Russell King wrote:
I don't know if the code is using fragment lists in ip_fragment(), butNice spotting. If conntrack isn't loaded defragmentation happens after
on reading the code a question comes to mind: if we have a list of
fragments, does each fragment skb have a valid (and refcounted) dst
pointer before ip_fragment() does it's job? If yes, then isn't the
first ip_copy_metadata() in ip_fragment() going to overwrite this
pointer without dropping the refcount?
routing, so this is likely the cause.
OTOH, if conntrack isn't loaded forwarded packet are never defragmented,
so frag_list should be empty. So probably false alarm, sorry.