From patchwork Mon Feb 26 09:15:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Fietkau X-Patchwork-Id: 877751 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nbd.name Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=nbd.name header.i=@nbd.name header.b="p0lRz2/Q"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zqblp1b0fz9s1b for ; Mon, 26 Feb 2018 20:15:50 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752324AbeBZJPt (ORCPT ); Mon, 26 Feb 2018 04:15:49 -0500 Received: from nbd.name ([46.4.11.11]:58222 "EHLO nbd.name" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751816AbeBZJP3 (ORCPT ); Mon, 26 Feb 2018 04:15:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nbd.name; s=20160729; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=wW0OlBWlQJ9fNkr2dnRUUIhnGm5YMIJWPr3qitefz3I=; b=p0lRz2/Q8E3On2HmaftkK1xDsL 1zn0DSL15Ap6HTQS7TE0RrVyuWOZqgi2mZrkFa+m6axhlYFcyYn2ajH4JKyvmfjqJaQBT0Hv1EBhS oajIfZW9KO8cpBOXuRs7O1V4+q2V9LatOyFFjgFpUqjFWqm+FIQsK4vVcaQCI9plQcj8=; Received: by maeck.local (Postfix, from userid 501) id 7216715A0045; Mon, 26 Feb 2018 10:15:25 +0100 (CET) From: Felix Fietkau To: netfilter-devel@vger.kernel.org Cc: pablo@netfilter.org, nbd@nbd.name Subject: [PATCH v3 07/17] netfilter: nf_flow_table: move ip header check out of nf_flow_exceeds_mtu Date: Mon, 26 Feb 2018 10:15:14 +0100 Message-Id: <20180226091524.47061-8-nbd@nbd.name> X-Mailer: git-send-email 2.14.2 In-Reply-To: <20180226091524.47061-1-nbd@nbd.name> References: <20180226091524.47061-1-nbd@nbd.name> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Allows the function to be shared with the IPv6 hook code Signed-off-by: Felix Fietkau --- net/netfilter/nf_flow_table_ip.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index b4175642d657..5c4256a007f6 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -182,9 +182,6 @@ static bool nf_flow_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu) if (skb->len <= mtu) return false; - if ((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) - return false; - if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu)) return false; @@ -223,7 +220,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); rt = (const struct rtable *)flow->tuplehash[dir].tuple.dst_cache; - if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu))) + if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)) && + (ip_hdr(skb)->frag_off & htons(IP_DF)) != 0) return NF_ACCEPT; if (skb_try_make_writable(skb, sizeof(*iph)))