blob: 4ee5532438cfc8ffb85bcd192577446c1db6f27d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
From: Felix Fietkau <nbd@nbd.name>
Date: Sat, 17 Feb 2018 11:51:20 +0100
Subject: [PATCH] netfilter: nf_flow_table: move ip header check out of
nf_flow_exceeds_mtu
Allows the function to be shared with the IPv6 hook code
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
--- a/net/netfilter/nf_flow_table_ip.c
+++ b/net/netfilter/nf_flow_table_ip.c
@@ -181,9 +181,6 @@ static bool nf_flow_exceeds_mtu(const st
if (skb->len <= mtu)
return false;
- if ((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0)
- return false;
-
if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu))
return false;
@@ -222,7 +219,8 @@ nf_flow_offload_ip_hook(void *priv, stru
flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);
rt = (const struct rtable *)flow->tuplehash[dir].tuple.dst_cache;
- if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)))
+ if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)) &&
+ (ip_hdr(skb)->frag_off & htons(IP_DF)) != 0)
return NF_ACCEPT;
if (skb_try_make_writable(skb, sizeof(*iph)))
|
