ip4_is_fragment(header)
or ip4_is_first_fragment(header) didn't changed
when packet with fragmentation needed arrives.
This patch checks DF flag and MTU with packet
length and if DF is set and length > MTU, packet
is dropped. In case if ignore_df is set, DF flag
makes no sense.
Type: fix
Fixes:
d6d50cebde647f9a5ee7251a7fef977506f315d7
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I720e25167c19a0b13ac5fdfb41b12c0bbdc00d09
Code Review / vpp.git / commitdiff