bridge_netfilter: No ICMP packet on IPv4 fragmentation error
authorAndy Zhou <azhou@nicira.com>
Fri, 15 May 2015 21:15:37 +0000 (14:15 -0700)
committerDavid S. Miller <davem@davemloft.net>
Tue, 19 May 2015 04:15:39 +0000 (00:15 -0400)
commit49d16b23cd1e61c028ee088c5a64e9ac6a9c6147
tree446c416b396c4561bd5616f6fba2ef52c43c8d06
parent8bc04864ac89616e55fc8a196dd32b7066433ea8
bridge_netfilter: No ICMP packet on IPv4 fragmentation error

When bridge netfilter re-fragments an IP packet for output, all
packets that can not be re-fragmented to their original input size
should be silently discarded.

However, current bridge netfilter output path generates an ICMP packet
with 'size exceeded MTU' message for such packets, this is a bug.

This patch refactors the ip_fragment() API to allow two separate
use cases. The bridge netfilter user case will not
send ICMP, the routing output will, as before.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/ip.h
net/bridge/br_netfilter.c
net/ipv4/ip_output.c