diff mbox series

[01/11] xfrm: interface: fix ipv4 pmtu check to honor ip header df

Message ID 20210331081847.3547641-2-steffen.klassert@secunet.com (mailing list archive)
State Accepted
Commit 8fc0e3b6a8666d656923d214e4dc791e9a17164a
Delegated to: Netdev Maintainers
Headers show
Series [01/11] xfrm: interface: fix ipv4 pmtu check to honor ip header df | expand

Checks

Context Check Description
netdev/tree_selection success Guessing tree name failed - patch did not apply

Commit Message

Steffen Klassert March 31, 2021, 8:18 a.m. UTC 
From: Eyal Birger <eyal.birger@gmail.com>

Frag needed should only be sent if the header enables DF.

This fix allows packets larger than MTU to pass the xfrm interface
and be fragmented after encapsulation, aligning behavior with
non-interface xfrm.

Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces")
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/xfrm/xfrm_interface.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

patchwork-bot+netdevbpf@kernel.org March 31, 2021, 10 p.m. UTC | #1 
Hello:

This series was applied to netdev/net.git (refs/heads/master):

On Wed, 31 Mar 2021 10:18:37 +0200 you wrote:
> From: Eyal Birger <eyal.birger@gmail.com>
> 
> Frag needed should only be sent if the header enables DF.
> 
> This fix allows packets larger than MTU to pass the xfrm interface
> and be fragmented after encapsulation, aligning behavior with
> non-interface xfrm.
> 
> [...]

Here is the summary with links:
  - [01/11] xfrm: interface: fix ipv4 pmtu check to honor ip header df
    https://git.kernel.org/netdev/net/c/8fc0e3b6a866
  - [02/11] vti: fix ipv4 pmtu check to honor ip header df
    https://git.kernel.org/netdev/net/c/c7c1abfd6d42
  - [03/11] vti6: fix ipv4 pmtu check to honor ip header df
    https://git.kernel.org/netdev/net/c/4c38255892c0
  - [04/11] xfrm: Use actual socket sk instead of skb socket for xfrm_output_resume
    https://git.kernel.org/netdev/net/c/9ab1265d5231
  - [05/11] net: xfrm: Localize sequence counter per network namespace
    https://git.kernel.org/netdev/net/c/e88add19f681
  - [06/11] net: xfrm: Use sequence counter with associated spinlock
    https://git.kernel.org/netdev/net/c/bc8e0adff343
  - [07/11] esp: delete NETIF_F_SCTP_CRC bit from features for esp offload
    https://git.kernel.org/netdev/net/c/154deab6a3ba
  - [08/11] xfrm: BEET mode doesn't support fragments for inner packets
    https://git.kernel.org/netdev/net/c/68dc022d04eb
  - [09/11] xfrm: Fix NULL pointer dereference on policy lookup
    https://git.kernel.org/netdev/net/c/b1e3a5607034
  - [10/11] xfrm: Provide private skb extensions for segmented and hw offloaded ESP packets
    https://git.kernel.org/netdev/net/c/c7dbf4c08868
  - [11/11] xfrm/compat: Cleanup WARN()s that can be user-triggered
    https://git.kernel.org/netdev/net/c/ef19e111337f

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
diff mbox series

Patch

diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c
index 495b1f5c979b..8831f5a9e992 100644
--- a/net/xfrm/xfrm_interface.c
+++ b/net/xfrm/xfrm_interface.c
@@ -306,6 +306,8 @@  xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
 
 			icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
 		} else {
+			if (!(ip_hdr(skb)->frag_off & htons(IP_DF)))
+				goto xmit;
 			icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
 				      htonl(mtu));
 		}
@@ -314,6 +316,7 @@  xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
 		return -EMSGSIZE;
 	}
 
+xmit:
 	xfrmi_scrub_packet(skb, !net_eq(xi->net, dev_net(dev)));
 	skb_dst_set(skb, dst);
 	skb->dev = tdev;