From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
torvalds@osdl.org, akpm@osdl.org, alan@lxorguk.ukuu.org.uk,
davem@davemloft.net, Patrick McHardy <kaber@trash.net>,
Greg Kroah-Hartman <gregkh@suse.de>
Subject: [patch 06/22] NETFILTER: Fix fragmentation issues with bridge netfilter
Date: Thu, 13 Apr 2006 16:07:28 -0700 [thread overview]
Message-ID: <20060413230728.GG5613@kroah.com> (raw)
In-Reply-To: <20060413230637.GA5613@kroah.com>
[-- Attachment #1: netfilter-fix-fragmentation-issues-with-bridge-netfilter.patch --]
[-- Type: text/plain, Size: 3335 bytes --]
-stable review patch. If anyone has any objections, please let us know.
------------------
[NETFILTER]: Fix fragmentation issues with bridge netfilter
The conntrack code doesn't do re-fragmentation of defragmented packets
anymore but relies on fragmentation in the IP layer. Purely bridged
packets don't pass through the IP layer, so the bridge netfilter code
needs to take care of fragmentation itself.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
include/net/ip.h | 1 +
net/bridge/br_netfilter.c | 13 +++++++++++--
net/ipv4/ip_output.c | 6 +++---
3 files changed, 15 insertions(+), 5 deletions(-)
--- linux-2.6.16.5.orig/include/net/ip.h
+++ linux-2.6.16.5/include/net/ip.h
@@ -95,6 +95,7 @@ extern int ip_local_deliver(struct sk_b
extern int ip_mr_input(struct sk_buff *skb);
extern int ip_output(struct sk_buff *skb);
extern int ip_mc_output(struct sk_buff *skb);
+extern int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *));
extern int ip_do_nat(struct sk_buff *skb);
extern void ip_send_check(struct iphdr *ip);
extern int ip_queue_xmit(struct sk_buff *skb, int ipfragok);
--- linux-2.6.16.5.orig/net/bridge/br_netfilter.c
+++ linux-2.6.16.5/net/bridge/br_netfilter.c
@@ -739,6 +739,15 @@ out:
return NF_STOLEN;
}
+static int br_nf_dev_queue_xmit(struct sk_buff *skb)
+{
+ if (skb->protocol == htons(ETH_P_IP) &&
+ skb->len > skb->dev->mtu &&
+ !(skb_shinfo(skb)->ufo_size || skb_shinfo(skb)->tso_size))
+ return ip_fragment(skb, br_dev_queue_push_xmit);
+ else
+ return br_dev_queue_push_xmit(skb);
+}
/* PF_BRIDGE/POST_ROUTING ********************************************/
static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb,
@@ -798,7 +807,7 @@ static unsigned int br_nf_post_routing(u
realoutdev = nf_bridge->netoutdev;
#endif
NF_HOOK(pf, NF_IP_POST_ROUTING, skb, NULL, realoutdev,
- br_dev_queue_push_xmit);
+ br_nf_dev_queue_xmit);
return NF_STOLEN;
@@ -843,7 +852,7 @@ static unsigned int ip_sabotage_out(unsi
if ((out->hard_start_xmit == br_dev_xmit &&
okfn != br_nf_forward_finish &&
okfn != br_nf_local_out_finish &&
- okfn != br_dev_queue_push_xmit)
+ okfn != br_nf_dev_queue_xmit)
#if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE)
|| ((out->priv_flags & IFF_802_1Q_VLAN) &&
VLAN_DEV_INFO(out)->real_dev->hard_start_xmit == br_dev_xmit)
--- linux-2.6.16.5.orig/net/ipv4/ip_output.c
+++ linux-2.6.16.5/net/ipv4/ip_output.c
@@ -86,8 +86,6 @@
int sysctl_ip_default_ttl = IPDEFTTL;
-static int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*));
-
/* Generate a checksum for an outgoing IP datagram. */
__inline__ void ip_send_check(struct iphdr *iph)
{
@@ -421,7 +419,7 @@ static void ip_copy_metadata(struct sk_b
* single device frame, and queue such a frame for sending.
*/
-static int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*))
+int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*))
{
struct iphdr *iph;
int raw = 0;
@@ -673,6 +671,8 @@ fail:
return err;
}
+EXPORT_SYMBOL(ip_fragment);
+
int
ip_generic_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
{
--
next prev parent reply other threads:[~2006-04-13 23:08 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20060413230141.330705000@quad.kroah.org>
2006-04-13 23:06 ` [patch 00/22] -stable review Greg KH
2006-04-13 23:06 ` [patch 01/22] powerpc: iSeries needs slb_initialize to be called Greg KH
2006-04-13 23:06 ` [patch 02/22] powerpc: fix incorrect SA_ONSTACK behaviour for 64-bit processes Greg KH
2006-04-24 8:27 ` Laurent MEYER
2006-04-13 23:07 ` [patch 03/22] MPBL0010 driver sysfs permissions wide open Greg KH
2006-04-13 23:07 ` [patch 04/22] isd200: limit to BLK_DEV_IDE Greg KH
2006-04-14 1:58 ` Jeff Garzik
2006-04-15 11:51 ` Adrian Bunk
2006-04-13 23:07 ` [patch 05/22] sky2: bad memory reference on dual port cards Greg KH
2006-04-13 23:07 ` Greg KH [this message]
2006-04-13 23:07 ` [patch 07/22] m32r: security fix of {get, put}_user macros Greg KH
2006-04-13 23:07 ` [patch 08/22] m32r: Fix cpu_possible_map and cpu_present_map initialization for SMP kernel Greg KH
2006-04-13 23:07 ` [patch 09/22] fuse: fix oops in fuse_send_readpages() Greg KH
2006-04-13 23:07 ` [patch 10/22] Fix buddy list race that could lead to page lru list corruptions Greg KH
2006-04-13 23:08 ` [patch 11/22] Fix block device symlink name Greg KH
2006-04-14 0:57 ` Christoph Hellwig
2006-04-14 19:48 ` [stable] " Greg KH
2006-04-13 23:08 ` [patch 12/22] ext3: Fix missed mutex unlock Greg KH
2006-04-13 23:08 ` [patch 13/22] edac_752x needs CONFIG_HOTPLUG Greg KH
2006-04-13 23:25 ` Dave Peterson
2006-04-13 23:44 ` Greg KH
2006-04-13 23:08 ` [patch 14/22] cciss: bug fix for crash when running hpacucli Greg KH
2006-04-13 23:08 ` [patch 15/22] alpha: SMP boot fixes Greg KH
2006-04-13 23:09 ` [patch 16/22] Fix utime(2) in the case that no times parameter was passed in Greg KH
2006-04-13 23:09 ` [patch 17/22] RLIMIT_CPU: fix handling of a zero limit Greg KH
2006-04-13 23:09 ` [patch 18/22] Incorrect signature sent on SMB Read Greg KH
2006-04-13 23:09 ` [patch 19/22] Fix suspend with traced tasks Greg KH
2006-04-13 23:09 ` [patch 20/22] USB: remove __init from usb_console_setup Greg KH
2006-04-13 23:09 ` [patch 21/22] fix non-leader exec under ptrace Greg KH
2006-04-14 18:52 ` Andrea Arcangeli
2006-04-13 23:09 ` [patch 22/22] atm: clip causes unregister hang Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060413230728.GG5613@kroah.com \
--to=gregkh@suse.de \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=davem@davemloft.net \
--cc=jmforbes@linuxtx.org \
--cc=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=rdunlap@xenotime.net \
--cc=stable@kernel.org \
--cc=torvalds@osdl.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox