5 files changed, 21 insertions, 2 deletions
diff --git a/include/linux/pfkeyv2.h b/include/linux/pfkeyv2.h
index e6b519220245..724066778aff 100644
--- a/include/linux/pfkeyv2.h
+++ b/include/linux/pfkeyv2.h
@@ -245,6 +245,7 @@ struct sadb_x_nat_t_port {
 /* Security Association flags */
 #define SADB_SAFLAGS_PFS        1
+#define SADB_SAFLAGS_NOPMTUDISC 0x20000000
 #define SADB_SAFLAGS_DECAP_DSCP 0x40000000
 #define SADB_SAFLAGS_NOECN      0x80000000
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index d68391a9b9f3..f0d423300d84 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -196,6 +196,7 @@ struct xfrm_usersa_info {
        __u8                            flags;
 #define XFRM_STATE_NOECN        1
 #define XFRM_STATE_DECAP_DSCP   2
+#define XFRM_STATE_NOPMTUDISC   4
 };
 struct xfrm_usersa_id {
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index af2392ae5769..66620a95942a 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -33,6 +33,7 @@ static void xfrm4_encap(struct sk_buff *skb)
        struct dst_entry *dst = skb->dst;
        struct xfrm_state *x = dst->xfrm;
        struct iphdr *iph, *top_iph;
+        int flags;
        iph = skb->nh.iph;
        skb->h.ipiph = iph;
@@ -51,10 +52,13 @@ static void xfrm4_encap(struct sk_buff *skb)
        /* DS disclosed */
        top_iph->tos = INET_ECN_encapsulate(iph->tos, iph->tos);
-        if (x->props.flags & XFRM_STATE_NOECN)
+        flags = x->props.flags;
+        if (flags & XFRM_STATE_NOECN)
                IP_ECN_clear(top_iph);
-        top_iph->frag_off = iph->frag_off & htons(IP_DF);
+        top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
+                0 : (iph->frag_off & htons(IP_DF));
        if (!top_iph->frag_off)
                __ip_select_ident(top_iph, dst, 0);
diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c
index 223a2e83853f..050611d7a967 100644
--- a/net/ipv4/xfrm4_state.c
+++ b/net/ipv4/xfrm4_state.c
@@ -7,12 +7,20 @@
 *
 */
+#include <net/ip.h>
 #include <net/xfrm.h>
 #include <linux/pfkeyv2.h>
 #include <linux/ipsec.h>
 static struct xfrm_state_afinfo xfrm4_state_afinfo;
+static int xfrm4_init_flags(struct xfrm_state *x)
+{
+        if (ipv4_config.no_pmtu_disc)
+                x->props.flags |= XFRM_STATE_NOPMTUDISC;
+        return 0;
+}
 static void
 __xfrm4_init_tempsel(struct xfrm_state *x, struct flowi *fl,
                     struct xfrm_tmpl *tmpl,
@@ -109,6 +117,7 @@ __xfrm4_find_acq(u8 mode, u32 reqid, u8 proto,
 static struct xfrm_state_afinfo xfrm4_state_afinfo = {
        .family                 = AF_INET,
        .lock                   = RW_LOCK_UNLOCKED,
+        .init_flags             = xfrm4_init_flags,
        .init_tempsel           = __xfrm4_init_tempsel,
        .state_lookup           = __xfrm4_state_lookup,
        .find_acq               = __xfrm4_find_acq,
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 652dd09ccd3a..4879743b945a 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -690,6 +690,8 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
                sa->sadb_sa_flags |= SADB_SAFLAGS_NOECN;
        if (x->props.flags & XFRM_STATE_DECAP_DSCP)
                sa->sadb_sa_flags |= SADB_SAFLAGS_DECAP_DSCP;
+        if (x->props.flags & XFRM_STATE_NOPMTUDISC)
+                sa->sadb_sa_flags |= SADB_SAFLAGS_NOPMTUDISC;
        /* hard time */
        if (hsc & 2) {
@@ -974,6 +976,8 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr,
                x->props.flags |= XFRM_STATE_NOECN;
        if (sa->sadb_sa_flags & SADB_SAFLAGS_DECAP_DSCP)
                x->props.flags |= XFRM_STATE_DECAP_DSCP;
+        if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC)
+                x->props.flags |= XFRM_STATE_NOPMTUDISC;
        lifetime = (struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_HARD-1];
        if (lifetime != NULL) {

