diff options
author | Eyal Birger <eyal.birger@gmail.com> | 2021-02-20 14:01:15 +0100 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2021-02-23 18:23:58 +0100 |
commit | 8fc0e3b6a8666d656923d214e4dc791e9a17164a (patch) | |
tree | 324b4a85e1e84ca3b4d6fd8a6a38aedf8bbb08e9 /net/xfrm/xfrm_interface.c | |
parent | octeontx2-af: Fix an off by one in rvu_dbg_qsize_write() (diff) | |
download | linux-8fc0e3b6a8666d656923d214e4dc791e9a17164a.tar.xz linux-8fc0e3b6a8666d656923d214e4dc791e9a17164a.zip |
xfrm: interface: fix ipv4 pmtu check to honor ip header df
Frag needed should only be sent if the header enables DF.
This fix allows packets larger than MTU to pass the xfrm interface
and be fragmented after encapsulation, aligning behavior with
non-interface xfrm.
Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces")
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/xfrm/xfrm_interface.c')
-rw-r--r-- | net/xfrm/xfrm_interface.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c index 495b1f5c979b..8831f5a9e992 100644 --- a/net/xfrm/xfrm_interface.c +++ b/net/xfrm/xfrm_interface.c @@ -306,6 +306,8 @@ xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl) icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); } else { + if (!(ip_hdr(skb)->frag_off & htons(IP_DF))) + goto xmit; icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu)); } @@ -314,6 +316,7 @@ xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl) return -EMSGSIZE; } +xmit: xfrmi_scrub_packet(skb, !net_eq(xi->net, dev_net(dev))); skb_dst_set(skb, dst); skb->dev = tdev; |