diff options
author | Andy Zhou <azhou@nicira.com> | 2015-05-15 14:15:37 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-05-19 00:15:39 -0400 |
commit | 49d16b23cd1e61c028ee088c5a64e9ac6a9c6147 (patch) | |
tree | 446c416b396c4561bd5616f6fba2ef52c43c8d06 /include | |
parent | 8bc04864ac89616e55fc8a196dd32b7066433ea8 (diff) | |
download | linux-49d16b23cd1e61c028ee088c5a64e9ac6a9c6147.tar.bz2 |
bridge_netfilter: No ICMP packet on IPv4 fragmentation error
When bridge netfilter re-fragments an IP packet for output, all
packets that can not be re-fragmented to their original input size
should be silently discarded.
However, current bridge netfilter output path generates an ICMP packet
with 'size exceeded MTU' message for such packets, this is a bug.
This patch refactors the ip_fragment() API to allow two separate
use cases. The bridge netfilter user case will not
send ICMP, the routing output will, as before.
Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/net/ip.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/net/ip.h b/include/net/ip.h index 43f6f39df9fc..cd7a6a458bb6 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -108,8 +108,8 @@ int ip_local_deliver(struct sk_buff *skb); int ip_mr_input(struct sk_buff *skb); int ip_output(struct sock *sk, struct sk_buff *skb); int ip_mc_output(struct sock *sk, struct sk_buff *skb); -int ip_fragment(struct sock *sk, struct sk_buff *skb, - int (*output)(struct sock *, struct sk_buff *)); +int ip_do_fragment(struct sock *sk, struct sk_buff *skb, + int (*output)(struct sock *, struct sk_buff *)); int ip_do_nat(struct sk_buff *skb); void ip_send_check(struct iphdr *ip); int __ip_local_out(struct sk_buff *skb); |