netfilter: bridge: allow fragmentation of VLAN packets traversing a bridge
br_nf_dev_queue_xmit only checks for ETH_P_IP packets for fragmenting but not VLAN packets. This results in dropping of large VLAN packets. This can be observed when connection tracking is enabled. Connection tracking re-assembles fragmented packets, and these have to re-fragmented when transmitting out. Also, make sure only refragmented packets are defragmented as per suggestion from Patrick McHardy. Signed-off-by: Saikiran Madugula <hummerbliss@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
parent
a0142733a7
commit
c197facc8e
@ -788,15 +788,23 @@ static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb,
|
||||
return NF_STOLEN;
|
||||
}
|
||||
|
||||
#if defined(CONFIG_NF_CONNTRACK_IPV4) || defined(CONFIG_NF_CONNTRACK_IPV4_MODULE)
|
||||
static int br_nf_dev_queue_xmit(struct sk_buff *skb)
|
||||
{
|
||||
if (skb->protocol == htons(ETH_P_IP) &&
|
||||
if (skb->nfct != NULL &&
|
||||
(skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb)) &&
|
||||
skb->len > skb->dev->mtu &&
|
||||
!skb_is_gso(skb))
|
||||
return ip_fragment(skb, br_dev_queue_push_xmit);
|
||||
else
|
||||
return br_dev_queue_push_xmit(skb);
|
||||
}
|
||||
#else
|
||||
static int br_nf_dev_queue_xmit(struct sk_buff *skb)
|
||||
{
|
||||
return br_dev_queue_push_xmit(skb);
|
||||
}
|
||||
#endif
|
||||
|
||||
/* PF_BRIDGE/POST_ROUTING ********************************************/
|
||||
static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
|
||||
|
Loading…
Reference in New Issue
Block a user