From 5a7990b2b9255c28801e8f6546b419949da0b9e2 Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Thu, 4 Dec 2003 20:34:00 -0800 Subject: [PATCH] [NETFILTER]: In conntrack, do not fragment TSO packets by accident. --- net/ipv4/netfilter/ip_conntrack_standalone.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c index 62c3ea2e5dd8..4c357ef5da26 100644 --- a/net/ipv4/netfilter/ip_conntrack_standalone.c +++ b/net/ipv4/netfilter/ip_conntrack_standalone.c @@ -201,7 +201,8 @@ static unsigned int ip_refrag(unsigned int hooknum, /* Local packets are never produced too large for their interface. We degfragment them at LOCAL_OUT, however, so we have to refragment them here. */ - if ((*pskb)->len > dst_pmtu(&rt->u.dst)) { + if ((*pskb)->len > dst_pmtu(&rt->u.dst) && + !skb_shinfo(*pskb)->tso_size) { /* No hook can be after us, so this should be OK. */ ip_fragment(*pskb, okfn); return NF_STOLEN; -- 2.39.5