Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp7151252ybi; Mon, 8 Jul 2019 15:40:42 -0700 (PDT) X-Google-Smtp-Source: APXvYqxL57HX9G5LnvaWNMZ0yoGz3XjO3nB5FgbB3MFUDn7x0SFONvOXqRpRkCgLalmcmchxaeOH X-Received: by 2002:a17:902:20ec:: with SMTP id v41mr26265975plg.142.1562625642846; Mon, 08 Jul 2019 15:40:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562625642; cv=none; d=google.com; s=arc-20160816; b=XDm8z2sSWiwotfZbqbrYRHtn8omIGU3Y32BYnMD4BySD+1+b7OaG6JtGtC4ITYLQgD F4Uc5k0L4qadbj7bVFdUjPrJzz94pOkh9I86R9iPEi6LpJuytDajT9Bm8oc38x6uNoRe +26Gq///QlSO7SxZPo50RrPK5+NfjqhP0lZ1tinnjehvu6g91HqxMOETD+uI4HZiWhMO oiEOyfOYh5pCC5PeOnZEl5O2RB3m5tP0uUJ4AyncZwcQr3ndkrr1jeIAsTdlTcaNmWv0 fKRNWZe5z9r92hbLG0aD4rnbZWo/ftnnyx1shyN6keu9A1fGllkMzaZwrFmP5PHg0yjx tQQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=cz2JoEj6b5fVXAZ/5irZwtH3CxXSSOk5QBLQvpY/UbE=; b=f3+/prLozuiIfTv1kfI3U/a/zrcQ9xO9zIod7iTwAtIpT59J9OVlt8M2o1OO/FZv6P SgHymxgIR3+st67EEbosQtgNtpj1bkAAydj81VIYog0eKI6lD3kTh2qHDCgm4GjCUnIc OG/4mqHp8R/6vi7B2hwyfS8sfiGyLVbEVLaf+i3s11YPD0UfJr0YEreMUTZEQoQK474L k146rKXg33Cl6q3ntQdY7fVOIGP6wOoP2qou/hGi3QCqBfn0LjdM/D3MCkzXLV/9Z7u0 RxIFlSt7EQ0RZRElWo0lG+b/OFTsTPwdIrxwvgij95RvPa/sDlg9gtghYeFpzxFRJNfH Ut8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=MSh3b6yh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m5si17101985pls.358.2019.07.08.15.40.28; Mon, 08 Jul 2019 15:40:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=MSh3b6yh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390663AbfGHPhi (ORCPT + 99 others); Mon, 8 Jul 2019 11:37:38 -0400 Received: from mail.kernel.org ([198.145.29.99]:33236 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389966AbfGHPbw (ORCPT ); Mon, 8 Jul 2019 11:31:52 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 18EA3216C4; Mon, 8 Jul 2019 15:31:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1562599911; bh=EMd2/EMEbomDp/HYQ44yrWt9W+8QT59uhc6NBw2ZYe4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MSh3b6yhn37nohj71HrHxUFTqcJ9LUOsKJlpTwF31DJoPoUql06PoaWFNFd091WeF aVW9SnM2jtZWid49ESN7Oy8GV56WFas2Yl04XNVC4Dlvs4P9K6hr+fWdpFKY4aZ2Sb rCCAUX8lFfW1bCzXP7TtxXV/q2SwRbr7LeTAfuZY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Florian Westphal , Pablo Neira Ayuso Subject: [PATCH 5.1 03/96] netfilter: nf_flow_table: ignore DF bit setting Date: Mon, 8 Jul 2019 17:12:35 +0200 Message-Id: <20190708150526.452638247@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190708150526.234572443@linuxfoundation.org> References: <20190708150526.234572443@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Florian Westphal commit e75b3e1c9bc5b997d09bdf8eb72ab3dd3c1a7072 upstream. Its irrelevant if the DF bit is set or not, we must pass packet to stack in either case. If the DF bit is set, we must pass it to stack so the appropriate ICMP error can be generated. If the DF is not set, we must pass it to stack for fragmentation. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman --- net/netfilter/nf_flow_table_ip.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -246,8 +246,7 @@ nf_flow_offload_ip_hook(void *priv, stru flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); rt = (struct rtable *)flow->tuplehash[dir].tuple.dst_cache; - if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)) && - (ip_hdr(skb)->frag_off & htons(IP_DF)) != 0) + if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu))) return NF_ACCEPT; if (skb_try_make_writable(skb, sizeof(*iph)))