leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

netfilter: nf_flow_table: move ip header check out of nf_flow_exceeds_mtu

Browse Source 
Allows the function to be shared with the IPv6 hook code

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Felix Fietkau 2018-02-26 10:15:14 +01:00 committed by Pablo Neira Ayuso
parent 7d20868717
commit 3aeb51d7e7
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
net/netfilter/nf_flow_table_ip.c
View File

@ -182,9 +182,6 @@ static bool nf_flow_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu)
if (skb->len <= mtu) if (skb->len <= mtu)
return false; return false;
if ((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0)
return false;
if (skb_is_gso(skb) && skb_gso_validate_network_len(skb, mtu)) if (skb_is_gso(skb) && skb_gso_validate_network_len(skb, mtu))
return false; return false;
@ -223,7 +220,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);
rt = (const struct rtable *)flow->tuplehash[dir].tuple.dst_cache; rt = (const struct rtable *)flow->tuplehash[dir].tuple.dst_cache;
if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu))) if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)) &&
(ip_hdr(skb)->frag_off & htons(IP_DF)) != 0)
return NF_ACCEPT; return NF_ACCEPT;
if (skb_try_make_writable(skb, sizeof(*iph))) if (skb_try_make_writable(skb, sizeof(*iph)))