You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32 lines
1.0 KiB
32 lines
1.0 KiB
From: Felix Fietkau <nbd@nbd.name>
|
|
Date: Sat, 17 Feb 2018 11:51:20 +0100
|
|
Subject: [PATCH] netfilter: nf_flow_table: move ip header check out of
|
|
nf_flow_exceeds_mtu
|
|
|
|
Allows the function to be shared with the IPv6 hook code
|
|
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
---
|
|
|
|
--- a/net/netfilter/nf_flow_table_ip.c
|
|
+++ b/net/netfilter/nf_flow_table_ip.c
|
|
@@ -181,9 +181,6 @@ static bool nf_flow_exceeds_mtu(const st
|
|
if (skb->len <= mtu)
|
|
return false;
|
|
|
|
- if ((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0)
|
|
- return false;
|
|
-
|
|
if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu))
|
|
return false;
|
|
|
|
@@ -222,7 +219,8 @@ nf_flow_offload_ip_hook(void *priv, stru
|
|
flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);
|
|
rt = (const struct rtable *)flow->tuplehash[dir].tuple.dst_cache;
|
|
|
|
- if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)))
|
|
+ if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)) &&
|
|
+ (ip_hdr(skb)->frag_off & htons(IP_DF)) != 0)
|
|
return NF_ACCEPT;
|
|
|
|
if (skb_try_make_writable(skb, sizeof(*iph)))
|
|
|