Patch "net: ipv4: ip_forward: fix inverted local_df test" has been added to the 3.14-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Wed, 28 May 2014 21:15:33 -0700

This is a note to let you know that I've just added the patch titled

    net: ipv4: ip_forward: fix inverted local_df test

to the 3.14-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-ipv4-ip_forward-fix-inverted-local_df-test.patch
and it can be found in the queue-3.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From foo@baz Wed May 28 21:03:54 PDT 2014
From: Florian Westphal <fw@xxxxxxxxx>
Date: Sun, 4 May 2014 23:24:31 +0200
Subject: net: ipv4: ip_forward: fix inverted local_df test

From: Florian Westphal <fw@xxxxxxxxx>

[ Upstream commit ca6c5d4ad216d5942ae544bbf02503041bd802aa ]

local_df means 'ignore DF bit if set', so if its set we're
allowed to perform ip fragmentation.

This wasn't noticed earlier because the output path also drops such skbs
(and emits needed icmp error) and because netfilter ip defrag did not
set local_df until couple of days ago.

Only difference is that DF-packets-larger-than MTU now discarded
earlier (f.e. we avoid pointless netfilter postrouting trip).

While at it, drop the repeated test ip_exceeds_mtu, checking it once
is enough...

Fixes: fe6cc55f3a9 ("net: ip, ipv6: handle gso skbs in forwarding path")
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 net/ipv4/ip_forward.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -42,12 +42,12 @@
 static bool ip_may_fragment(const struct sk_buff *skb)
 {
 	return unlikely((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) ||
-	       !skb->local_df;
+		skb->local_df;
 }
 
 static bool ip_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu)
 {
-	if (skb->len <= mtu || skb->local_df)
+	if (skb->len <= mtu)
 		return false;
 
 	if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)


Patches currently in stable-queue which might be from fw@xxxxxxxxx are

queue-3.14/net-ipv6-send-pkttoobig-immediately-if-orig-frag.patch
queue-3.14/netfilter-can-t-fail-and-free-after-table-replacement.patch
queue-3.14/net-core-don-t-account-for-udp-header-size-when-computing-seglen.patch
queue-3.14/net-ipv4-ip_forward-fix-inverted-local_df-test.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html







