEFRAG_CONNTRACK_OUT, +}; + struct ip6_create_arg { __be32 id; + u32 user; struct in6_addr *src; struct in6_addr *dst; }; diff --git a/include/net/netfilter/ipv6/nf_conntrack_ipv6.h b/include/net/netfilter/ipv6/nf_conntrack_ipv6.h index abc55ad75c2..1ee717eb5b0 100644 --- a/include/net/netfilter/ipv6/nf_conntrack_ipv6.h +++ b/include/net/netfilter/ipv6/nf_conntrack_ipv6.h @@ -9,7 +9,7 @@ extern struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6; extern int nf_ct_frag6_init(void); extern void nf_ct_frag6_cleanup(void); -extern struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb); +extern struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb, u32 user); extern void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb, struct net_device *in, struct net_device *out, |