On Fri, Sep 04, 2015 at 01:21:06PM +0800, Herbert Xu wrote:
> On Mon, Aug 31, 2015 at 03:35:26PM +0800, Herbert Xu wrote:
> >
> > I see where the bug came from. Indeed IPv6 does do fragmentation
> > but only for tunnel mode. While your patch added a check that also
> > affected transport mode. So in addition to the GSO fix we should
> > also make the MTU check conditional to tunnel mode.
>
> Here is the patch:
>
> ---8<---
> ipv6: Fix IPsec pre-encap fragmentation check
>
> The IPv6 IPsec pre-encap path performs fragmentation for tunnel-mode
> packets. That is, we perform fragmentation pre-encap rather than
> post-encap.
>
> A check was added later to ensure that proper MTU information is
> passed back for locally generated traffic. Unfortunately this
> check was performed on all IPsec packets, including transport-mode
> packets.
>
> What's more, the check failed to take GSO into account.
>
> The end result is that transport-mode GSO packets get dropped at
> the check.
>
> This patch fixes it by moving the tunnel mode check forward as well
> as adding the GSO check.
>
> Fixes: dd767856a36e ("xfrm6: Don't call icmpv6_send on local error")
> Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
Applied to the ipsec tree, thanks Herbert!
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
