Re: WARNING: at net/ipv4/netfilter/nf_nat_standalone.c:89 nf_nat_fn+0x33/0x155()
From: Patrick McHardy
Date: Fri Oct 10 2008 - 09:52:07 EST
Nir Tzachar wrote:
Hello.
The following warning is reproducible with the code below on 2.6.25.6,
which uses sendmsg on a udp socket using two iovecs:
....
And I always get the following warning twice:
[ 6658.338116] ------------[ cut here ]------------
[ 6658.338121] WARNING: at net/ipv4/netfilter/nf_nat_standalone.c:89
nf_nat_fn+0x33/0x155()
Thanks for the report. Does this patch fix it?
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 5a955c4..5bd4833 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -92,7 +92,7 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
/* Conntrack defragments packets, we might still see fragments
* inside ICMP packets though. */
- if (iph->frag_off & htons(IP_OFFSET))
+ if (iph->frag_off & htons(IP_MF | IP_OFFSET))
return -NF_DROP;
*dataoff = nhoff + (iph->ihl << 2);