> As far as i know, the code that implements PMTU discovery is located > in net/ipv4/ip_output.c. > It is independent of ipsec, it is valuable for all ipv4.
But when v r using IPsec the size of payload increases n hence when the packet is send outward it can b dropped due to its size..So v have again to do a PMTUd in the for IPsec packets..But this cud have been avoided if the IPsec itself consists of an PMTU discovery so that the packet can b fragmented while doing IPsec processing to appropriate size.. > I do not understand exactly what you need? > I successfully saw the PMTU discovery mechanism working, so... > Also don't forget that emitter packet must have DF flag set. > Can you explain more your problem? > #Louis. Also i wanna know that where the hell these guys r receiving packets frm for to do IPsec processing.. I dont find anything here in XFRM its just processing the buff but frm where v r getting the packet so that it can b processed for IPsec... > > int ip_fragment <http://lxr.linux.no/ident?a=arm;i=ip_fragment>(struct > sk_buff <http://lxr.linux.no/ident?a=arm;i=sk_buff> > *skb<http://lxr.linux.no/ident?a=arm;i=skb>, > int (*output <http://lxr.linux.no/ident?a=arm;i=output>)(struct > sk_buff<http://lxr.linux.no/ident?a=arm;i=sk_buff> > *)) > 429 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L429> { > 430 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L430> struct > iphdr <http://lxr.linux.no/ident?a=arm;i=iphdr> *iph; > 431 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L431> int > raw<http://lxr.linux.no/ident?a=arm;i=raw>= 0; > 432 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L432> int > ptr<http://lxr.linux.no/ident?a=arm;i=ptr> > ; > 433 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L433> struct > net_device <http://lxr.linux.no/ident?a=arm;i=net_device> > *dev<http://lxr.linux.no/ident?a=arm;i=dev> > ; > 434 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L434> struct > sk_buff <http://lxr.linux.no/ident?a=arm;i=sk_buff> *skb2; > 435 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L435> unsigned > int mtu <http://lxr.linux.no/ident?a=arm;i=mtu>, hlen, > left<http://lxr.linux.no/ident?a=arm;i=left>, > len <http://lxr.linux.no/ident?a=arm;i=len>, ll_rs; > 436 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L436> int > offset<http://lxr.linux.no/ident?a=arm;i=offset> > ; > 437 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L437> int > not_last_frag; > 438 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L438> struct > rtable <http://lxr.linux.no/ident?a=arm;i=rtable> *rt = (struct > rtable<http://lxr.linux.no/ident?a=arm;i=rtable> > *)skb > <http://lxr.linux.no/ident?a=arm;i=skb>->dst<http://lxr.linux.no/ident?a=arm;i=dst> > ; > 439 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L439> int > err<http://lxr.linux.no/ident?a=arm;i=err>= 0; > 440 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L440> > 441 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L441> > dev<http://lxr.linux.no/ident?a=arm;i=dev>= rt->u. > dst > <http://lxr.linux.no/ident?a=arm;i=dst>.dev<http://lxr.linux.no/ident?a=arm;i=dev> > ; > 442 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L442> > 443 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L443> */** > 444 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L444> * * Point > into the IP datagram header.* > 445 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L445> * */* > 446 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L446> > 447 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L447> iph > skb<http://lxr.linux.no/ident?a=arm;i=skb> > ->nh.iph; > 448 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L448> > 449 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L449> if ( > unlikely <http://lxr.linux.no/ident?a=arm;i=unlikely>((iph->frag_off & > htons<http://lxr.linux.no/ident?a=arm;i=htons> > (IP_DF <http://lxr.linux.no/ident?a=arm;i=IP_DF>)) && > !skb<http://lxr.linux.no/ident?a=arm;i=skb>->local_df)) > { > 450 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L450> > icmp_send<http://lxr.linux.no/ident?a=arm;i=icmp_send> > (skb <http://lxr.linux.no/ident?a=arm;i=skb>, > ICMP_DEST_UNREACH<http://lxr.linux.no/ident?a=arm;i=ICMP_DEST_UNREACH>, > ICMP_FRAG_NEEDED <http://lxr.linux.no/ident?a=arm;i=ICMP_FRAG_NEEDED>, > 451 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L451> > htonl<http://lxr.linux.no/ident?a=arm;i=htonl> > (dst_pmtu > <http://lxr.linux.no/ident?a=arm;i=dst_pmtu>(&rt->u.dst<http://lxr.linux.no/ident?a=arm;i=dst> > ))); > 452 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L452> > kfree_skb<http://lxr.linux.no/ident?a=arm;i=kfree_skb> > (skb <http://lxr.linux.no/ident?a=arm;i=skb>); > 453 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L453> return - > EMSGSIZE <http://lxr.linux.no/ident?a=arm;i=EMSGSIZE>; > 454 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L454> } > 455 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L455> > 456 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L456> */** > 457 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L457> * * Setup > starting values.* > 458 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L458> * */* > 459 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L459> > 460 <http://lxr.linux.no/source/net/ipv4/ip_output.c?a=arm#L460> hlen = > iph->ihl * 4; > > > 2005/8/21, [EMAIL PROTECTED] <[EMAIL PROTECTED]>: >> >> >> hii .. >> Can anyone help me in figuring out that whether the linux 2.6 kernel has >> got a >> way for ICMP handling for IPsec/Ipv4 or not.If yes plzz tell me the >> files >> whether its done... Or just guide me a lil in short whether the 2.6 >> kernel >> has successfull handling of PMTU for IPsec/Ipv4 n where they r exactly >> doing so... >> thanx.. >> >> >> >> >> >> - >> To unsubscribe from this list: send the line "unsubscribe netdev" in >> the body of a message to [EMAIL PROTECTED] >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> > - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
