bridge_netfilter: No ICMP packet on IPv4 fragmentation error - linux

diff options

author	Andy Zhou <azhou@nicira.com>	2015-05-15 23:15:37 +0200
committer	David S. Miller <davem@davemloft.net>	2015-05-19 06:15:39 +0200
commit	49d16b23cd1e61c028ee088c5a64e9ac6a9c6147 (patch)
tree	446c416b396c4561bd5616f6fba2ef52c43c8d06 /block
parent	IPv4: skip ICMP for bridge contrack users when defrag expires (diff)
download	linux-49d16b23cd1e61c028ee088c5a64e9ac6a9c6147.tar.xz linux-49d16b23cd1e61c028ee088c5a64e9ac6a9c6147.zip

bridge_netfilter: No ICMP packet on IPv4 fragmentation error

When bridge netfilter re-fragments an IP packet for output, all packets that can not be re-fragmented to their original input size should be silently discarded. However, current bridge netfilter output path generates an ICMP packet with 'size exceeded MTU' message for such packets, this is a bug. This patch refactors the ip_fragment() API to allow two separate use cases. The bridge netfilter user case will not send ICMP, the routing output will, as before. Signed-off-by: Andy Zhou <azhou@nicira.com> Acked-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'block')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: