When creating dst entry from ndisc, the dst entry of pmtu is not set, and the
outout for this kind of dst entry is set to ip_output2 instead of ip_output.
This could lead to send bigger packets through these des entries without
fragmentation, and uninitialized pmtu could lead the network unreachable.
These problems are easy reproduced when configuring IPSEC for ipv6. IPSEC
could pick up dst entry created by ndisc as child des entry if ndisc dst
entry generated earlier. If sending bigger packets through IPSEC, the ip
output2 will send bigger packets out, the driver will drop these packets on
receiver side. Also the dst_entry pmtu will be 0, the network is unreachable.
The patch has been tested against 2.6.6. I am not sure why ndisc genereats dst
entry with output equal to ip6_output2 not ip6_output. If ndisc sends bigger
packets, it will break also.
Here is the patch against 2.6.6 kernel. Please review this patch.
--
Thanks
Shirley Ma
IBM Linux Technology Center
linux-2.6.6-dst.patch
Description: Text Data
|