Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b3b2b9e1 authored Sep 10, 2013 by Steffen Klassert

ipsec: Don't update the pmtu on ICMPV6_DEST_UNREACH

Currently we update the pmtu in the IPsec protocol error handlers
if icmpv6 message type is either ICMPV6_DEST_UNREACH or
ICMPV6_PKT_TOOBIG. Updating the pmtu on ICMPV6_DEST_UNREACH
is wrong in any case, it causes strangely fragmented packets.
Only ICMPV6_PKT_TOOBIG signalizes pmtu discovery, so remove the
ICMPV6_DEST_UNREACH check in the IPsec protocol error handlers.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

parent bafd4bd4

net/ipv6/ah6.c

+1 −2

Original line number	Diff line number	Diff line
		@@ -618,8 +618,7 @@ static void ah6_err(struct sk_buff skb, struct inet6_skb_parm opt,
		struct ip_auth_hdr ah = (struct ip_auth_hdr)(skb->data+offset);
		struct xfrm_state *x;

		if (type != ICMPV6_DEST_UNREACH &&
		type != ICMPV6_PKT_TOOBIG &&
		if (type != ICMPV6_PKT_TOOBIG &&
		type != NDISC_REDIRECT)
		return;

net/ipv6/esp6.c

+1 −2

Original line number	Diff line number	Diff line
		@@ -436,8 +436,7 @@ static void esp6_err(struct sk_buff skb, struct inet6_skb_parm opt,
		struct ip_esp_hdr esph = (struct ip_esp_hdr )(skb->data + offset);
		struct xfrm_state *x;

		if (type != ICMPV6_DEST_UNREACH &&
		type != ICMPV6_PKT_TOOBIG &&
		if (type != ICMPV6_PKT_TOOBIG &&
		type != NDISC_REDIRECT)
		return;

net/ipv6/ipcomp6.c

+1 −2

Original line number	Diff line number	Diff line
		@@ -64,8 +64,7 @@ static void ipcomp6_err(struct sk_buff skb, struct inet6_skb_parm opt,
		(struct ip_comp_hdr *)(skb->data + offset);
		struct xfrm_state *x;

		if (type != ICMPV6_DEST_UNREACH &&
		type != ICMPV6_PKT_TOOBIG &&
		if (type != ICMPV6_PKT_TOOBIG &&
		type != NDISC_REDIRECT)
		return;