If the inside packet is fragmented already, Linux kernel hands us
packets with skb->ignore_df=0. Since this is applied to the encapsulated
packet, the kernel will then refuse to fragment the resulting UDP/IPv6
packet (for IPv4, it seems to look at the actual DF bit, which does
not exist for IPv6).
Always set ignore_df=1 in the udp6 output path.
Fixes t_client tests with "ping -s 3000" across UDP6 tunnels.
Signed-off-by: Gert Doering <g...@greenie.muc.de>
---
drivers/net/ovpn-dco/udp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ovpn-dco/udp.c b/drivers/net/ovpn-dco/udp.c
index 4c54068..9416338 100644
--- a/drivers/net/ovpn-dco/udp.c
+++ b/drivers/net/ovpn-dco/udp.c
@@ -215,6 +215,9 @@ static int ovpn_udp6_output(struct ovpn_struct *ovpn,
struct ovpn_bind *bind,
dst_cache_set_ip6(cache, dst, &fl.saddr);
transmit:
+ /* always permit openvpn-created packets to be (outside) fragmented */
+ skb->ignore_df = 1;
+
udp_tunnel6_xmit_skb(dst, sk, skb, skb->dev, &fl.saddr, &fl.daddr, 0,
ip6_dst_hoplimit(dst), 0, fl.fl6_sport,
fl.fl6_dport, udp_get_no_check6_tx(sk));
--
2.25.1
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
