summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorGao feng <gaofeng@cn.fujitsu.com>2012-05-26 01:30:53 +0000
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2012-06-10 00:36:15 +0900
commitbe078c8003469b75aa9119254c163b2961321744 (patch)
treea0aab8f217d0a956633a0e81fb6008ee8cd3f8e3 /include
parent86a2569c810dff80fc7ba16dd77bc2697c28317a (diff)
downloadlinux-stable-be078c8003469b75aa9119254c163b2961321744.tar.gz
linux-stable-be078c8003469b75aa9119254c163b2961321744.tar.bz2
linux-stable-be078c8003469b75aa9119254c163b2961321744.zip
ipv6: fix incorrect ipsec fragment
[ Upstream commit 0c1833797a5a6ec23ea9261d979aa18078720b74 ] Since commit ad0081e43a "ipv6: Fragment locally generated tunnel-mode IPSec6 packets as needed" the fragment of packets is incorrect. because tunnel mode needs IPsec headers and trailer for all fragments, while on transport mode it is sufficient to add the headers to the first fragment and the trailer to the last. so modify mtu and maxfraglen base on ipsec mode and if fragment is first or last. with my test,it work well(every fragment's size is the mtu) and does not trigger slow fragment path. Changes from v1: though optimization, mtu_prev and maxfraglen_prev can be delete. replace xfrm mode codes with dst_entry's new frag DST_XFRM_TUNNEL. add fuction ip6_append_data_mtu to make codes clearer. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'include')
-rw-r--r--include/net/dst.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/net/dst.h b/include/net/dst.h
index bed833d9796a..8197eadca819 100644
--- a/include/net/dst.h
+++ b/include/net/dst.h
@@ -60,6 +60,7 @@ struct dst_entry {
#define DST_NOCOUNT 0x0020
#define DST_NOPEER 0x0040
#define DST_FAKE_RTABLE 0x0080
+#define DST_XFRM_TUNNEL 0x0100
short error;
short obsolete;