[Bridge] Re: Any way of knowing a packet's been defragmented

Bart De Schuymer bdschuym at pandora.be
Thu Aug 5 09:01:25 PDT 2004


On Thursday 05 August 2004 16:58, Eble, Dan wrote:
> > The check should be after all
> > netfilter hooks just before the packet is given to the NIC
> > driver, dropped
> > on transmit because it can not be sent out on the target media, not
> > dropped in "bridge forwarding" because it seems to be bigger than the
> > intended target device.
>
> That makes sense.

I agree.

Stephen, how about this patch?

cheers,
Bart

--- linux-2.6.8-rc2-bk9/net/bridge/br_forward.c.old	2004-08-02 23:15:42.000000000 +0200
+++ linux-2.6.8-rc2-bk9/net/bridge/br_forward.c	2004-08-05 17:57:52.000000000 +0200
@@ -23,7 +23,6 @@ static inline int should_deliver(const s
 				 const struct sk_buff *skb)
 {
 	if (skb->dev == p->dev ||
-	    skb->len > p->dev->mtu ||
 	    p->state != BR_STATE_FORWARDING)
 		return 0;
 
@@ -32,6 +31,10 @@ static inline int should_deliver(const s
 
 int br_dev_queue_push_xmit(struct sk_buff *skb)
 {
+	if (skb->len > skb->dev->mtu) {
+		kfree_skb(skb);
+		return 0;
+	}
 #ifdef CONFIG_BRIDGE_NETFILTER
 	/* ip_refrag calls ip_fragment, which doesn't copy the MAC header. */
 	nf_bridge_maybe_copy_header(skb);




More information about the Bridge mailing list