diff options
author | Gao feng <gaofeng@cn.fujitsu.com> | 2012-05-26 01:30:53 +0000 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2012-06-10 00:36:15 +0900 |
commit | be078c8003469b75aa9119254c163b2961321744 (patch) | |
tree | a0aab8f217d0a956633a0e81fb6008ee8cd3f8e3 /include | |
parent | 86a2569c810dff80fc7ba16dd77bc2697c28317a (diff) | |
download | linux-stable-be078c8003469b75aa9119254c163b2961321744.tar.gz linux-stable-be078c8003469b75aa9119254c163b2961321744.tar.bz2 linux-stable-be078c8003469b75aa9119254c163b2961321744.zip |
ipv6: fix incorrect ipsec fragment
[ Upstream commit 0c1833797a5a6ec23ea9261d979aa18078720b74 ]
Since commit ad0081e43a
"ipv6: Fragment locally generated tunnel-mode IPSec6 packets as needed"
the fragment of packets is incorrect.
because tunnel mode needs IPsec headers and trailer for all fragments,
while on transport mode it is sufficient to add the headers to the
first fragment and the trailer to the last.
so modify mtu and maxfraglen base on ipsec mode and if fragment is first
or last.
with my test,it work well(every fragment's size is the mtu)
and does not trigger slow fragment path.
Changes from v1:
though optimization, mtu_prev and maxfraglen_prev can be delete.
replace xfrm mode codes with dst_entry's new frag DST_XFRM_TUNNEL.
add fuction ip6_append_data_mtu to make codes clearer.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/net/dst.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/net/dst.h b/include/net/dst.h index bed833d9796a..8197eadca819 100644 --- a/include/net/dst.h +++ b/include/net/dst.h @@ -60,6 +60,7 @@ struct dst_entry { #define DST_NOCOUNT 0x0020 #define DST_NOPEER 0x0040 #define DST_FAKE_RTABLE 0x0080 +#define DST_XFRM_TUNNEL 0x0100 short error; short obsolete; |