[NETFILTER]: nf_conntrack_ipv4: fix "Frag of proto ..." messages

Since we're now using a generic tuple decoding function in ICMP
connection tracking, ipv4_get_l4proto() might get called with a
fragmented packet from within an ICMP error. Remove the error
message we used to print when this happens.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index d9b5177..53cb177 100644 (file)
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -87,14 +87,10 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
        if (iph == NULL)
                return -NF_DROP;
 
-       /* Never happen */
-       if (iph->frag_off & htons(IP_OFFSET)) {
-               if (net_ratelimit()) {
-                       printk(KERN_ERR "ipv4_get_l4proto: Frag of proto %u\n",
-                       iph->protocol);
-               }
+       /* Conntrack defragments packets, we might still see fragments
+        * inside ICMP packets though. */
+       if (iph->frag_off & htons(IP_OFFSET))
                return -NF_DROP;
-       }
 
        *dataoff = nhoff + (iph->ihl << 2);
        *protonum = iph->protocol;