From mboxrd@z Thu Jan 1 00:00:00 1970 From: Felix Fietkau Subject: [RFC 7/9] netfilter: nf_flow_table: move ip header check out of nf_flow_exceeds_mtu Date: Sat, 17 Feb 2018 12:12:04 +0100 Message-ID: <20180217111206.37312-7-nbd@nbd.name> References: <20180217111206.37312-1-nbd@nbd.name> Cc: pablo@netfilter.org, nbd@nbd.name To: netfilter-devel@vger.kernel.org Return-path: Received: from nbd.name ([46.4.11.11]:54292 "EHLO nbd.name" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751096AbeBQLML (ORCPT ); Sat, 17 Feb 2018 06:12:11 -0500 In-Reply-To: <20180217111206.37312-1-nbd@nbd.name> Sender: netfilter-devel-owner@vger.kernel.org List-ID: Allows the function to be shared with the IPv6 hook code Signed-off-by: Felix Fietkau --- net/netfilter/nf_flow_table_ip.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 7c97126ace0e..79976c25891b 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -181,9 +181,6 @@ static bool nf_flow_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu) if (skb->len <= mtu) return false; - if ((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) - return false; - if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu)) return false; @@ -222,7 +219,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); rt = (const struct rtable *)flow->tuplehash[dir].tuple.dst_cache; - if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu))) + if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)) && + (ip_hdr(skb)->frag_off & htons(IP_DF)) != 0) return NF_ACCEPT; if (skb_try_make_writable(skb, sizeof(*iph))) -- 2.14.2