From: Patrick McHardy <kaber@trash.net>
To: Bart De Schuymer <bdschuym@pandora.be>
Cc: Netfilter Developer Mailing List
<netfilter-devel@vger.kernel.org>,
Stephen Hemminger <shemminger@linux-foundation.org>
Subject: Re: [PATCH 3/3] bridge-netfilter: fix refragmenting IP traffic encapsulated in PPPoE traffic
Date: Thu, 15 Apr 2010 12:29:33 +0200 [thread overview]
Message-ID: <4BC6EA8D.2030602@trash.net> (raw)
In-Reply-To: <4BC5BFB4.4080101@pandora.be>
Bart De Schuymer wrote:
> bridge-netfilter: fix refragmenting IP traffic encapsulated in PPPoE
> traffic
>
> The MTU for IP traffic encapsulated inside PPPoE traffic is smaller
> than the MTU of the Ethernet device (1500). Connection tracking
> gathers all IP packets and sometimes will refragment them in
> ip_fragment(). We then need to subtract the length of the
> encapsulating header from the mtu used in ip_fragment(). The check in
> br_nf_dev_queue_xmit() which determines if ip_fragment() has to be
> called is also updated for the PPPoE-encapsulated packets.
> nf_bridge_copy_header() is also updated to make sure the PPPoE data
> length field has the correct value.
>
> Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>
>
> --- nf-next-2.6/net/bridge/br_netfilter.c.ori3 2010-04-14 14:06:05.000000000 +0200
> +++ nf-next-2.6/net/bridge/br_netfilter.c 2010-04-14 14:11:34.000000000 +0200
> @@ -221,6 +221,8 @@ int nf_bridge_copy_header(struct sk_buff
> skb_copy_to_linear_data_offset(skb, -header_size,
> skb->nf_bridge->data, header_size);
> __skb_push(skb, nf_bridge_encap_header_len(skb));
> + if (unlikely(skb->protocol == htons(ETH_P_PPP_SES)))
> + ((struct pppoe_hdr *)skb->data)->length = htons(skb->len-sizeof(struct pppoe_hdr));
> return 0;
> }
>
> @@ -744,7 +746,7 @@ static unsigned int br_nf_forward_arp(un
> static int br_nf_dev_queue_xmit(struct sk_buff *skb)
> {
> if (skb->nfct != NULL && skb->protocol == htons(ETH_P_IP) &&
> - skb->len > skb->dev->mtu &&
> + skb->len + ((skb->nf_bridge->mask & BRNF_PPPoE) ? PPPOE_SES_HLEN:0) > skb->dev->mtu &&
> !skb_is_gso(skb))
> return ip_fragment(skb, br_dev_queue_push_xmit);
> else
> --- nf-next-2.6/net/ipv4/ip_output.c.ori 2010-04-14 14:01:28.000000000 +0200
> +++ nf-next-2.6/net/ipv4/ip_output.c 2010-04-14 14:02:41.000000000 +0200
> @@ -468,6 +468,10 @@ int ip_fragment(struct sk_buff *skb, int
>
> hlen = iph->ihl * 4;
> mtu = dst_mtu(&rt->u.dst) - hlen; /* Size of data space */
> +#ifdef CONFIG_BRIDGE_NETFILTER
> + if (unlikely(skb->nf_bridge && (skb->nf_bridge->mask & BRNF_PPPoE)))
> + mtu -= PPPOE_SES_HLEN;
> +#endif
I think it would be nice to encapsulate this in a small inline
function, perhaps nf_bridge_adjust_mtu(skb, mtu) or something
like that.
Please also fix the overly long lines.
next prev parent reply other threads:[~2010-04-15 10:29 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-14 13:14 [PATCH 3/3] bridge-netfilter: fix refragmenting IP traffic encapsulated in PPPoE traffic Bart De Schuymer
2010-04-15 10:29 ` Patrick McHardy [this message]
2010-04-20 13:33 ` Bart De Schuymer
2010-04-20 14:22 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BC6EA8D.2030602@trash.net \
--to=kaber@trash.net \
--cc=bdschuym@pandora.be \
--cc=netfilter-devel@vger.kernel.org \
--cc=shemminger@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.