From 32aced7509cb20ef3ec67c9b56f5b55c41dd4f8d Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Fri, 28 Mar 2008 16:23:19 -0700 Subject: [NET]: Don't send ICMP_FRAG_NEEDED for GSO packets Commit 9af3912ec9e30509b76cb376abb65a4d8af27df3 ("[NET] Move DF check to ip_forward") added a new check to send ICMP fragmentation needed for large packets. Unlike the check in ip_finish_output(), it doesn't check for GSO. Signed-off-by: Rusty Russell Signed-off-by: David S. Miller --- net/ipv4/ip_forward.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net/ipv4') diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c index 0b3b328d82db..a4506c8cfef0 100644 --- a/net/ipv4/ip_forward.c +++ b/net/ipv4/ip_forward.c @@ -85,7 +85,7 @@ int ip_forward(struct sk_buff *skb) if (opt->is_strictroute && rt->rt_dst != rt->rt_gateway) goto sr_failed; - if (unlikely(skb->len > dst_mtu(&rt->u.dst) && + if (unlikely(skb->len > dst_mtu(&rt->u.dst) && !skb_is_gso(skb) && (ip_hdr(skb)->frag_off & htons(IP_DF))) && !skb->local_df) { IP_INC_STATS(IPSTATS_MIB_FRAGFAILS); icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, -- cgit v1.2.3-59-g8ed1b From e8e16b706e8406f1ab3bccab16932ebc513896d8 Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Fri, 28 Mar 2008 17:30:18 -0700 Subject: [INET]: inet_frag_evictor() must run with BH disabled Based upon a lockdep trace from Dave Jones. Signed-off-by: David S. Miller --- net/ipv4/inet_fragment.c | 3 +++ net/ipv6/netfilter/nf_conntrack_reasm.c | 2 ++ 2 files changed, 5 insertions(+) (limited to 'net/ipv4') diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c index 724d69aed031..a0a3c78cb5e0 100644 --- a/net/ipv4/inet_fragment.c +++ b/net/ipv4/inet_fragment.c @@ -86,7 +86,10 @@ EXPORT_SYMBOL(inet_frags_fini); void inet_frags_exit_net(struct netns_frags *nf, struct inet_frags *f) { nf->low_thresh = 0; + + local_bh_disable(); inet_frag_evictor(nf, f); + local_bh_enable(); } EXPORT_SYMBOL(inet_frags_exit_net); diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index 2a0d698b24d5..24c0d03095bf 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c @@ -171,7 +171,9 @@ static __inline__ void fq_kill(struct nf_ct_frag6_queue *fq) static void nf_ct_frag6_evictor(void) { + local_bh_disable(); inet_frag_evictor(&nf_init_frags, &nf_frags); + local_bh_enable(); } static void nf_ct_frag6_expire(unsigned long data) -- cgit v1.2.3-59-g8ed1b From b50660f1fe4ebd6129064e4fba0bd882b60c2425 Mon Sep 17 00:00:00 2001 From: YOSHIFUJI Hideaki Date: Mon, 31 Mar 2008 19:38:15 -0700 Subject: [IP] UDP: Use SEQ_START_TOKEN. Signed-off-by: YOSHIFUJI Hideaki Signed-off-by: David S. Miller --- net/ipv4/udp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'net/ipv4') diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index 7ea1b67b6de1..1704c1474ea1 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1556,14 +1556,14 @@ static void *udp_seq_start(struct seq_file *seq, loff_t *pos) __acquires(udp_hash_lock) { read_lock(&udp_hash_lock); - return *pos ? udp_get_idx(seq, *pos-1) : (void *)1; + return *pos ? udp_get_idx(seq, *pos-1) : SEQ_START_TOKEN; } static void *udp_seq_next(struct seq_file *seq, void *v, loff_t *pos) { struct sock *sk; - if (v == (void *)1) + if (v == SEQ_START_TOKEN) sk = udp_get_idx(seq, 0); else sk = udp_get_next(seq, v); -- cgit v1.2.3-59-g8ed1b