Maciej Żenczykowski <zenczykow...@gmail.com> wrote: I am currently travelling and not able to investigate until next week.
> commit ad8b1ffc3efae2f65080bdb11145c87d299b8f9a > Author: Florian Westphal <f...@strlen.de> > netfilter: ipv6: nf_defrag: drop skb dst before queueing > > +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c > @@ -618,6 +618,8 @@ int nf_ct_frag6_gather(struct net *net, struct > sk_buff *skb, u32 user) > fq->q.meat == fq->q.len && > nf_ct_frag6_reasm(fq, skb, dev)) > ret = 0; > + else > + skb_dst_drop(skb); This is only supposed to drop dst of skbs that are enqueued, i.e. frag6_gather returns NF_STOLEN. In case skb completes the queue, then that skbs dst_entry is supposed to be kept, so skb_dst() does NOT return NULL. Its not supposed to be any different than ipv4 defrag. > const struct dst_entry *dst = skb_dst(skb); // returns NULL That is not supposed to happen.
