xfrm: interface: fix ipv4 pmtu check to honor ip header df

Frag needed should only be sent if the header enables DF. This fix allows packets larger than MTU to pass the xfrm interface and be fragmented after encapsulation, aligning behavior with non-interface xfrm. Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces") Signed-off-by: Eyal Birger <eyal.birger@gmail.com> Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
author: Eyal Birger <eyal.birger@gmail.com> 2021-02-20 15:01:15 +0200
committer: Steffen Klassert <steffen.klassert@secunet.com> 2021-02-23 18:23:58 +0100
commit: 8fc0e3b6a8666d656923d214e4dc791e9a17164a (patch)
tree: 324b4a85e1e84ca3b4d6fd8a6a38aedf8bbb08e9
parent: 3a2eb515d1367c0f667b76089a6e727279c688b8 (diff)
download: linux-8fc0e3b6a8666d656923d214e4dc791e9a17164a.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c
index 495b1f5c979b..8831f5a9e992 100644
--- a/net/xfrm/xfrm_interface.c
+++ b/net/xfrm/xfrm_interface.c
@@ -306,6 +306,8 @@ xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
 
 			icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
 		} else {
+			if (!(ip_hdr(skb)->frag_off & htons(IP_DF)))
+				goto xmit;
 			icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
 				      htonl(mtu));
 		}
@@ -314,6 +316,7 @@ xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
 		return -EMSGSIZE;
 	}
 
+xmit:
 	xfrmi_scrub_packet(skb, !net_eq(xi->net, dev_net(dev)));
 	skb_dst_set(skb, dst);
 	skb->dev = tdev;
author	Eyal Birger <eyal.birger@gmail.com>	2021-02-20 15:01:15 +0200
committer	Steffen Klassert <steffen.klassert@secunet.com>	2021-02-23 18:23:58 +0100
commit	8fc0e3b6a8666d656923d214e4dc791e9a17164a (patch)
tree	324b4a85e1e84ca3b4d6fd8a6a38aedf8bbb08e9
parent	3a2eb515d1367c0f667b76089a6e727279c688b8 (diff)
download	linux-8fc0e3b6a8666d656923d214e4dc791e9a17164a.tar.bz2