[22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS

netdev

[22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS

To:	"David S. Miller" <davem@xxxxxxxxxxxxx>
Subject:	[22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS
From:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date:	Fri, 18 Mar 2005 20:11:29 +1100
Cc:	Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>, YOSHIFUJI Hideaki <yoshfuji@xxxxxxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to:	<20050318090310.GA28443@xxxxxxxxxxxxxxxxxxx>
References:	<20050214221607.GC18465@xxxxxxxxxxxxxxxxxxx> <20050306213214.7d8a143d.davem@xxxxxxxxxxxxx> <20050307103536.GB7137@xxxxxxxxxxxxxxxxxxx> <20050308102741.GA23468@xxxxxxxxxxxxxxxxxxx> <20050314102614.GA9610@xxxxxxxxxxxxxxxxxxx> <20050314105313.GA21001@xxxxxxxxxxxxxxxxxxx> <20050314111002.GA29156@xxxxxxxxxxxxxxxxxxx> <20050315091904.GA6256@xxxxxxxxxxxxxxxxxxx> <20050315095837.GA7130@xxxxxxxxxxxxxxxxxxx> <20050318090310.GA28443@xxxxxxxxxxxxxxxxxxx>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.5.6+20040907i

Hi Dave:

This patch makes ipt_TCPMSS use the correct MTU value for clamping.
This is a bit tricky actually since TCPMSS can be used in FORWARD,
LOCAL_OUT as well as POST_ROUTING.

In the first two cases we haven't performed IPsec yet so dst_mtu
obviously does the right thing.  As it is, POST_ROUTING is performed
after xfrm_output so MSS clamping is useless there.

With Patrick's IPsec netfilter stuff, there will be a POST_ROUTING
processing before IPsec processing, in which case dst_mtu also returns
exactly what we want.

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

BTW Patrick, how is the IPsec netfilter stuff going?

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

xfrm-22
Description: Text document

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[IPV4] Make ipt_REJECT use icmp_send again, (continued) [IPV4] Make ipt_REJECT use icmp_send again, Herbert Xu Re: [IPV4] Make ipt_REJECT use icmp_send again, Patrick McHardy Re: [IPV4] Make ipt_REJECT use icmp_send again, David S. Miller [IPV4] Send TCP reset through dst_output in ipt_REJECT, Herbert Xu Re: [IPV4] Send TCP reset through dst_output in ipt_REJECT, David S. Miller *Re: [17/] [NET] Replace dst_pmtu with dst_mtu*, Herbert Xu* *Re: [16/] [INET] Take IPsec overhead into account in tunnels*, Lennert Buytenhek* *Re: [16/] [INET] Take IPsec overhead into account in tunnels*, Herbert Xu* *Re: [16/] [INET] Take IPsec overhead into account in tunnels*, David S. Miller* *[21/] [IPv4] Fix MTU check in ipmr_queue_xmit*, Herbert Xu* *[22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Herbert Xu* <= *[23/] [IPV4] Kill remaining unnecessary uses of dst_pmtu*, Herbert Xu* *[24/] [IPSEC] Get ttl from child instead of path*, Herbert Xu* *[25/] [NET] Kill unnecessary uses of dst_path_metric*, Herbert Xu* *[26/] [NET] Kill dst_pmtu/dst_path_metric*, Herbert Xu* *[27/] [NET] Make dst_allfrag use dst instead of dst->path*, Herbert Xu* *Re: [27/] [NET] Make dst_allfrag use dst instead of dst->path*, David S. Miller* *Re: [26/] [NET] Kill dst_pmtu/dst_path_metric*, David S. Miller* *Re: [25/] [NET] Kill unnecessary uses of dst_path_metric*, David S. Miller* *Re: [24/] [IPSEC] Get ttl from child instead of path*, David S. Miller* *Re: [23/] [IPV4] Kill remaining unnecessary uses of dst_pmtu*, David S. Miller*

Previous by Date:	Re: Fw: 2.6.11-mm2 weird ethernet RTTs, Stefan Schmidt
Next by Date:	*[23/] [IPV4] Kill remaining unnecessary uses of dst_pmtu*, Herbert Xu*
Previous by Thread:	*[21/] [IPv4] Fix MTU check in ipmr_queue_xmit*, Herbert Xu*
Next by Thread:	*[23/] [IPV4] Kill remaining unnecessary uses of dst_pmtu*, Herbert Xu*
Indexes:	[Date] [Thread] [Top] [All Lists]