diff options
| author | David S. Miller <davem@davemloft.net> | 2015-05-19 00:15:50 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2015-05-19 00:15:50 -0400 |
| commit | 76d7c457659dfc05d5a23cd0b21fea333d1788cd (patch) | |
| tree | 446c416b396c4561bd5616f6fba2ef52c43c8d06 /include | |
| parent | a2ad5d2ad96e8d5b3b8f33583a82eae78dce4d49 (diff) | |
| parent | 49d16b23cd1e61c028ee088c5a64e9ac6a9c6147 (diff) | |
| download | cachepc-linux-76d7c457659dfc05d5a23cd0b21fea333d1788cd.tar.gz cachepc-linux-76d7c457659dfc05d5a23cd0b21fea333d1788cd.zip | |
Merge branch 'icmp_frag'
Andy Zhou says:
====================
fragmentation ICMP
Currently, we send ICMP packets when errors occur during fragmentation or
de-fragmentation. However, it is a bug when sending those ICMP packets
in the context of using netfilter for bridging.
Those ICMP packets are only expected in the context of routing, not in
bridging mode.
The local stack is not involved in bridging forward decisions, thus
should be not used for deciding the reverse path for those ICMP messages.
This bug only affects IPV4, not in IPv6.
v1->v2: restructure the patches into two patches that fix defragmentation and
fragmentation respectively.
A bit is add in IPCB to control whether ICMP packet should be
generated for defragmentation.
Fragmentation ICMP is now removed by restructuring the
ip_fragment() API.
v2->v3: Add droping icmp for bridging contrack users
drop exporting ip_fragment() API.
v3->v4: Remove unnecessary parentheses in 'return' statements
v4->v5: Drop the patch that sets and checks a bit in IPCB
that prevents ip_defrag to send ICMP.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/ip.h | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/include/net/ip.h b/include/net/ip.h index 0ed6d768e606..cd7a6a458bb6 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -108,8 +108,8 @@ int ip_local_deliver(struct sk_buff *skb); int ip_mr_input(struct sk_buff *skb); int ip_output(struct sock *sk, struct sk_buff *skb); int ip_mc_output(struct sock *sk, struct sk_buff *skb); -int ip_fragment(struct sock *sk, struct sk_buff *skb, - int (*output)(struct sock *, struct sk_buff *)); +int ip_do_fragment(struct sock *sk, struct sk_buff *skb, + int (*output)(struct sock *, struct sk_buff *)); int ip_do_nat(struct sk_buff *skb); void ip_send_check(struct iphdr *ip); int __ip_local_out(struct sk_buff *skb); @@ -478,6 +478,16 @@ enum ip_defrag_users { IP_DEFRAG_MACVLAN, }; +/* Return true if the value of 'user' is between 'lower_bond' + * and 'upper_bond' inclusively. + */ +static inline bool ip_defrag_user_in_between(u32 user, + enum ip_defrag_users lower_bond, + enum ip_defrag_users upper_bond) +{ + return user >= lower_bond && user <= upper_bond; +} + int ip_defrag(struct sk_buff *skb, u32 user); #ifdef CONFIG_INET struct sk_buff *ip_check_defrag(struct sk_buff *skb, u32 user); |