Re: [PATCH] net: Move specific fragmented packet to slow_path instead of dropping it

Florian Westphal Thu, 10 Apr 2025 03:20:18 -0700

Huajian Yang <huajiany...@asrmicro.com> wrote:
> --- a/net/bridge/netfilter/nf_conntrack_bridge.c
> +++ b/net/bridge/netfilter/nf_conntrack_bridge.c
> @@ -61,18 +61,14 @@ static int nf_br_ip_fragment(struct net *net, struct sock 
> *sk,
>               struct sk_buff *frag;
>  
>               if (first_len - hlen > mtu ||
> -                 skb_headroom(skb) < ll_rs)
> -                     goto blackhole;


I would prefer to keep blackhole logic for the mtu tests,
i.e.
  if (first_len - hlen > mtu)
      goto blackhole;

same for the frag->len test in the skb_walk_frags loop.
>From what I understood the problem is only because of
the lower devices' headroom requirement.

Re: [PATCH] net: Move specific fragmented packet to slow_path instead of dropping it

Reply via email to