Skip to content

Commit

Permalink
xfrm: interface: fix ipv4 pmtu check to honor ip header df
Browse files Browse the repository at this point in the history 
[ Upstream commit 8fc0e3b ]

Frag needed should only be sent if the header enables DF.

This fix allows packets larger than MTU to pass the xfrm interface
and be fragmented after encapsulation, aligning behavior with
non-interface xfrm.

Fixes: f203b76 ("xfrm: Add virtual xfrm interfaces")
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
  • Loading branch information
@ebirger @gregkh
ebirger authored and gregkh committed Apr 14, 2021
1 parent 6c49d84 commit 88da40f
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions net/xfrm/xfrm_interface.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -305,6 +305,8 @@ xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)

icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
} else {
if (!(ip_hdr(skb)->frag_off & htons(IP_DF)))
goto xmit;
icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
htonl(mtu));
}
Expand All @@ -313,6 +315,7 @@ xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
return -EMSGSIZE;
}

xmit:
xfrmi_scrub_packet(skb, !net_eq(xi->net, dev_net(dev)));
skb_dst_set(skb, dst);
skb->dev = tdev;
Expand Down

0 comments on commit 88da40f

Please sign in to comment.