Merge branch 'fixes-2.6.23' of master.kernel.org:/pub/scm/linux/kernel/git/galak...

[linux-2.6] / net / ipv6 / ip6_output.c

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 5a5b7d4ad31c86974c93aa36da1cc2d4dd8d23f6..50d86e94d9ed3358bf8bad71ca36599adea63527 100644 (file)
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -137,9 +137,17 @@ static int ip6_output2(struct sk_buff *skb)
        return NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, skb,NULL, skb->dev,ip6_output_finish);
 }
 
+static inline int ip6_skb_dst_mtu(struct sk_buff *skb)
+{
+       struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
+
+       return (np && np->pmtudisc == IPV6_PMTUDISC_PROBE) ?
+              skb->dst->dev->mtu : dst_mtu(skb->dst);
+}
+
 int ip6_output(struct sk_buff *skb)
 {
-       if ((skb->len > dst_mtu(skb->dst) && !skb_is_gso(skb)) ||
+       if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
                                dst_allfrag(skb->dst))
                return ip6_fragment(skb, ip6_output2);
        else
@@ -455,10 +463,17 @@ int ip6_forward(struct sk_buff *skb)
                 */
                if (xrlim_allow(dst, 1*HZ))
                        ndisc_send_redirect(skb, n, target);
-       } else if (ipv6_addr_type(&hdr->saddr)&(IPV6_ADDR_MULTICAST|IPV6_ADDR_LOOPBACK
-                                               |IPV6_ADDR_LINKLOCAL)) {
+       } else {
+               int addrtype = ipv6_addr_type(&hdr->saddr);
+
                /* This check is security critical. */
-               goto error;
+               if (addrtype & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LOOPBACK))
+                       goto error;
+               if (addrtype & IPV6_ADDR_LINKLOCAL) {
+                       icmpv6_send(skb, ICMPV6_DEST_UNREACH,
+                               ICMPV6_NOT_NEIGHBOUR, 0, skb->dev);
+                       goto error;
+               }
        }
 
        if (skb->len > dst_mtu(dst)) {
@@ -506,6 +521,10 @@ static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
        to->tc_index = from->tc_index;
 #endif
        nf_copy(to, from);
+#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
+    defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
+       to->nf_trace = from->nf_trace;
+#endif
        skb_copy_secmark(to, from);
 }
 
@@ -528,7 +547,7 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
                        found_rhdr = 1;
                        break;
                case NEXTHDR_DEST:
-#ifdef CONFIG_IPV6_MIP6
+#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
                        if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0)
                                break;
 #endif
@@ -566,7 +585,7 @@ static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
        hlen = ip6_find_1stfragopt(skb, &prevhdr);
        nexthdr = *prevhdr;
 
-       mtu = dst_mtu(&rt->u.dst);
+       mtu = ip6_skb_dst_mtu(skb);
 
        /* We must not fragment if the socket is set to force MTU discovery
         * or if the skb it not generated by a local socket.  (This last
@@ -1063,7 +1082,8 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
                inet->cork.fl = *fl;
                np->cork.hop_limit = hlimit;
                np->cork.tclass = tclass;
-               mtu = dst_mtu(rt->u.dst.path);
+               mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
+                     rt->u.dst.dev->mtu : dst_mtu(rt->u.dst.path);
                if (np->frag_size < mtu) {
                        if (np->frag_size)
                                mtu = np->frag_size;