www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Huajian Yang <huajianyang@asrmicro.com>
	Thu, 17 Apr 2025 09:29:53 +0000 (17:29 +0800)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 5 May 2025 11:13:08 +0000 (13:13 +0200)
commit	aa04c6f45b9224b949aa35d4fa5f8d0ba07b23d4
tree	84955fd7e07c5cc802e1bf2ecad2389053d6b729	tree
parent	836b313a14a316290886dcc2ce7e78bf5ecc8658	commit \| diff

netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it

The config NF_CONNTRACK_BRIDGE will change the bridge forwarding for
fragmented packets.

The original bridge does not know that it is a fragmented packet and
forwards it directly, after NF_CONNTRACK_BRIDGE is enabled, function
nf_br_ip_fragment and br_ip6_fragment will check the headroom.

In original br_forward, insufficient headroom of skb may indeed exist,
but there's still a way to save the skb in the device driver after
dev_queue_xmit.So droping the skb will change the original bridge
forwarding in some cases.

Fixes: 3c171f496ef5 ("netfilter: bridge: add connection tracking system")
Signed-off-by: Huajian Yang <huajianyang@asrmicro.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/bridge/netfilter/nf_conntrack_bridge.c		diff \| blob \| history
net/ipv6/netfilter.c		diff \| blob \| history