| From foo@baz Wed May 28 21:03:54 PDT 2014 |
| From: Florian Westphal <fw@strlen.de> |
| Date: Mon, 5 May 2014 00:03:34 +0200 |
| Subject: net: ipv6: send pkttoobig immediately if orig frag |
| size > mtu |
| |
| From: Florian Westphal <fw@strlen.de> |
| |
| [ Upstream commit 418a31561d594a2b636c1e2fa94ecd9e1245abb1 ] |
| |
| If conntrack defragments incoming ipv6 frags it stores largest original |
| frag size in ip6cb and sets ->local_df. |
| |
| We must thus first test the largest original frag size vs. mtu, and not |
| vice versa. |
| |
| Without this patch PKTTOOBIG is still generated in ip6_fragment() later |
| in the stack, but |
| |
| 1) IPSTATS_MIB_INTOOBIGERRORS won't increment |
| 2) packet did (needlessly) traverse netfilter postrouting hook. |
| |
| Fixes: fe6cc55f3a9 ("net: ip, ipv6: handle gso skbs in forwarding path") |
| Signed-off-by: Florian Westphal <fw@strlen.de> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/ipv6/ip6_output.c | 6 +++++- |
| 1 file changed, 5 insertions(+), 1 deletion(-) |
| |
| --- a/net/ipv6/ip6_output.c |
| +++ b/net/ipv6/ip6_output.c |
| @@ -344,12 +344,16 @@ static unsigned int ip6_dst_mtu_forward( |
| |
| static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu) |
| { |
| - if (skb->len <= mtu || skb->local_df) |
| + if (skb->len <= mtu) |
| return false; |
| |
| + /* ipv6 conntrack defrag sets max_frag_size + local_df */ |
| if (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu) |
| return true; |
| |
| + if (skb->local_df) |
| + return false; |
| + |
| if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu) |
| return false; |
| |