diff options
author | Felix Fietkau <nbd@nbd.name> | 2018-02-26 12:15:14 +0300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-04-24 11:28:15 +0300 |
commit | 3aeb51d7e7b8dcc641a4238b162ed72fdc2c0b23 (patch) | |
tree | b47edd322c576e60dc1b674b8e9552ae1c31ced1 /net/netfilter/nf_flow_table_ip.c | |
parent | 7d208687176292f4cba4dbb850087a0d6ed2b414 (diff) | |
download | linux-3aeb51d7e7b8dcc641a4238b162ed72fdc2c0b23.tar.xz |
netfilter: nf_flow_table: move ip header check out of nf_flow_exceeds_mtu
Allows the function to be shared with the IPv6 hook code
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nf_flow_table_ip.c')
-rw-r--r-- | net/netfilter/nf_flow_table_ip.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 034fda963392..103263e0c7c2 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -182,9 +182,6 @@ static bool nf_flow_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu) if (skb->len <= mtu) return false; - if ((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) - return false; - if (skb_is_gso(skb) && skb_gso_validate_network_len(skb, mtu)) return false; @@ -223,7 +220,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); rt = (const struct rtable *)flow->tuplehash[dir].tuple.dst_cache; - if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu))) + if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)) && + (ip_hdr(skb)->frag_off & htons(IP_DF)) != 0) return NF_ACCEPT; if (skb_try_make_writable(skb, sizeof(*iph))) |