Commit d07c59df authored by Florian Westphal's avatar Florian Westphal Committed by Sasha Levin

netfilter: bridge: really save frag_max_size between PRE and POST_ROUTING

[ Upstream commit 0b67c43c ]

We also need to save/store in forward, else br_parse_ip_options call
will zero frag_max_size as well.

Fixes: 93fdd47e ('bridge: Save frag_max_size between PRE_ROUTING and POST_ROUTING')
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
parent d08282c1
...@@ -650,6 +650,13 @@ static int br_nf_forward_finish(struct sk_buff *skb) ...@@ -650,6 +650,13 @@ static int br_nf_forward_finish(struct sk_buff *skb)
struct net_device *in; struct net_device *in;
if (!IS_ARP(skb) && !IS_VLAN_ARP(skb)) { if (!IS_ARP(skb) && !IS_VLAN_ARP(skb)) {
int frag_max_size;
if (skb->protocol == htons(ETH_P_IP)) {
frag_max_size = IPCB(skb)->frag_max_size;
BR_INPUT_SKB_CB(skb)->frag_max_size = frag_max_size;
}
in = nf_bridge->physindev; in = nf_bridge->physindev;
if (nf_bridge->mask & BRNF_PKT_TYPE) { if (nf_bridge->mask & BRNF_PKT_TYPE) {
skb->pkt_type = PACKET_OTHERHOST; skb->pkt_type = PACKET_OTHERHOST;
...@@ -709,9 +716,15 @@ static unsigned int br_nf_forward_ip(const struct nf_hook_ops *ops, ...@@ -709,9 +716,15 @@ static unsigned int br_nf_forward_ip(const struct nf_hook_ops *ops,
nf_bridge->mask |= BRNF_PKT_TYPE; nf_bridge->mask |= BRNF_PKT_TYPE;
} }
if (pf == NFPROTO_IPV4 && br_parse_ip_options(skb)) if (pf == NFPROTO_IPV4) {
int frag_max = BR_INPUT_SKB_CB(skb)->frag_max_size;
if (br_parse_ip_options(skb))
return NF_DROP; return NF_DROP;
IPCB(skb)->frag_max_size = frag_max;
}
/* The physdev module checks on this */ /* The physdev module checks on this */
nf_bridge->mask |= BRNF_BRIDGED; nf_bridge->mask |= BRNF_BRIDGED;
nf_bridge->physoutdev = skb->dev; nf_bridge->physoutdev = skb->dev;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment