Commit fa254511 authored Aug 06, 2024 by Tom Hughes Committed by Greg Kroah-Hartman Sep 04, 2024

netfilter: allow ipv6 fragments to arrive on different devices



[ Upstream commit 3cd740b9 ]

Commit 264640fc ("ipv6: distinguish frag queues by device
for multicast and link-local packets") modified the ipv6 fragment
reassembly logic to distinguish frag queues by device for multicast
and link-local packets but in fact only the main reassembly code
limits the use of the device to those address types and the netfilter
reassembly code uses the device for all packets.

This means that if fragments of a packet arrive on different interfaces
then netfilter will fail to reassemble them and the fragments will be
expired without going any further through the filters.

Fixes: 648700f7 ("inet: frags: use rhashtables for reassembly units")
Signed-off-by: Tom Hughes <tom@compton.nu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 81de530a

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 4c8c55d1
· Nov 05, 2025

mentioned in commit 4c8c55d1

mentioned in commit 4c8c55d13dfa0cb6acc22c1ec089e43d4225082f

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 55fa1563
· Nov 05, 2025

mentioned in commit 55fa1563

mentioned in commit 55fa1563f58ec6073fda5c889ead5025ee490f60

Toggle commit list

Please to comment