Fedora kernel-2.6.17-1.2142_FC4 patched with stable patch-2.6.17.4-vs2.0.2-rc26.diff

[linux-2.6.git] / net / bridge / br_forward.c

diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
index 1589763..56f3aa4 100644 (file)
--- a/net/bridge/br_forward.c
+++ b/net/bridge/br_forward.c
@@ -16,6 +16,7 @@
 #include <linux/kernel.h>
 #include <linux/netdevice.h>
 #include <linux/skbuff.h>
+#include <linux/if_vlan.h>
 #include <linux/netfilter_bridge.h>
 #include "br_private.h"
 
@@ -29,15 +30,25 @@ static inline int should_deliver(const struct net_bridge_port *p,
        return 1;
 }
 
+static inline unsigned packet_length(const struct sk_buff *skb)
+{
+       return skb->len - (skb->protocol == htons(ETH_P_8021Q) ? VLAN_HLEN : 0);
+}
+
 int br_dev_queue_push_xmit(struct sk_buff *skb)
 {
+       /* drop mtu oversized packets except tso */
+       if (packet_length(skb) > skb->dev->mtu && !skb_shinfo(skb)->tso_size)
+               kfree_skb(skb);
+       else {
 #ifdef CONFIG_BRIDGE_NETFILTER
-       /* ip_refrag calls ip_fragment, which doesn't copy the MAC header. */
-       nf_bridge_maybe_copy_header(skb);
+               /* ip_refrag calls ip_fragment, doesn't copy the MAC header. */
+               nf_bridge_maybe_copy_header(skb);
 #endif
-       skb_push(skb, ETH_HLEN);
+               skb_push(skb, ETH_HLEN);
 
-       dev_queue_xmit(skb);
+               dev_queue_xmit(skb);
+       }
 
        return 0;
 }
@@ -53,9 +64,6 @@ int br_forward_finish(struct sk_buff *skb)
 static void __br_deliver(const struct net_bridge_port *to, struct sk_buff *skb)
 {
        skb->dev = to->dev;
-#ifdef CONFIG_NETFILTER_DEBUG
-       skb->nf_debug = 0;
-#endif
        NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
                        br_forward_finish);
 }