forked from Minki/linux
xfrm4: Invalidate all ipv4 routes on IPsec pmtu events
On IPsec pmtu events we can't access the transport headers of the original packet, so we can't find the socket that sent the packet. The only chance to notify the socket about the pmtu change is to force a relookup for all routes. This patch implenents this for the IPsec protocols. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
parent
5b653b2a1c
commit
05ab86c556
@ -420,9 +420,12 @@ static void ah4_err(struct sk_buff *skb, u32 info)
|
||||
if (!x)
|
||||
return;
|
||||
|
||||
if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)
|
||||
if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) {
|
||||
atomic_inc(&flow_cache_genid);
|
||||
rt_genid_bump(net);
|
||||
|
||||
ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_AH, 0);
|
||||
else
|
||||
} else
|
||||
ipv4_redirect(skb, net, 0, 0, IPPROTO_AH, 0);
|
||||
xfrm_state_put(x);
|
||||
}
|
||||
|
@ -502,9 +502,12 @@ static void esp4_err(struct sk_buff *skb, u32 info)
|
||||
if (!x)
|
||||
return;
|
||||
|
||||
if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)
|
||||
if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) {
|
||||
atomic_inc(&flow_cache_genid);
|
||||
rt_genid_bump(net);
|
||||
|
||||
ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_ESP, 0);
|
||||
else
|
||||
} else
|
||||
ipv4_redirect(skb, net, 0, 0, IPPROTO_ESP, 0);
|
||||
xfrm_state_put(x);
|
||||
}
|
||||
|
@ -47,9 +47,12 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info)
|
||||
if (!x)
|
||||
return;
|
||||
|
||||
if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)
|
||||
if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) {
|
||||
atomic_inc(&flow_cache_genid);
|
||||
rt_genid_bump(net);
|
||||
|
||||
ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_COMP, 0);
|
||||
else
|
||||
} else
|
||||
ipv4_redirect(skb, net, 0, 0, IPPROTO_COMP, 0);
|
||||
xfrm_state_put(x);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user