ipf: Check minimum fragment against L3 size.

Fixes: 4ea96698f667 ("Userspace datapath: Add fragmentation handling.")
Signed-off-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

2 files changed, 3 insertions, 3 deletions

diff --git a/lib/dpctl.man b/lib/dpctl.man
index f22029fcd..1ff351170 100644
--- a/lib/dpctl.man
+++ b/lib/dpctl.man
@@ -230,7 +230,7 @@ supported for the userspace datapath.
 .
 .TP
 \*(DX\fBipf\-set\-min\-frag\fR [\fIdp\fR] \fBv4\fR|\fBv6\fR \fIminfrag\fR
-Sets the minimum fragment size for non-final fragments to
+Sets the minimum fragment size (L3 header and data) for non-final fragments to
 \fIminfrag\fR.  Either \fBv4\fR or \fBv6\fR must be specified.  For
 enhanced DOS security, higher minimum fragment sizes can usually be used.
 The default IPv4 value is 1200 and the clamped minimum is 400.  The default
diff --git a/lib/ipf.c b/lib/ipf.c
index a4608afb6..acddc0266 100644
--- a/lib/ipf.c
+++ b/lib/ipf.c
@@ -613,7 +613,7 @@ ipf_is_valid_v4_frag(struct ipf *ipf, struct dp_packet *pkt)
     uint32_t min_v4_frag_size_;
     atomic_read_relaxed(&ipf->min_v4_frag_size, &min_v4_frag_size_);
     bool lf = ipf_is_last_v4_frag(pkt);
-    if (OVS_UNLIKELY(!lf && dp_packet_size(pkt) < min_v4_frag_size_)) {
+    if (OVS_UNLIKELY(!lf && dp_packet_l3_size(pkt) < min_v4_frag_size_)) {
         ipf_count(ipf, false, IPF_NFRAGS_TOO_SMALL);
         goto invalid_pkt;
     }
@@ -693,7 +693,7 @@ ipf_is_valid_v6_frag(struct ipf *ipf, struct dp_packet *pkt)
     atomic_read_relaxed(&ipf->min_v6_frag_size, &min_v6_frag_size_);
     bool lf = ipf_is_last_v6_frag(ip6f_offlg);
 
-    if (OVS_UNLIKELY(!lf && dp_packet_size(pkt) < min_v6_frag_size_)) {
+    if (OVS_UNLIKELY(!lf && dp_packet_l3_size(pkt) < min_v6_frag_size_)) {
         ipf_count(ipf, true, IPF_NFRAGS_TOO_SMALL);
         goto invalid_pkt;
     }