diff options
author | David Woodhouse <dwmw2@infradead.org> | 2007-10-13 13:43:54 (GMT) |
---|---|---|
committer | David Woodhouse <dwmw2@infradead.org> | 2007-10-13 13:43:54 (GMT) |
commit | b160292cc216a50fd0cd386b0bda2cd48352c73b (patch) | |
tree | ef07cf98f91353ee4c9ec1e1ca7a2a5d9d4b538a /net/ipv4/netfilter | |
parent | b37bde147890c8fea8369a5a4e230dabdea4ebfb (diff) | |
parent | bbf25010f1a6b761914430f5fca081ec8c7accd1 (diff) | |
download | linux-fsl-qoriq-b160292cc216a50fd0cd386b0bda2cd48352c73b.tar.xz |
Merge Linux 2.6.23
Diffstat (limited to 'net/ipv4/netfilter')
-rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 11 |
3 files changed, 6 insertions, 7 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index d1149ab..29114a9 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -1161,6 +1161,7 @@ static struct nf_sockopt_ops arpt_sockopts = { .get_optmin = ARPT_BASE_CTL, .get_optmax = ARPT_SO_GET_MAX+1, .get = do_arpt_get_ctl, + .owner = THIS_MODULE, }; static int __init arp_tables_init(void) diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index e1b402c..6486894 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -2296,6 +2296,7 @@ static struct nf_sockopt_ops ipt_sockopts = { #ifdef CONFIG_COMPAT .compat_get = compat_do_ipt_get_ctl, #endif + .owner = THIS_MODULE, }; static struct xt_match icmp_matchstruct __read_mostly = { diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index d9b5177..f813e02 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c @@ -87,14 +87,10 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff, if (iph == NULL) return -NF_DROP; - /* Never happen */ - if (iph->frag_off & htons(IP_OFFSET)) { - if (net_ratelimit()) { - printk(KERN_ERR "ipv4_get_l4proto: Frag of proto %u\n", - iph->protocol); - } + /* Conntrack defragments packets, we might still see fragments + * inside ICMP packets though. */ + if (iph->frag_off & htons(IP_OFFSET)) return -NF_DROP; - } *dataoff = nhoff + (iph->ihl << 2); *protonum = iph->protocol; @@ -403,6 +399,7 @@ static struct nf_sockopt_ops so_getorigdst = { .get_optmin = SO_ORIGINAL_DST, .get_optmax = SO_ORIGINAL_DST+1, .get = &getorigdst, + .owner = THIS_MODULE, }; struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4 __read_mostly = { |