| From foo@baz Wed May 28 21:03:54 PDT 2014 |
| From: Florian Westphal <fw@strlen.de> |
| Date: Sun, 4 May 2014 23:24:31 +0200 |
| Subject: net: ipv4: ip_forward: fix inverted local_df test |
| |
| From: Florian Westphal <fw@strlen.de> |
| |
| [ Upstream commit ca6c5d4ad216d5942ae544bbf02503041bd802aa ] |
| |
| local_df means 'ignore DF bit if set', so if its set we're |
| allowed to perform ip fragmentation. |
| |
| This wasn't noticed earlier because the output path also drops such skbs |
| (and emits needed icmp error) and because netfilter ip defrag did not |
| set local_df until couple of days ago. |
| |
| Only difference is that DF-packets-larger-than MTU now discarded |
| earlier (f.e. we avoid pointless netfilter postrouting trip). |
| |
| While at it, drop the repeated test ip_exceeds_mtu, checking it once |
| is enough... |
| |
| Fixes: fe6cc55f3a9 ("net: ip, ipv6: handle gso skbs in forwarding path") |
| Signed-off-by: Florian Westphal <fw@strlen.de> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/ipv4/ip_forward.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| --- a/net/ipv4/ip_forward.c |
| +++ b/net/ipv4/ip_forward.c |
| @@ -42,12 +42,12 @@ |
| static bool ip_may_fragment(const struct sk_buff *skb) |
| { |
| return unlikely((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) || |
| - !skb->local_df; |
| + skb->local_df; |
| } |
| |
| static bool ip_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu) |
| { |
| - if (skb->len <= mtu || skb->local_df) |
| + if (skb->len <= mtu) |
| return false; |
| |
| if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu) |