aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHannes Frederic Sowa <hannes@stressinduktion.org>2013-08-26 06:31:19 -0400
committerSteffen Klassert <steffen.klassert@secunet.com>2013-08-26 06:40:53 -0400
commit5a25cf1e310888eb333f9e034be84a8117111d30 (patch)
tree0560fa869eb034e063854e42490c6556f69aa12d
parent844d48746e4b281a933aedc0428048a1219b42f4 (diff)
xfrm: revert ipv4 mtu determination to dst_mtu
In commit 0ea9d5e3e0e03a63b11392f5613378977dae7eca ("xfrm: introduce helper for safe determination of mtu") I switched the determination of ipv4 mtus from dst_mtu to ip_skb_dst_mtu. This was an error because in case of IP_PMTUDISC_PROBE we fall back to the interface mtu, which is never correct for ipv4 ipsec. This patch partly reverts 0ea9d5e3e0e03a63b11392f5613378977dae7eca ("xfrm: introduce helper for safe determination of mtu"). Cc: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat
-rw-r--r--include/net/xfrm.h12
-rw-r--r--net/ipv4/xfrm4_output.c2
-rw-r--r--net/ipv6/xfrm6_output.c8
3 files changed, 6 insertions, 16 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index ac5b02515355..e823786e7c66 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -20,7 +20,6 @@
20#include <net/route.h> 20#include <net/route.h>
21#include <net/ipv6.h> 21#include <net/ipv6.h>
22#include <net/ip6_fib.h> 22#include <net/ip6_fib.h>
23#include <net/ip6_route.h>
24#include <net/flow.h> 23#include <net/flow.h>
25 24
26#include <linux/interrupt.h> 25#include <linux/interrupt.h>
@@ -1724,15 +1723,4 @@ static inline int xfrm_mark_put(struct sk_buff *skb, const struct xfrm_mark *m)
1724 return ret; 1723 return ret;
1725} 1724}
1726 1725
1727static inline int xfrm_skb_dst_mtu(struct sk_buff *skb)
1728{
1729 struct sock *sk = skb->sk;
1730
1731 if (sk && skb->protocol == htons(ETH_P_IPV6))
1732 return ip6_skb_dst_mtu(skb);
1733 else if (sk && skb->protocol == htons(ETH_P_IP))
1734 return ip_skb_dst_mtu(skb);
1735 return dst_mtu(skb_dst(skb));
1736}
1737
1738#endif /* _NET_XFRM_H */ 1726#endif /* _NET_XFRM_H */
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index 80baf4a3b1b5..baa0f63731fd 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -28,7 +28,7 @@ static int xfrm4_tunnel_check_size(struct sk_buff *skb)
28 if (!(ip_hdr(skb)->frag_off & htons(IP_DF)) || skb->local_df) 28 if (!(ip_hdr(skb)->frag_off & htons(IP_DF)) || skb->local_df)
29 goto out; 29 goto out;
30 30
31 mtu = xfrm_skb_dst_mtu(skb); 31 mtu = dst_mtu(skb_dst(skb));
32 if (skb->len > mtu) { 32 if (skb->len > mtu) {
33 if (skb->sk) 33 if (skb->sk)
34 xfrm_local_error(skb, mtu); 34 xfrm_local_error(skb, mtu);
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
index e092e306882d..6cd625e37706 100644
--- a/net/ipv6/xfrm6_output.c
+++ b/net/ipv6/xfrm6_output.c
@@ -140,10 +140,12 @@ static int __xfrm6_output(struct sk_buff *skb)
140{ 140{
141 struct dst_entry *dst = skb_dst(skb); 141 struct dst_entry *dst = skb_dst(skb);
142 struct xfrm_state *x = dst->xfrm; 142 struct xfrm_state *x = dst->xfrm;
143 int mtu = xfrm_skb_dst_mtu(skb); 143 int mtu;
144 144
145 if (mtu < IPV6_MIN_MTU) 145 if (skb->protocol == htons(ETH_P_IPV6))
146 mtu = IPV6_MIN_MTU; 146 mtu = ip6_skb_dst_mtu(skb);
147 else
148 mtu = dst_mtu(skb_dst(skb));
147 149
148 if (skb->len > mtu && xfrm6_local_dontfrag(skb)) { 150 if (skb->len > mtu && xfrm6_local_dontfrag(skb)) {
149 xfrm6_local_rxpmtu(skb, mtu); 151 xfrm6_local_rxpmtu(skb, mtu);
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-19 11:25:09 -0500