diff options
author | Florian Westphal <fw@strlen.de> | 2015-04-01 22:36:27 +0200 |
---|---|---|
committer | Sasha Levin <sasha.levin@oracle.com> | 2015-05-17 19:12:30 -0400 |
commit | d07c59df9ff1f75f5ce0a9af7e9a4b9da8739078 (patch) | |
tree | 1d206a8932f627e501322f26646a16282eb99905 /net | |
parent | d08282c148c574d5ef8d81f657a6e64d49da1d88 (diff) |
netfilter: bridge: really save frag_max_size between PRE and POST_ROUTING
[ Upstream commit 0b67c43ce36a9964f1d5e3f973ee19eefd3f9f8f ]
We also need to save/store in forward, else br_parse_ip_options call
will zero frag_max_size as well.
Fixes: 93fdd47e5 ('bridge: Save frag_max_size between PRE_ROUTING and POST_ROUTING')
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Diffstat (limited to 'net')
-rw-r--r-- | net/bridge/br_netfilter.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 1a4f32c09ad5..f076a8ede00b 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c @@ -650,6 +650,13 @@ static int br_nf_forward_finish(struct sk_buff *skb) struct net_device *in; if (!IS_ARP(skb) && !IS_VLAN_ARP(skb)) { + int frag_max_size; + + if (skb->protocol == htons(ETH_P_IP)) { + frag_max_size = IPCB(skb)->frag_max_size; + BR_INPUT_SKB_CB(skb)->frag_max_size = frag_max_size; + } + in = nf_bridge->physindev; if (nf_bridge->mask & BRNF_PKT_TYPE) { skb->pkt_type = PACKET_OTHERHOST; @@ -709,8 +716,14 @@ static unsigned int br_nf_forward_ip(const struct nf_hook_ops *ops, nf_bridge->mask |= BRNF_PKT_TYPE; } - if (pf == NFPROTO_IPV4 && br_parse_ip_options(skb)) - return NF_DROP; + if (pf == NFPROTO_IPV4) { + int frag_max = BR_INPUT_SKB_CB(skb)->frag_max_size; + + if (br_parse_ip_options(skb)) + return NF_DROP; + + IPCB(skb)->frag_max_size = frag_max; + } /* The physdev module checks on this */ nf_bridge->mask |= BRNF_BRIDGED; |