This is a note to let you know that I've just added the patch titled
net: ipv6: send pkttoobig immediately if orig frag size > mtu
to the 3.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
net-ipv6-send-pkttoobig-immediately-if-orig-frag-size-mtu.patch
and it can be found in the queue-3.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From foo@baz Wed May 28 20:43:09 PDT 2014
From: Florian Westphal <fw@xxxxxxxxx>
Date: Mon, 5 May 2014 00:03:34 +0200
Subject: net: ipv6: send pkttoobig immediately if orig frag size > mtu
From: Florian Westphal <fw@xxxxxxxxx>
[ Upstream commit 418a31561d594a2b636c1e2fa94ecd9e1245abb1 ]
If conntrack defragments incoming ipv6 frags it stores largest original
frag size in ip6cb and sets ->local_df.
We must thus first test the largest original frag size vs. mtu, and not
vice versa.
Without this patch PKTTOOBIG is still generated in ip6_fragment() later
in the stack, but
1) IPSTATS_MIB_INTOOBIGERRORS won't increment
2) packet did (needlessly) traverse netfilter postrouting hook.
Fixes: fe6cc55f3a9 ("net: ip, ipv6: handle gso skbs in forwarding path")
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/ipv6/ip6_output.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -347,12 +347,16 @@ static inline int ip6_forward_finish(str
static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
{
- if (skb->len <= mtu || skb->local_df)
+ if (skb->len <= mtu)
return false;
+ /* ipv6 conntrack defrag sets max_frag_size + local_df */
if (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)
return true;
+ if (skb->local_df)
+ return false;
+
if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)
return false;
Patches currently in stable-queue which might be from fw@xxxxxxxxx are
queue-3.10/netfilter-can-t-fail-and-free-after-table-replacement.patch
queue-3.10/net-core-don-t-account-for-udp-header-size-when-computing-seglen.patch
queue-3.10/net-ipv6-send-pkttoobig-immediately-if-orig-frag-size-mtu.patch
queue-3.10/net-ipv4-ip_forward-fix-inverted-local_df-test.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html