diff options
author | Patrick McHardy <kaber@trash.net> | 2012-08-26 19:13:55 +0200 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2012-08-26 19:13:55 +0200 |
commit | 5f2d04f1f9b52604fca6ee08a77972c0df67e082 (patch) | |
tree | f4caa0aa602f6044f1fc20c6dfa89527183803d1 /net/ipv4/ip_output.c | |
parent | packet: Protect packet sk list with mutex (v2) (diff) | |
download | linux-5f2d04f1f9b52604fca6ee08a77972c0df67e082.tar.xz linux-5f2d04f1f9b52604fca6ee08a77972c0df67e082.zip |
ipv4: fix path MTU discovery with connection tracking
IPv4 conntrack defragments incoming packet at the PRE_ROUTING hook and
(in case of forwarded packets) refragments them at POST_ROUTING
independent of the IP_DF flag. Refragmentation uses the dst_mtu() of
the local route without caring about the original fragment sizes,
thereby breaking PMTUD.
This patch fixes this by keeping track of the largest received fragment
with IP_DF set and generates an ICMP fragmentation required error during
refragmentation if that size exceeds the MTU.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/ip_output.c')
-rw-r--r-- | net/ipv4/ip_output.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index c196d749daf2..a5beab1dc958 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c @@ -467,7 +467,9 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) iph = ip_hdr(skb); - if (unlikely((iph->frag_off & htons(IP_DF)) && !skb->local_df)) { + if (unlikely(((iph->frag_off & htons(IP_DF)) && !skb->local_df) || + (IPCB(skb)->frag_max_size && + IPCB(skb)->frag_max_size > dst_mtu(&rt->dst)))) { IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGFAILS); icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(ip_skb_dst_mtu(skb))); |