From: John Heffner <jheffner@psc.edu>
Date: Mon, 26 Mar 2007 06:32:29 +0000 (-0700)
Subject: [NET] Move DF check to ip_forward
X-Git-Url: http://drtracing.org/?a=commitdiff_plain;h=9af3912ec9e30509b76cb376abb65a4d8af27df3;p=deliverable%2Flinux.git

[NET] Move DF check to ip_forward

Do fragmentation check in ip_forward, similar to ipv6 forwarding.

Signed-off-by: John Heffner <jheffner@psc.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index 467ebedb99ba..61b30d100676 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -85,6 +85,14 @@ int ip_forward(struct sk_buff *skb)
 	if (opt->is_strictroute && rt->rt_dst != rt->rt_gateway)
 		goto sr_failed;
 
+	if (unlikely(skb->len > dst_mtu(&rt->u.dst) &&
+	             (ip_hdr(skb)->frag_off & htons(IP_DF))) && !skb->local_df) {
+		IP_INC_STATS(IPSTATS_MIB_FRAGFAILS);
+		icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
+			  htonl(dst_mtu(&rt->u.dst)));
+		goto drop;
+	}
+
 	/* We are about to mangle packet. Copy it! */
 	if (skb_cow(skb, LL_RESERVED_SPACE(rt->u.dst.dev)+rt->u.dst.header_len))
 		goto drop;