diff options
Diffstat (limited to 'net/ipv4/ip_output.c')
| -rw-r--r-- | net/ipv4/ip_output.c | 11 | 
1 files changed, 9 insertions, 2 deletions
| diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 477540b3d320..efd4410a7358 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c @@ -155,12 +155,19 @@ int ip_build_and_send_pkt(struct sk_buff *skb, const struct sock *sk,  	iph->daddr    = (opt && opt->opt.srr ? opt->opt.faddr : daddr);  	iph->saddr    = saddr;  	iph->protocol = sk->sk_protocol; -	if (ip_dont_fragment(sk, &rt->dst)) { +	/* Do not bother generating IPID for small packets (eg SYNACK) */ +	if (skb->len <= IPV4_MIN_MTU || ip_dont_fragment(sk, &rt->dst)) {  		iph->frag_off = htons(IP_DF);  		iph->id = 0;  	} else {  		iph->frag_off = 0; -		__ip_select_ident(net, iph, 1); +		/* TCP packets here are SYNACK with fat IPv4/TCP options. +		 * Avoid using the hashed IP ident generator. +		 */ +		if (sk->sk_protocol == IPPROTO_TCP) +			iph->id = (__force __be16)prandom_u32(); +		else +			__ip_select_ident(net, iph, 1);  	}  	if (opt && opt->opt.optlen) { | 
