From: Florian Westphal <fw@strlen.de>
Date: Fri, 2 May 2014 13:32:16 +0000 (+0200)
Subject: netfilter: ipv4: defrag: set local_df flag on defragmented skb
X-Git-Tag: omap-for-v3.16/fixes-against-rc1~146^2~52^2~4
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=895162b1101b3ea5db08ca6822ae9672717efec0;p=pandora-kernel.git

netfilter: ipv4: defrag: set local_df flag on defragmented skb

else we may fail to forward skb even if original fragments do fit
outgoing link mtu:

1. remote sends 2k packets in two 1000 byte frags, DF set
2. we want to forward but only see '2k > mtu and DF set'
3. we then send icmp error saying that outgoing link is 1500

But original sender never sent a packet that would not fit
the outgoing link.

Setting local_df makes outgoing path test size vs.
IPCB(skb)->frag_max_size, so we will still send the correct
error in case the largest original size did not fit
outgoing link mtu.

Reported-by: Maxime Bizon <mbizon@freebox.fr>
Suggested-by: Maxime Bizon <mbizon@freebox.fr>
Fixes: 5f2d04f1f9 (ipv4: fix path MTU discovery with connection tracking)
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

Reading git-diff-tree failed