diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2015-07-06 13:57:54 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-07-07 07:11:26 +0000 |
| commit | 29c90c9cc0f74cb010ffecb016356640a226c489 (patch) | |
| tree | d3a620dd2ed0dbcbfedb12f5f1e83b7cc547576f /main/linux-grsec/0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch | |
| parent | ee277aa885361e02eac3e5e1076fbdf8edc0a54f (diff) | |
| download | aports-29c90c9cc0f74cb010ffecb016356640a226c489.tar.bz2 aports-29c90c9cc0f74cb010ffecb016356640a226c489.tar.xz | |
main/linux-grsec: ugprade to 3.18.17
Diffstat (limited to 'main/linux-grsec/0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch')
| -rw-r--r-- | main/linux-grsec/0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/main/linux-grsec/0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch b/main/linux-grsec/0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch new file mode 100644 index 0000000000..5e6f493f52 --- /dev/null +++ b/main/linux-grsec/0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch @@ -0,0 +1,55 @@ +From 9c889e8df035c6eb7993963a7c80bfc75a61124d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Mon, 6 Jul 2015 09:54:36 +0300 +Subject: [PATCH] ip_tunnel: fix ipv4 pmtu check to honor inner ip header df + +Frag needed should be sent only if the inner header asked +to not fragment. Currently fragmentation is broken if the +tunnel has df set. The tunnel's df needs to be still checked +to update internally the pmtu cache. + +This got broken in commit 23a3647bc4f93bac and this fixes +the pmtu check back to the way it was. + +Fixes: 23a3647bc4f93bac ("ip_tunnels: Use skb-len to PMTU check.") +Cc: Pravin B Shelar <pshelar@nicira.com> +--- + net/ipv4/ip_tunnel.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c +index 0bb8e14..6822572 100644 +--- a/net/ipv4/ip_tunnel.c ++++ b/net/ipv4/ip_tunnel.c +@@ -587,7 +587,8 @@ int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t, + EXPORT_SYMBOL(ip_tunnel_encap); + + static int tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb, +- struct rtable *rt, __be16 df) ++ struct rtable *rt, __be16 df, ++ const struct iphdr *inner_iph) + { + struct ip_tunnel *tunnel = netdev_priv(dev); + int pkt_size = skb->len - tunnel->hlen - dev->hard_header_len; +@@ -604,7 +605,8 @@ static int tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb, + + if (skb->protocol == htons(ETH_P_IP)) { + if (!skb_is_gso(skb) && +- (df & htons(IP_DF)) && mtu < pkt_size) { ++ (inner_iph->frag_off & htons(IP_DF)) && ++ mtu < pkt_size) { + memset(IPCB(skb), 0, sizeof(*IPCB(skb))); + icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu)); + return -E2BIG; +@@ -738,7 +740,7 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, + goto tx_error; + } + +- if (tnl_update_pmtu(dev, skb, rt, tnl_params->frag_off)) { ++ if (tnl_update_pmtu(dev, skb, rt, tnl_params->frag_off, inner_iph)) { + ip_rt_put(rt); + goto tx_error; + } +-- +2.4.5 + |