diff options
author | Su Yanjun <suyj.fnst@cn.fujitsu.com> | 2019-01-07 03:31:20 +0100 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2019-01-09 14:00:37 +0100 |
commit | dd9ee3444014e8f28c0eefc9fffc9ac9c5248c12 (patch) | |
tree | 3205a839b0b43a71b8a0bc02901844c1361631b9 /net/ipv4/xfrm4_protocol.c | |
parent | xfrm: policy: fix infinite loop when merging src-nodes (diff) | |
download | linux-dd9ee3444014e8f28c0eefc9fffc9ac9c5248c12.tar.xz linux-dd9ee3444014e8f28c0eefc9fffc9ac9c5248c12.zip |
vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
Recently we run a network test over ipcomp virtual tunnel.We find that
if a ipv4 packet needs fragment, then the peer can't receive
it.
We deep into the code and find that when packet need fragment the smaller
fragment will be encapsulated by ipip not ipcomp. So when the ipip packet
goes into xfrm, it's skb->dev is not properly set. The ipv4 reassembly code
always set skb'dev to the last fragment's dev. After ipv4 defrag processing,
when the kernel rp_filter parameter is set, the skb will be drop by -EXDEV
error.
This patch adds compatible support for the ipip process in ipcomp virtual tunnel.
Signed-off-by: Su Yanjun <suyj.fnst@cn.fujitsu.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/ipv4/xfrm4_protocol.c')
0 files changed, 0 insertions, 0 deletions