summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorEric Dumazet <edumazet@google.com>2014-04-11 06:23:36 +0200
committerDavid S. Miller <davem@davemloft.net>2014-04-14 18:39:59 +0200
commit30f78d8ebf7f514801e71b88a10c948275168518 (patch)
treef1e3fc6c694aa8a153901ceadf2106b2d43a0470 /net
parentfilter: prevent nla extensions to peek beyond the end of the message (diff)
downloadlinux-30f78d8ebf7f514801e71b88a10c948275168518.tar.xz
linux-30f78d8ebf7f514801e71b88a10c948275168518.zip
ipv6: Limit mtu to 65575 bytes
Francois reported that setting big mtu on loopback device could prevent tcp sessions making progress. We do not support (yet ?) IPv6 Jumbograms and cook corrupted packets. We must limit the IPv6 MTU to (65535 + 40) bytes in theory. Tested: ifconfig lo mtu 70000 netperf -H ::1 Before patch : Throughput : 0.05 Mbits After patch : Throughput : 35484 Mbits Reported-by: Francois WELLENREITER <f.wellenreiter@gmail.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv6/route.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 5015c50a5ba7..5ea462eacd9f 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1338,7 +1338,7 @@ static unsigned int ip6_mtu(const struct dst_entry *dst)
unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
if (mtu)
- return mtu;
+ goto out;
mtu = IPV6_MIN_MTU;
@@ -1348,7 +1348,8 @@ static unsigned int ip6_mtu(const struct dst_entry *dst)
mtu = idev->cnf.mtu6;
rcu_read_unlock();
- return mtu;
+out:
+ return min_t(unsigned int, mtu, IP6_MAX_MTU);
}
static struct dst_entry *icmp6_dst_gc_list;