There is a problem with fragmented IP packet sent within 802.1Q tagged
ethernet frame through bridge. Problem exists when conntrack is enabled
(i.e. nf_conntrack_ipv4 module is loaded). Then, such packets are not
fragmented again (after prior reassembling on bridge device) during
passing it to brid
Stephen Hemminger wrote:
> It would be better to account for the tag in the length check.
> Something like
> if (skb->protocol == htons(ETH_P_IP) &&
> skb->len > skb->dev->mtu - (IS_VLAN_IP(skb) ? VLAN_HLEN : 0) &&
> !skb_is_gso(skb))
> return ip_fragment ...
2 matches
Mail list logo
