Re: [16/*] [INET] Take IPsec overhead into account in tunnels

To:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject:	Re: [16/*] [INET] Take IPsec overhead into account in tunnels
From:	"David S. Miller" <davem@xxxxxxxxxxxxx>
Date:	Tue, 15 Mar 2005 10:20:48 -0800
Cc:	kuznet@xxxxxxxxxxxxx, yoshfuji@xxxxxxxxxxxxxx, kaber@xxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to:	<20050315095837.GA7130@xxxxxxxxxxxxxxxxxxx>
References:	<20050214221200.GA18465@xxxxxxxxxxxxxxxxxxx> <20050214221433.GB18465@xxxxxxxxxxxxxxxxxxx> <20050214221607.GC18465@xxxxxxxxxxxxxxxxxxx> <20050306213214.7d8a143d.davem@xxxxxxxxxxxxx> <20050307103536.GB7137@xxxxxxxxxxxxxxxxxxx> <20050308102741.GA23468@xxxxxxxxxxxxxxxxxxx> <20050314102614.GA9610@xxxxxxxxxxxxxxxxxxx> <20050314105313.GA21001@xxxxxxxxxxxxxxxxxxx> <20050314111002.GA29156@xxxxxxxxxxxxxxxxxxx> <20050315091904.GA6256@xxxxxxxxxxxxxxxxxxx> <20050315095837.GA7130@xxxxxxxxxxxxxxxxxxx>
Sender:	netdev-bounce@xxxxxxxxxxx

To:

Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Subject:

Re: [16/*] [INET] Take IPsec overhead into account in tunnels

From:

"David S. Miller" <davem@xxxxxxxxxxxxx>

Date:

Tue, 15 Mar 2005 10:20:48 -0800

Cc:

kuznet@xxxxxxxxxxxxx, yoshfuji@xxxxxxxxxxxxxx, kaber@xxxxxxxxx, netdev@xxxxxxxxxxx

In-reply-to:

<20050315095837.GA7130@xxxxxxxxxxxxxxxxxxx>

References:

<20050214221200.GA18465@xxxxxxxxxxxxxxxxxxx> <20050214221433.GB18465@xxxxxxxxxxxxxxxxxxx> <20050214221607.GC18465@xxxxxxxxxxxxxxxxxxx> <20050306213214.7d8a143d.davem@xxxxxxxxxxxxx> <20050307103536.GB7137@xxxxxxxxxxxxxxxxxxx> <20050308102741.GA23468@xxxxxxxxxxxxxxxxxxx> <20050314102614.GA9610@xxxxxxxxxxxxxxxxxxx> <20050314105313.GA21001@xxxxxxxxxxxxxxxxxxx> <20050314111002.GA29156@xxxxxxxxxxxxxxxxxxx> <20050315091904.GA6256@xxxxxxxxxxxxxxxxxxx> <20050315095837.GA7130@xxxxxxxxxxxxxxxxxxx>

Sender:

netdev-bounce@xxxxxxxxxxx

On Tue, 15 Mar 2005 20:58:37 +1100
Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:

> This patch uses dst_mtu instead of dst_pmtu in the various tunnel
> implementations.  As it is they simply ignore the IPsec overhead.
> This leads to bogus MTU values inside the tunnels.
> 
> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Applied, thanks Herbert.

> BTW, we're doing lazy MTU updates in the tunnel xmit functions.
> When a packet with DF set hits us and exceeds the updated MTU,
> we will send an ICMP packet back which is good.
> 
> Unfortunately when a packet with DF clear hits us as we update
> the MTU downwards, the packet will be silently discarded instead
> of fragmented (well we will send an ICMP back to ourselves but
> we already knew that MTU value :).
> 
> I presume we want to fix this, right?

I think so, although it could be argued that in the end it really
doesn't matter.  The final argument though is that quality of
implementation says we shouldn't drop the frame for such a reason.

<Prev in Thread]	Current Thread	[Next in Thread>
Replace send_unreach with icmp_send, (continued) Replace send_unreach with icmp_send, Herbert Xu Re: Replace send_unreach with icmp_send, Patrick McHardy [IPV4] Make ipt_REJECT use icmp_send again, Herbert Xu Re: [IPV4] Make ipt_REJECT use icmp_send again, Patrick McHardy Re: [IPV4] Make ipt_REJECT use icmp_send again, David S. Miller [IPV4] Send TCP reset through dst_output in ipt_REJECT, Herbert Xu Re: [IPV4] Send TCP reset through dst_output in ipt_REJECT, David S. Miller *Re: [17/] [NET] Replace dst_pmtu with dst_mtu*, Herbert Xu* *Re: [16/] [INET] Take IPsec overhead into account in tunnels*, Lennert Buytenhek* *Re: [16/] [INET] Take IPsec overhead into account in tunnels*, Herbert Xu* *Re: [16/] [INET] Take IPsec overhead into account in tunnels*, David S. Miller* <= *[21/] [IPv4] Fix MTU check in ipmr_queue_xmit*, Herbert Xu* *[22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Herbert Xu* *[23/] [IPV4] Kill remaining unnecessary uses of dst_pmtu*, Herbert Xu* *[24/] [IPSEC] Get ttl from child instead of path*, Herbert Xu* *[25/] [NET] Kill unnecessary uses of dst_path_metric*, Herbert Xu* *[26/] [NET] Kill dst_pmtu/dst_path_metric*, Herbert Xu* *[27/] [NET] Make dst_allfrag use dst instead of dst->path*, Herbert Xu* *Re: [27/] [NET] Make dst_allfrag use dst instead of dst->path*, David S. Miller* *Re: [26/] [NET] Kill dst_pmtu/dst_path_metric*, David S. Miller* *Re: [25/] [NET] Kill unnecessary uses of dst_path_metric*, David S. Miller*

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	*Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, David S. Miller*
Next by Date:	*Re: [12/] [IPSEC] Handle local_df in IPv4*, YOSHIFUJI Hideaki / 吉藤英明*
Previous by Thread:	*Re: [16/] [INET] Take IPsec overhead into account in tunnels*, Herbert Xu*
Next by Thread:	*[21/] [IPv4] Fix MTU check in ipmr_queue_xmit*, Herbert Xu*
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: [15/*] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data, David S. Miller

Next by Date:

Re: [12/*] [IPSEC] Handle local_df in IPv4, YOSHIFUJI Hideaki / 吉藤英明

Previous by Thread:

Re: [16/*] [INET] Take IPsec overhead into account in tunnels, Herbert Xu

Next by Thread:

[21/*] [IPv4] Fix MTU check in ipmr_queue_xmit, Herbert Xu

Indexes:

[Date] [Thread] [Top] [All Lists]