Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 05ab86c5 authored by Steffen Klassert's avatar Steffen Klassert
Browse files

xfrm4: Invalidate all ipv4 routes on IPsec pmtu events 



On IPsec pmtu events we can't access the transport headers of
the original packet, so we can't find the socket that sent
the packet. The only chance to notify the socket about the
pmtu change is to force a relookup for all routes. This
patch implenents this for the IPsec protocols.

Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent 5b653b2a

net/ipv4/ah4.c

+5 −2
Original line number Diff line number Diff line
@@ -420,9 +420,12 @@ static void ah4_err(struct sk_buff *skb, u32 info) 
	if (!x)

		return;



	if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)

	if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) {

		atomic_inc(&flow_cache_genid);

		rt_genid_bump(net);



		ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_AH, 0);

	else

	} else

		ipv4_redirect(skb, net, 0, 0, IPPROTO_AH, 0);

	xfrm_state_put(x);

}

net/ipv4/esp4.c

+5 −2
Original line number Diff line number Diff line
@@ -502,9 +502,12 @@ static void esp4_err(struct sk_buff *skb, u32 info) 
	if (!x)

		return;



	if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)

	if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) {

		atomic_inc(&flow_cache_genid);

		rt_genid_bump(net);



		ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_ESP, 0);

	else

	} else

		ipv4_redirect(skb, net, 0, 0, IPPROTO_ESP, 0);

	xfrm_state_put(x);

}

net/ipv4/ipcomp.c

+5 −2
Original line number Diff line number Diff line
@@ -47,9 +47,12 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info) 
	if (!x)

		return;



	if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)

	if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) {

		atomic_inc(&flow_cache_genid);

		rt_genid_bump(net);



		ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_COMP, 0);

	else

	} else

		ipv4_redirect(skb, net, 0, 0, IPPROTO_COMP, 0);

	xfrm_state_put(x);

}