From 9af3912ec9e30509b76cb376abb65a4d8af27df3 Mon Sep 17 00:00:00 2001
From: John Heffner <jheffner@psc.edu>
Date: Sun, 25 Mar 2007 23:32:29 -0700
Subject: [NET] Move DF check to ip_forward

Do fragmentation check in ip_forward, similar to ipv6 forwarding.

Signed-off-by: John Heffner <jheffner@psc.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
 net/ipv4/ip_forward.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'net/ipv4/ip_forward.c')

diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index 467ebed..61b30d1 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -85,6 +85,14 @@ int ip_forward(struct sk_buff *skb)
 	if (opt->is_strictroute && rt->rt_dst != rt->rt_gateway)
 		goto sr_failed;
 
+	if (unlikely(skb->len > dst_mtu(&rt->u.dst) &&
+	             (ip_hdr(skb)->frag_off & htons(IP_DF))) && !skb->local_df) {
+		IP_INC_STATS(IPSTATS_MIB_FRAGFAILS);
+		icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
+			  htonl(dst_mtu(&rt->u.dst)));
+		goto drop;
+	}
+
 	/* We are about to mangle packet. Copy it! */
 	if (skb_cow(skb, LL_RESERVED_SPACE(rt->u.dst.dev)+rt->u.dst.header_len))
 		goto drop;
-- 
cgit v1.1