netdev
[Top] [All Lists]

[16/*] [INET] Take IPsec overhead into account in tunnels

To: "David S. Miller" <davem@xxxxxxxxxxxxx>
Subject: [16/*] [INET] Take IPsec overhead into account in tunnels
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 15 Mar 2005 20:58:37 +1100
Cc: Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>, YOSHIFUJI Hideaki <yoshfuji@xxxxxxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to: <20050315091904.GA6256@gondor.apana.org.au>
References: <20050214221200.GA18465@gondor.apana.org.au> <20050214221433.GB18465@gondor.apana.org.au> <20050214221607.GC18465@gondor.apana.org.au> <20050306213214.7d8a143d.davem@davemloft.net> <20050307103536.GB7137@gondor.apana.org.au> <20050308102741.GA23468@gondor.apana.org.au> <20050314102614.GA9610@gondor.apana.org.au> <20050314105313.GA21001@gondor.apana.org.au> <20050314111002.GA29156@gondor.apana.org.au> <20050315091904.GA6256@gondor.apana.org.au>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040907i
Hi Dave:

This patch uses dst_mtu instead of dst_pmtu in the various tunnel
implementations.  As it is they simply ignore the IPsec overhead.
This leads to bogus MTU values inside the tunnels.

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

BTW, we're doing lazy MTU updates in the tunnel xmit functions.
When a packet with DF set hits us and exceeds the updated MTU,
we will send an ICMP packet back which is good.

Unfortunately when a packet with DF clear hits us as we update
the MTU downwards, the packet will be silently discarded instead
of fragmented (well we will send an ICMP back to ourselves but
we already knew that MTU value :).

I presume we want to fix this, right?
 
Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Attachment: xfrm-16
Description: Text document

<Prev in Thread] Current Thread [Next in Thread>