@@ -196,6 +196,34 @@ static bool vti_state_check(const struct xfrm_state *x, __be32 dst, __be32 src)
return true;
}
+static bool vti_tunnel_check_size(struct sk_buff *skb)
+{
+ int mtu;
+
+ if (skb->protocol == htons(ETH_P_IP)) {
+ if (!(ip_hdr(skb)->frag_off & htons(IP_DF)) || skb->ignore_df)
+ return true;
+ }
+
+ mtu = dst_mtu(skb_dst(skb));
+ if (skb->len > mtu) {
+ skb_dst_update_pmtu(skb, mtu);
+ if (skb->protocol == htons(ETH_P_IP)) {
+ icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
+ htonl(mtu));
+ } else {
+ if (mtu < IPV6_MIN_MTU)
+ mtu = IPV6_MIN_MTU;
+
+ icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
+ }
+
+ return false;
+ }
+
+ return true;
+}
+
static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev,
struct flowi *fl)
{
@@ -205,7 +233,6 @@ static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev,
struct net_device *tdev; /* Device to other host */
int pkt_len = skb->len;
int err;
- int mtu;
if (!dst) {
dev->stats.tx_carrier_errors++;
@@ -233,19 +260,7 @@ static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev,
goto tx_error;
}
- mtu = dst_mtu(dst);
- if (skb->len > mtu) {
- skb_dst_update_pmtu(skb, mtu);
- if (skb->protocol == htons(ETH_P_IP)) {
- icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
- htonl(mtu));
- } else {
- if (mtu < IPV6_MIN_MTU)
- mtu = IPV6_MIN_MTU;
-
- icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
- }
-
+ if (!vti_tunnel_check_size(skb)) {
dst_release(dst);
goto tx_error;
}
@@ -436,6 +436,46 @@ static bool vti6_state_check(const struct xfrm_state *x,
}
/**
+ * vti6_tunnel_check_size - check size of packet
+ * @skb: the outgoing socket buffer
+ *
+ * Description:
+ * Check if packet is too large (> pmtu)
+ *
+ * Return:
+ * true if size of packet is ok
+ * false if packet is too large
+ **/
+static bool vti6_tunnel_check_size(struct sk_buff *skb)
+{
+ int mtu;
+
+ if (skb->protocol == htons(ETH_P_IP)) {
+ if (!(ip_hdr(skb)->frag_off & htons(IP_DF)) || skb->ignore_df)
+ return true;
+ }
+
+ mtu = dst_mtu(skb_dst(skb));
+ if (skb->len > mtu) {
+ skb_dst_update_pmtu(skb, mtu);
+
+ if (skb->protocol == htons(ETH_P_IPV6)) {
+ if (mtu < IPV6_MIN_MTU)
+ mtu = IPV6_MIN_MTU;
+
+ icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
+ } else {
+ icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
+ htonl(mtu));
+ }
+
+ return false;
+ }
+
+ return true;
+}
+
+/**
* vti6_xmit - send a packet
* @skb: the outgoing socket buffer
* @dev: the outgoing tunnel device
@@ -451,7 +491,6 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
struct xfrm_state *x;
int pkt_len = skb->len;
int err = -1;
- int mtu;
if (!dst)
goto tx_err_link_failure;
@@ -481,20 +520,7 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
goto tx_err_dst_release;
}
- mtu = dst_mtu(dst);
- if (skb->len > mtu) {
- skb_dst_update_pmtu(skb, mtu);
-
- if (skb->protocol == htons(ETH_P_IPV6)) {
- if (mtu < IPV6_MIN_MTU)
- mtu = IPV6_MIN_MTU;
-
- icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
- } else {
- icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
- htonl(mtu));
- }
-
+ if (!vti6_tunnel_check_size(skb)) {
err = -EMSGSIZE;
goto tx_err_dst_release;
}
Only send a 'need to frag' ICMP message when the "Don't Fragment" bit is set. If it's not set then the packet can/will be fragmented. This fixes sending an 'need to frag' message on a client that did not set the DF bit, i.e.: $ ping -s 1300 -M dont -c5 192.168.235.2 PING 192.168.235.3 (192.168.235.3) 1300(1328) bytes of data. From 192.168.236.254 icmp_seq=1 Frag needed and DF set (mtu = 1214) Signed-off-by: Bram Yvahk <bram-yvahk@mail.wizbit.be> --- net/ipv4/ip_vti.c | 43 +++++++++++++++++++++++++++-------------- net/ipv6/ip6_vti.c | 56 +++++++++++++++++++++++++++++++++++++++--------------- 2 files changed, 70 insertions(+), 29 deletions(-)