Message ID | 1402600480-24248-1-git-send-email-kamal@canonical.com |
---|---|
State | New |
Headers | show |
Kamal Mostafa <kamal@canonical.com> wrote: > This is a note to let you know that I have just added a patch titled > > net: ipv4: ip_forward: fix inverted local_df test > > to the linux-3.13.y-queue branch of the 3.13.y.z extended stable tree > which can be found at: > > http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.13.y-queue > > This patch is scheduled to be released in version 3.13.11.4. > > If you, or anyone else, feels it should not be added to this tree, please > reply to this email. > > For more information about the 3.13.y.z tree, see > https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable > > Thanks. > -Kamal > > ------ > > From c5eb00aa7a470b73f2eea35d6e34cd163676c540 Mon Sep 17 00:00:00 2001 > From: Florian Westphal <fw@strlen.de> > Date: Sun, 4 May 2014 23:24:31 +0200 > Subject: net: ipv4: ip_forward: fix inverted local_df test > > [ Upstream commit ca6c5d4ad216d5942ae544bbf02503041bd802aa ] > > local_df means 'ignore DF bit if set', so if its set we're > allowed to perform ip fragmentation. > This wasn't noticed earlier because the output path also drops such skbs > (and emits needed icmp error) and because netfilter ip defrag did not > set local_df until couple of days ago. > Only difference is that DF-packets-larger-than MTU now discarded > earlier (f.e. we avoid pointless netfilter postrouting trip). You either need to remove this patch from the queue, or also queue upstream 895162b1101b3ea5db08ca6822ae9672717efec0, otherwise netfilter reassembled packets that exceed dst mtu are dropped.
On Thu, 2014-06-12 at 21:24 +0200, Florian Westphal wrote: > Kamal Mostafa <kamal@canonical.com> wrote: > > This is a note to let you know that I have just added a patch titled > > > > net: ipv4: ip_forward: fix inverted local_df test > > > > to the linux-3.13.y-queue branch of the 3.13.y.z extended stable tree > > which can be found at: > > > > http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.13.y-queue > > > > This patch is scheduled to be released in version 3.13.11.4. > > > > If you, or anyone else, feels it should not be added to this tree, please > > reply to this email. > > > > For more information about the 3.13.y.z tree, see > > https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable > > > > Thanks. > > -Kamal > > > > ------ > > > > From c5eb00aa7a470b73f2eea35d6e34cd163676c540 Mon Sep 17 00:00:00 2001 > > From: Florian Westphal <fw@strlen.de> > > Date: Sun, 4 May 2014 23:24:31 +0200 > > Subject: net: ipv4: ip_forward: fix inverted local_df test > > > > [ Upstream commit ca6c5d4ad216d5942ae544bbf02503041bd802aa ] > > > > local_df means 'ignore DF bit if set', so if its set we're > > allowed to perform ip fragmentation. > > > This wasn't noticed earlier because the output path also drops such skbs > > (and emits needed icmp error) and because netfilter ip defrag did not > > set local_df until couple of days ago. > > Only difference is that DF-packets-larger-than MTU now discarded > > earlier (f.e. we avoid pointless netfilter postrouting trip). > > You either need to remove this patch from the queue, > or also queue upstream 895162b1101b3ea5db08ca6822ae9672717efec0, > otherwise netfilter reassembled packets that exceed dst mtu are dropped. > Thanks Florian! I will queue up 895162b netfilter: ipv4: defrag: set local_df flag on defragmented skb as well. -Kamal
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c index 98d7e53..bd1c5ba 100644 --- a/net/ipv4/ip_forward.c +++ b/net/ipv4/ip_forward.c @@ -42,12 +42,12 @@ static bool ip_may_fragment(const struct sk_buff *skb) { return unlikely((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) || - !skb->local_df; + skb->local_df; } static bool ip_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu) { - if (skb->len <= mtu || skb->local_df) + if (skb->len <= mtu) return false; if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)