Re: [PATCH] net: Move specific fragmented packet to slow_path instead of dropping it
From: Florian Westphal
Date: Thu Apr 10 2025 - 06:19:39 EST
Huajian Yang <huajianyang@xxxxxxxxxxxx> wrote:
> --- a/net/bridge/netfilter/nf_conntrack_bridge.c
> +++ b/net/bridge/netfilter/nf_conntrack_bridge.c
> @@ -61,18 +61,14 @@ static int nf_br_ip_fragment(struct net *net, struct sock *sk,
> struct sk_buff *frag;
>
> if (first_len - hlen > mtu ||
> - skb_headroom(skb) < ll_rs)
> - goto blackhole;
I would prefer to keep blackhole logic for the mtu tests,
i.e.
if (first_len - hlen > mtu)
goto blackhole;
same for the frag->len test in the skb_walk_frags loop.
>From what I understood the problem is only because of
the lower devices' headroom requirement.