summaryrefslogtreecommitdiff
path: root/samples
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2015-06-05 11:27:13 (GMT)
committerPablo Neira Ayuso <pablo@netfilter.org>2015-06-12 12:16:55 (GMT)
commitd7b597421519d6f680eb8e152a0d8447466ee2d6 (patch)
tree552f6c80a7f142bc38d645a9e2874ebce433ccd8 /samples
parent33b1f31392861947fa2a2a57c3a39ab63b8c9f9d (diff)
downloadlinux-d7b597421519d6f680eb8e152a0d8447466ee2d6.tar.xz
netfilter: bridge: restore vlan tag when refragmenting
If bridge netfilter is used with both bridge-nf-call-iptables and bridge-nf-filter-vlan-tagged enabled then ip fragments in VLAN frames are sent without the vlan header. This has never worked reliably. Turns out this relied on pre-3.5 behaviour where skb frag_list was used to store ip fragments; ip_fragment() then re-used these skbs. But since commit 3cc4949269e01f39443d0fcfffb5bc6b47878d45 ("ipv4: use skb coalescing in defragmentation") this is no longer the case. ip_do_fragment now needs to allocate new skbs, but these don't contain the vlan tag information anymore. Fix it by storing vlan information of the ressembled skb in the br netfilter percpu frag area, and restore them for each of the fragments. Fixes: 3cc4949269e01f3 ("ipv4: use skb coalescing in defragmentation") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'samples')
0 files changed, 0 insertions, 0 deletions