ipv4: use sk_fullsock() in ipv4_conntrack_defrag()
authorEric Dumazet <edumazet@google.com>
Thu, 5 Nov 2015 19:34:06 +0000 (11:34 -0800)
committerDavid S. Miller <davem@davemloft.net>
Thu, 5 Nov 2015 19:36:09 +0000 (14:36 -0500)
Before converting a 'socket pointer' into inet socket,
use sk_fullsock() to detect timewait or request sockets.

Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of listener")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/netfilter/nf_defrag_ipv4.c

index 0e5591c2ee9f6d66acb47ce2cbbf31403dc286f7..6fb869f646bf7a15b2f012cc1982c2a9f3d5935f 100644 (file)
@@ -67,10 +67,9 @@ static unsigned int ipv4_conntrack_defrag(void *priv,
                                          const struct nf_hook_state *state)
 {
        struct sock *sk = skb->sk;
-       struct inet_sock *inet = inet_sk(skb->sk);
 
-       if (sk && (sk->sk_family == PF_INET) &&
-           inet->nodefrag)
+       if (sk && sk_fullsock(sk) && (sk->sk_family == PF_INET) &&
+           inet_sk(sk)->nodefrag)
                return NF_ACCEPT;
 
 #if IS_ENABLED(CONFIG_NF_CONNTRACK)