From f9024c68b3abcc48258c568423e30d94d81b569b Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 12 Jun 2014 10:49:55 -0700
Subject: [PATCH] 3.10-stable patches

added patches:
	netfilter-ipv4-defrag-set-local_df-flag-on-defragmented-skb.patch
---
 ...et-local_df-flag-on-defragmented-skb.patch | 58 +++++++++++++++++++
 queue-3.10/series                             |  1 +
 2 files changed, 59 insertions(+)
 create mode 100644 queue-3.10/netfilter-ipv4-defrag-set-local_df-flag-on-defragmented-skb.patch

diff --git a/queue-3.10/netfilter-ipv4-defrag-set-local_df-flag-on-defragmented-skb.patch b/queue-3.10/netfilter-ipv4-defrag-set-local_df-flag-on-defragmented-skb.patch
new file mode 100644
index 00000000000..c53cdc18a0b
--- /dev/null
+++ b/queue-3.10/netfilter-ipv4-defrag-set-local_df-flag-on-defragmented-skb.patch
@@ -0,0 +1,58 @@
+From 895162b1101b3ea5db08ca6822ae9672717efec0 Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Fri, 2 May 2014 15:32:16 +0200
+Subject: netfilter: ipv4: defrag: set local_df flag on defragmented skb
+
+From: Florian Westphal <fw@strlen.de>
+
+commit 895162b1101b3ea5db08ca6822ae9672717efec0 upstream.
+
+else we may fail to forward skb even if original fragments do fit
+outgoing link mtu:
+
+1. remote sends 2k packets in two 1000 byte frags, DF set
+2. we want to forward but only see '2k > mtu and DF set'
+3. we then send icmp error saying that outgoing link is 1500
+
+But original sender never sent a packet that would not fit
+the outgoing link.
+
+Setting local_df makes outgoing path test size vs.
+IPCB(skb)->frag_max_size, so we will still send the correct
+error in case the largest original size did not fit
+outgoing link mtu.
+
+Reported-by: Maxime Bizon <mbizon@freebox.fr>
+Suggested-by: Maxime Bizon <mbizon@freebox.fr>
+Fixes: 5f2d04f1f9 (ipv4: fix path MTU discovery with connection tracking)
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Cc: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ipv4/netfilter/nf_defrag_ipv4.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/net/ipv4/netfilter/nf_defrag_ipv4.c
++++ b/net/ipv4/netfilter/nf_defrag_ipv4.c
+@@ -22,7 +22,6 @@
+ #endif
+ #include <net/netfilter/nf_conntrack_zones.h>
+ 
+-/* Returns new sk_buff, or NULL */
+ static int nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
+ {
+ 	int err;
+@@ -33,8 +32,10 @@ static int nf_ct_ipv4_gather_frags(struc
+ 	err = ip_defrag(skb, user);
+ 	local_bh_enable();
+ 
+-	if (!err)
++	if (!err) {
+ 		ip_send_check(ip_hdr(skb));
++		skb->local_df = 1;
++	}
+ 
+ 	return err;
+ }
diff --git a/queue-3.10/series b/queue-3.10/series
index d82e043d223..cd64d895e83 100644
--- a/queue-3.10/series
+++ b/queue-3.10/series
@@ -2,3 +2,4 @@ fs-userns-change-inode_capable-to-capable_wrt_inode_uidgid.patch
 mlx4_en-don-t-use-napi_synchronize-inside-mlx4_en_netpoll.patch
 arm-mvebu-fix-nor-bus-width-in-armada-xp-gp-device-tree.patch
 arm-mvebu-fix-nor-bus-width-in-armada-xp-openblocks-ax3-device-tree.patch
+netfilter-ipv4-defrag-set-local_df-flag-on-defragmented-skb.patch
-- 
2.47.3