diff options
| author | Steffen Klassert <steffen.klassert@secunet.com> | 2013-09-10 07:43:09 -0400 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2013-09-16 03:45:32 -0400 |
| commit | b3b2b9e192d5811f91f9cd92aeec489cecabc92e (patch) | |
| tree | f5d068cf99b4ba7d3d650bd35d2fa5c9b2a7bcf6 /net | |
| parent | bafd4bd4dcfa13145db7f951251eef3e10f8c278 (diff) | |
ipsec: Don't update the pmtu on ICMPV6_DEST_UNREACH
Currently we update the pmtu in the IPsec protocol error handlers
if icmpv6 message type is either ICMPV6_DEST_UNREACH or
ICMPV6_PKT_TOOBIG. Updating the pmtu on ICMPV6_DEST_UNREACH
is wrong in any case, it causes strangely fragmented packets.
Only ICMPV6_PKT_TOOBIG signalizes pmtu discovery, so remove the
ICMPV6_DEST_UNREACH check in the IPsec protocol error handlers.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv6/ah6.c | 3 | ||||
| -rw-r--r-- | net/ipv6/esp6.c | 3 | ||||
| -rw-r--r-- | net/ipv6/ipcomp6.c | 3 |
3 files changed, 3 insertions, 6 deletions
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index 73784c3d4642..82e1da3a40b9 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c | |||
| @@ -618,8 +618,7 @@ static void ah6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
| 618 | struct ip_auth_hdr *ah = (struct ip_auth_hdr*)(skb->data+offset); | 618 | struct ip_auth_hdr *ah = (struct ip_auth_hdr*)(skb->data+offset); |
| 619 | struct xfrm_state *x; | 619 | struct xfrm_state *x; |
| 620 | 620 | ||
| 621 | if (type != ICMPV6_DEST_UNREACH && | 621 | if (type != ICMPV6_PKT_TOOBIG && |
| 622 | type != ICMPV6_PKT_TOOBIG && | ||
| 623 | type != NDISC_REDIRECT) | 622 | type != NDISC_REDIRECT) |
| 624 | return; | 623 | return; |
| 625 | 624 | ||
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index d3618a78fcac..e67e63f9858d 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c | |||
| @@ -436,8 +436,7 @@ static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
| 436 | struct ip_esp_hdr *esph = (struct ip_esp_hdr *)(skb->data + offset); | 436 | struct ip_esp_hdr *esph = (struct ip_esp_hdr *)(skb->data + offset); |
| 437 | struct xfrm_state *x; | 437 | struct xfrm_state *x; |
| 438 | 438 | ||
| 439 | if (type != ICMPV6_DEST_UNREACH && | 439 | if (type != ICMPV6_PKT_TOOBIG && |
| 440 | type != ICMPV6_PKT_TOOBIG && | ||
| 441 | type != NDISC_REDIRECT) | 440 | type != NDISC_REDIRECT) |
| 442 | return; | 441 | return; |
| 443 | 442 | ||
diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c index 5636a912074a..ce507d9e1c90 100644 --- a/net/ipv6/ipcomp6.c +++ b/net/ipv6/ipcomp6.c | |||
| @@ -64,8 +64,7 @@ static void ipcomp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
| 64 | (struct ip_comp_hdr *)(skb->data + offset); | 64 | (struct ip_comp_hdr *)(skb->data + offset); |
| 65 | struct xfrm_state *x; | 65 | struct xfrm_state *x; |
| 66 | 66 | ||
| 67 | if (type != ICMPV6_DEST_UNREACH && | 67 | if (type != ICMPV6_PKT_TOOBIG && |
| 68 | type != ICMPV6_PKT_TOOBIG && | ||
| 69 | type != NDISC_REDIRECT) | 68 | type != NDISC_REDIRECT) |
| 70 | return; | 69 | return; |
| 71 | 70 | ||