netfilter: bridge: allow fragmentation of VLAN packets traversing a bridge

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

br_nf_dev_queue_xmit only checks for ETH_P_IP packets for fragmenting but not
VLAN packets. This results in dropping of large VLAN packets. This can be
observed when connection tracking is enabled. Connection tracking re-assembles
fragmented packets, and these have to re-fragmented when transmitting out. Also,
make sure only refragmented packets are defragmented as per suggestion from
Patrick McHardy.

Signed-off-by: Saikiran Madugula <hummerbliss@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

authored by

hummerbliss@gmail.com and committed by

Patrick McHardy 17 years ago c197facc a0142733

+9 -1

1 changed file

expand all

net

bridge

br_netfilter.c

+9 -1

net/bridge/br_netfilter.c

··· 788 788 return NF_STOLEN; 789 789 } 790 790 791 + #if defined(CONFIG_NF_CONNTRACK_IPV4) || defined(CONFIG_NF_CONNTRACK_IPV4_MODULE) 791 792 static int br_nf_dev_queue_xmit(struct sk_buff *skb) 792 793 { 793 - if (skb->protocol == htons(ETH_P_IP) && 794 + if (skb->nfct != NULL && 795 + (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb)) && 794 796 skb->len > skb->dev->mtu && 795 797 !skb_is_gso(skb)) 796 798 return ip_fragment(skb, br_dev_queue_push_xmit); 797 799 else 798 800 return br_dev_queue_push_xmit(skb); 799 801 } 802 + #else 803 + static int br_nf_dev_queue_xmit(struct sk_buff *skb) 804 + { 805 + return br_dev_queue_push_xmit(skb); 806 + } 807 + #endif 800 808 801 809 /* PF_BRIDGE/POST_ROUTING ********************************************/ 802 810 static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,