diff options
author | Philip Prindeville <philipp@redfish-solutions.com> | 2016-06-14 23:53:02 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2016-06-16 06:39:59 +0200 |
commit | 22a59be8b7693eb2d0897a9638f5991f2f8e4ddd (patch) | |
tree | 633065a94e616e259e2da87a31f006392fda908e /net/ipv4/ip_tunnel.c | |
parent | net: vrf: Switch dst dev to loopback on device delete (diff) | |
download | linux-22a59be8b7693eb2d0897a9638f5991f2f8e4ddd.tar.xz linux-22a59be8b7693eb2d0897a9638f5991f2f8e4ddd.zip |
net: ipv4: Add ability to have GRE ignore DF bit in IPv4 payloads
In the presence of firewalls which improperly block ICMP Unreachable
(including Fragmentation Required) messages, Path MTU Discovery is
prevented from working.
A workaround is to handle IPv4 payloads opaquely, ignoring the DF bit--as
is done for other payloads like AppleTalk--and doing transparent
fragmentation and reassembly.
Redux includes the enforcement of mutual exclusion between this feature
and Path MTU Discovery as suggested by Alexander Duyck.
Cc: Alexander Duyck <alexander.duyck@gmail.com>
Reviewed-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/ip_tunnel.c')
-rw-r--r-- | net/ipv4/ip_tunnel.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c index d8f5e0a269f5..95649ebd2874 100644 --- a/net/ipv4/ip_tunnel.c +++ b/net/ipv4/ip_tunnel.c @@ -682,7 +682,7 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, } df = tnl_params->frag_off; - if (skb->protocol == htons(ETH_P_IP)) + if (skb->protocol == htons(ETH_P_IP) && !tunnel->ignore_df) df |= (inner_iph->frag_off&htons(IP_DF)); max_headroom = LL_RESERVED_SPACE(rt->dst.dev) + sizeof(struct iphdr) |