Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

[cascardo/linux.git] / net / ipv4 / ip_fragment.c

diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index cc1da6d..a50dc6d 100644 (file)
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -75,6 +75,7 @@ struct ipq {
        __be16          id;
        u8              protocol;
        u8              ecn; /* RFC3168 support */
+       u16             max_df_size; /* largest frag with DF set seen */
        int             iif;
        unsigned int    rid;
        struct inet_peer *peer;
@@ -173,6 +174,15 @@ static void ipq_kill(struct ipq *ipq)
        inet_frag_kill(&ipq->q, &ip4_frags);
 }
 
+static bool frag_expire_skip_icmp(u32 user)
+{
+       return user == IP_DEFRAG_AF_PACKET ||
+              ip_defrag_user_in_between(user, IP_DEFRAG_CONNTRACK_IN,
+                                        __IP_DEFRAG_CONNTRACK_IN_END) ||
+              ip_defrag_user_in_between(user, IP_DEFRAG_CONNTRACK_BRIDGE_IN,
+                                        __IP_DEFRAG_CONNTRACK_BRIDGE_IN);
+}
+
 /*
  * Oops, a fragment queue timed out.  Kill it and send an ICMP reply.
  */
@@ -217,10 +227,8 @@ static void ip_expire(unsigned long arg)
                /* Only an end host needs to send an ICMP
                 * "Fragment Reassembly Timeout" message, per RFC792.
                 */
-               if (qp->user == IP_DEFRAG_AF_PACKET ||
-                   ((qp->user >= IP_DEFRAG_CONNTRACK_IN) &&
-                    (qp->user <= __IP_DEFRAG_CONNTRACK_IN_END) &&
-                    (skb_rtable(head)->rt_type != RTN_LOCAL)))
+               if (frag_expire_skip_icmp(qp->user) &&
+                   (skb_rtable(head)->rt_type != RTN_LOCAL))
                        goto out_rcu_unlock;
 
                /* Send an ICMP "Fragment Reassembly Timeout" message. */
@@ -319,6 +327,7 @@ static int ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
 {
        struct sk_buff *prev, *next;
        struct net_device *dev;
+       unsigned int fragsize;
        int flags, offset;
        int ihl, end;
        int err = -ENOENT;
@@ -474,9 +483,14 @@ found:
        if (offset == 0)
                qp->q.flags |= INET_FRAG_FIRST_IN;
 
+       fragsize = skb->len + ihl;
+
+       if (fragsize > qp->q.max_size)
+               qp->q.max_size = fragsize;
+
        if (ip_hdr(skb)->frag_off & htons(IP_DF) &&
-           skb->len + ihl > qp->q.max_size)
-               qp->q.max_size = skb->len + ihl;
+           fragsize > qp->max_df_size)
+               qp->max_df_size = fragsize;
 
        if (qp->q.flags == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) &&
            qp->q.meat == qp->q.len) {
@@ -606,13 +620,27 @@ static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
        head->next = NULL;
        head->dev = dev;
        head->tstamp = qp->q.stamp;
-       IPCB(head)->frag_max_size = qp->q.max_size;
+       IPCB(head)->frag_max_size = max(qp->max_df_size, qp->q.max_size);
 
        iph = ip_hdr(head);
-       /* max_size != 0 implies at least one fragment had IP_DF set */
-       iph->frag_off = qp->q.max_size ? htons(IP_DF) : 0;
        iph->tot_len = htons(len);
        iph->tos |= ecn;
+
+       /* When we set IP_DF on a refragmented skb we must also force a
+        * call to ip_fragment to avoid forwarding a DF-skb of size s while
+        * original sender only sent fragments of size f (where f < s).
+        *
+        * We only set DF/IPSKB_FRAG_PMTU if such DF fragment was the largest
+        * frag seen to avoid sending tiny DF-fragments in case skb was built
+        * from one very small df-fragment and one large non-df frag.
+        */
+       if (qp->max_df_size == qp->q.max_size) {
+               IPCB(head)->flags |= IPSKB_FRAG_PMTU;
+               iph->frag_off = htons(IP_DF);
+       } else {
+               iph->frag_off = 0;
+       }
+
        IP_INC_STATS_BH(net, IPSTATS_MIB_REASMOKS);
        qp->q.fragments = NULL;
        qp->q.fragments_tail = NULL;