summaryrefslogtreecommitdiffstats
path: root/net/xfrm/xfrm_interface.c
diff options
context:
space:
mode:
authorEyal Birger <eyal.birger@gmail.com>2021-02-20 14:01:15 +0100
committerSteffen Klassert <steffen.klassert@secunet.com>2021-02-23 18:23:58 +0100
commit8fc0e3b6a8666d656923d214e4dc791e9a17164a (patch)
tree324b4a85e1e84ca3b4d6fd8a6a38aedf8bbb08e9 /net/xfrm/xfrm_interface.c
parentocteontx2-af: Fix an off by one in rvu_dbg_qsize_write() (diff)
downloadlinux-8fc0e3b6a8666d656923d214e4dc791e9a17164a.tar.xz
linux-8fc0e3b6a8666d656923d214e4dc791e9a17164a.zip
xfrm: interface: fix ipv4 pmtu check to honor ip header df
Frag needed should only be sent if the header enables DF. This fix allows packets larger than MTU to pass the xfrm interface and be fragmented after encapsulation, aligning behavior with non-interface xfrm. Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces") Signed-off-by: Eyal Birger <eyal.birger@gmail.com> Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/xfrm/xfrm_interface.c')
-rw-r--r--net/xfrm/xfrm_interface.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c
index 495b1f5c979b..8831f5a9e992 100644
--- a/net/xfrm/xfrm_interface.c
+++ b/net/xfrm/xfrm_interface.c
@@ -306,6 +306,8 @@ xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
} else {
+ if (!(ip_hdr(skb)->frag_off & htons(IP_DF)))
+ goto xmit;
icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
htonl(mtu));
}
@@ -314,6 +316,7 @@ xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
return -EMSGSIZE;
}
+xmit:
xfrmi_scrub_packet(skb, !net_eq(xi->net, dev_net(dev)));
skb_dst_set(skb, dst);
skb->dev = tdev;