diff --git a/include/linux/pfkeyv2.h b/include/linux/pfkeyv2.h index e6b519220245..724066778aff 100644 --- a/include/linux/pfkeyv2.h +++ b/include/linux/pfkeyv2.h
@@ -245,6 +245,7 @@ struct sadb_x_nat_t_port {
245		245
246	/* Security Association flags */	246	/* Security Association flags */
247	#define SADB_SAFLAGS_PFS 1	247	#define SADB_SAFLAGS_PFS 1
		248	#define SADB_SAFLAGS_NOPMTUDISC 0x20000000
248	#define SADB_SAFLAGS_DECAP_DSCP 0x40000000	249	#define SADB_SAFLAGS_DECAP_DSCP 0x40000000
249	#define SADB_SAFLAGS_NOECN 0x80000000	250	#define SADB_SAFLAGS_NOECN 0x80000000
250		251


diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h index d68391a9b9f3..f0d423300d84 100644 --- a/include/linux/xfrm.h +++ b/include/linux/xfrm.h
@@ -196,6 +196,7 @@ struct xfrm_usersa_info {
196	__u8 flags;	196	__u8 flags;
197	#define XFRM_STATE_NOECN 1	197	#define XFRM_STATE_NOECN 1
198	#define XFRM_STATE_DECAP_DSCP 2	198	#define XFRM_STATE_DECAP_DSCP 2
		199	#define XFRM_STATE_NOPMTUDISC 4
199	};	200	};
200		201
201	struct xfrm_usersa_id {	202	struct xfrm_usersa_id {


diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c index af2392ae5769..66620a95942a 100644 --- a/net/ipv4/xfrm4_output.c +++ b/net/ipv4/xfrm4_output.c
@@ -33,6 +33,7 @@ static void xfrm4_encap(struct sk_buff *skb)
33	struct dst_entry *dst = skb->dst;	33	struct dst_entry *dst = skb->dst;
34	struct xfrm_state *x = dst->xfrm;	34	struct xfrm_state *x = dst->xfrm;
35	struct iphdr iph, top_iph;	35	struct iphdr iph, top_iph;
		36	int flags;
36		37
37	iph = skb->nh.iph;	38	iph = skb->nh.iph;
38	skb->h.ipiph = iph;	39	skb->h.ipiph = iph;
@@ -51,10 +52,13 @@ static void xfrm4_encap(struct sk_buff *skb)
51		52
52	/* DS disclosed */	53	/* DS disclosed */
53	top_iph->tos = INET_ECN_encapsulate(iph->tos, iph->tos);	54	top_iph->tos = INET_ECN_encapsulate(iph->tos, iph->tos);
54	if (x->props.flags & XFRM_STATE_NOECN)	55
		56	flags = x->props.flags;
		57	if (flags & XFRM_STATE_NOECN)
55	IP_ECN_clear(top_iph);	58	IP_ECN_clear(top_iph);
56		59
57	top_iph->frag_off = iph->frag_off & htons(IP_DF);	60	top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
		61	0 : (iph->frag_off & htons(IP_DF));
58	if (!top_iph->frag_off)	62	if (!top_iph->frag_off)
59	__ip_select_ident(top_iph, dst, 0);	63	__ip_select_ident(top_iph, dst, 0);
60		64


diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c index 223a2e83853f..050611d7a967 100644 --- a/net/ipv4/xfrm4_state.c +++ b/net/ipv4/xfrm4_state.c
@@ -7,12 +7,20 @@
7	*	7	*
8	*/	8	*/
9		9
		10	#include <net/ip.h>
10	#include <net/xfrm.h>	11	#include <net/xfrm.h>
11	#include <linux/pfkeyv2.h>	12	#include <linux/pfkeyv2.h>
12	#include <linux/ipsec.h>	13	#include <linux/ipsec.h>
13		14
14	static struct xfrm_state_afinfo xfrm4_state_afinfo;	15	static struct xfrm_state_afinfo xfrm4_state_afinfo;
15		16
		17	static int xfrm4_init_flags(struct xfrm_state *x)
		18	{
		19	if (ipv4_config.no_pmtu_disc)
		20	x->props.flags \|= XFRM_STATE_NOPMTUDISC;
		21	return 0;
		22	}
		23
16	static void	24	static void
17	__xfrm4_init_tempsel(struct xfrm_state x, struct flowi fl,	25	__xfrm4_init_tempsel(struct xfrm_state x, struct flowi fl,
18	struct xfrm_tmpl *tmpl,	26	struct xfrm_tmpl *tmpl,
@@ -109,6 +117,7 @@ __xfrm4_find_acq(u8 mode, u32 reqid, u8 proto,
109	static struct xfrm_state_afinfo xfrm4_state_afinfo = {	117	static struct xfrm_state_afinfo xfrm4_state_afinfo = {
110	.family = AF_INET,	118	.family = AF_INET,
111	.lock = RW_LOCK_UNLOCKED,	119	.lock = RW_LOCK_UNLOCKED,
		120	.init_flags = xfrm4_init_flags,
112	.init_tempsel = __xfrm4_init_tempsel,	121	.init_tempsel = __xfrm4_init_tempsel,
113	.state_lookup = __xfrm4_state_lookup,	122	.state_lookup = __xfrm4_state_lookup,
114	.find_acq = __xfrm4_find_acq,	123	.find_acq = __xfrm4_find_acq,


diff --git a/net/key/af_key.c b/net/key/af_key.c index 652dd09ccd3a..4879743b945a 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c
@@ -690,6 +690,8 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
690	sa->sadb_sa_flags \|= SADB_SAFLAGS_NOECN;	690	sa->sadb_sa_flags \|= SADB_SAFLAGS_NOECN;
691	if (x->props.flags & XFRM_STATE_DECAP_DSCP)	691	if (x->props.flags & XFRM_STATE_DECAP_DSCP)
692	sa->sadb_sa_flags \|= SADB_SAFLAGS_DECAP_DSCP;	692	sa->sadb_sa_flags \|= SADB_SAFLAGS_DECAP_DSCP;
		693	if (x->props.flags & XFRM_STATE_NOPMTUDISC)
		694	sa->sadb_sa_flags \|= SADB_SAFLAGS_NOPMTUDISC;
693		695
694	/* hard time */	696	/* hard time */
695	if (hsc & 2) {	697	if (hsc & 2) {
@@ -974,6 +976,8 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr,
974	x->props.flags \|= XFRM_STATE_NOECN;	976	x->props.flags \|= XFRM_STATE_NOECN;
975	if (sa->sadb_sa_flags & SADB_SAFLAGS_DECAP_DSCP)	977	if (sa->sadb_sa_flags & SADB_SAFLAGS_DECAP_DSCP)
976	x->props.flags \|= XFRM_STATE_DECAP_DSCP;	978	x->props.flags \|= XFRM_STATE_DECAP_DSCP;
		979	if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC)
		980	x->props.flags \|= XFRM_STATE_NOPMTUDISC;
977		981
978	lifetime = (struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_HARD-1];	982	lifetime = (struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_HARD-1];
979	if (lifetime != NULL) {	983	if (lifetime != NULL) {