linux/net
Steffen Klassert d1d88e5de4 xfrm: fix fragmentation on inter family tunnels
If an ipv4 packet (not locally generated with IP_DF flag not set) bigger
than mtu size is supposed to go via a xfrm ipv6 tunnel, the packetsize
check in xfrm4_tunnel_check_size() is omited and ipv6 drops the packet
without sending a notice to the original sender of the ipv4 packet.

Another issue is that ipv4 connection tracking does reassembling of
incomming fragmented packets. If such a reassembled packet is supposed to
go via a xfrm ipv6 tunnel it will be droped, even if the original sender
did proper fragmentation.

According to RFC 2473 (section 7) tunnel ipv6 packets resulting from the
encapsulation of an original packet are considered as locally generated
packets. If such a packet passed the checks in xfrm{4,6}_tunnel_check_size()
fragmentation is allowed according to RFC 2473 (section 7.1/7.2).

This patch sets skb->local_df in xfrm6_prepare_output() to achieve
fragmentation in this case.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-04-06 17:07:59 -07:00
..
9p 9p: fix sparse warning: cast adds address space 2009-02-26 23:13:32 -08:00
802 net/802/fddi.c: add MODULE_LICENSE 2009-04-06 17:07:55 -07:00
8021q gro: Fix vlan/netpoll check again 2009-03-17 13:10:52 -07:00
appletalk appletalk: this warning can go I think 2009-03-27 00:27:18 -07:00
atm atm: convert clip driver to net_device_ops 2009-03-21 19:19:12 -07:00
ax25 Revert "ax25: zero length frame filtering in AX25" 2009-03-27 17:23:42 -07:00
bluetooth Merge branch 'master' of /home/davem/src/GIT/linux-2.6/ 2009-03-26 15:23:24 -07:00
bridge Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-03-26 01:22:01 -07:00
can can: remove some pointless conditionals before kfree_skb() 2009-02-26 23:07:35 -08:00
core net: allow multiple dev per napi with GRO 2009-04-02 01:07:37 -07:00
dcb DCB: fix kfree(skb) 2009-01-04 17:29:21 -08:00
dccp dccp: Do not let initial option overhead shrink the MPS 2009-03-02 03:07:23 -08:00
decnet net/*: use linux/kernel.h swap() 2009-03-21 13:36:17 -07:00
dsa dsa: add switch chip cascading support 2009-03-21 19:06:54 -07:00
econet net: convert usage of packet_type to read_mostly 2009-03-10 05:22:43 -07:00
ethernet eth: Declare an optimized compare_ether_addr_64bits() function 2008-11-23 23:24:32 -08:00
ipv4 tcp: miscounts due to tcp_fragment pcount reset 2009-04-02 16:31:45 -07:00
ipv6 xfrm: fix fragmentation on inter family tunnels 2009-04-06 17:07:59 -07:00
ipx ipx: use constant for strings and desciptor 2009-03-21 19:06:51 -07:00
irda irlan: convert to net_device_ops 2009-03-21 19:19:16 -07:00
iucv iucv: remove some pointless conditionals before kfree_skb() 2009-02-26 23:07:37 -08:00
key af_key: remove some pointless conditionals before kfree_skb() 2009-02-26 23:07:32 -08:00
lapb
llc net: convert usage of packet_type to read_mostly 2009-03-10 05:22:43 -07:00
mac80211 mac80211/iwlwifi: move virtual A-MDPU queue bookkeeping to iwlwifi 2009-03-27 20:13:23 -04:00
netfilter netfilter: xtables: fix IPv6 dependency in the cluster match 2009-03-29 13:46:01 -07:00
netlabel netlabel: Update kernel configuration API 2008-12-31 12:54:11 -05:00
netlink Merge branch 'master' of /home/davem/src/GIT/linux-2.6/ 2009-03-26 15:23:24 -07:00
netrom Revert "netrom: zero length frame filtering in NetRom" 2009-03-27 17:22:55 -07:00
packet Network Drop Monitor: Adding kfree_skb_clean for non-drops and modifying end-of-line points for skbs 2009-03-13 12:09:28 -07:00
phonet net: convert usage of packet_type to read_mostly 2009-03-10 05:22:43 -07:00
rds RDS: Use spinlock to protect 64b value update on 32b archs 2009-04-02 00:52:22 -07:00
rfkill net/rfkill/rfkill.c: fix unused rfkill_led_trigger() warning 2009-01-04 17:11:24 -08:00
rose af_rose/x25: Sanity check the maximum user frame size 2009-03-27 00:28:21 -07:00
rxrpc RxRPC: Fix a potential NULL dereference 2009-02-06 21:50:52 -08:00
sched net/*: use linux/kernel.h swap() 2009-03-21 13:36:17 -07:00
sctp sctp: Clean up TEST_FRAME hacks. 2009-03-21 13:41:09 -07:00
sunrpc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2009-03-27 16:23:12 -07:00
tipc tipc: fix non-const printf format arguments 2009-03-18 19:11:29 -07:00
unix unix: remove some pointless conditionals before kfree_skb() 2009-02-26 23:07:34 -08:00
wanrouter wanrouter: fix sparse warnings: context imbalance 2009-02-26 23:13:36 -08:00
wimax Merge branch 'master' of /home/davem/src/GIT/linux-2.6/ 2009-02-14 23:12:00 -08:00
wireless cfg80211: default CONFIG_WIRELESS_OLD_REGULATORY to n 2009-03-27 20:13:23 -04:00
x25 af_rose/x25: Sanity check the maximum user frame size 2009-03-27 00:28:21 -07:00
xfrm xfrm: spin_lock() should be spin_unlock() in xfrm_state.c 2009-03-27 00:23:04 -07:00
compat.c net: socket infrastructure for SO_TIMESTAMPING 2009-02-15 22:43:35 -08:00
Kconfig Merge branch 'master' of /home/davem/src/GIT/linux-2.6/ 2009-03-26 15:23:24 -07:00
Makefile RDS: Kconfig and Makefile 2009-02-26 23:43:35 -08:00
nonet.c
socket.c socket: use percpu_add() while updating sockets_in_use 2009-04-04 16:41:09 -07:00
sysctl_net.c net: sysctl_net - use net_eq to compare nets 2009-03-16 16:23:30 +01:00
TUNABLE