diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2013-09-10 13:43:09 +0200 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2013-09-16 09:45:32 +0200 |
commit | b3b2b9e192d5811f91f9cd92aeec489cecabc92e (patch) | |
tree | f5d068cf99b4ba7d3d650bd35d2fa5c9b2a7bcf6 /net/ipv6/esp6.c | |
parent | xfrm: Decode sessions with output interface. (diff) | |
download | linux-b3b2b9e192d5811f91f9cd92aeec489cecabc92e.tar.xz linux-b3b2b9e192d5811f91f9cd92aeec489cecabc92e.zip |
ipsec: Don't update the pmtu on ICMPV6_DEST_UNREACH
Currently we update the pmtu in the IPsec protocol error handlers
if icmpv6 message type is either ICMPV6_DEST_UNREACH or
ICMPV6_PKT_TOOBIG. Updating the pmtu on ICMPV6_DEST_UNREACH
is wrong in any case, it causes strangely fragmented packets.
Only ICMPV6_PKT_TOOBIG signalizes pmtu discovery, so remove the
ICMPV6_DEST_UNREACH check in the IPsec protocol error handlers.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/ipv6/esp6.c')
-rw-r--r-- | net/ipv6/esp6.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index d3618a78fcac..e67e63f9858d 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c @@ -436,8 +436,7 @@ static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, struct ip_esp_hdr *esph = (struct ip_esp_hdr *)(skb->data + offset); struct xfrm_state *x; - if (type != ICMPV6_DEST_UNREACH && - type != ICMPV6_PKT_TOOBIG && + if (type != ICMPV6_PKT_TOOBIG && type != NDISC_REDIRECT) return; |