git.baikalelectronics.ru Git - kernel.git/commit

author	Gao feng <gaofeng@cn.fujitsu.com>
	Sat, 26 May 2012 01:30:53 +0000 (01:30 +0000)
committer	David S. Miller <davem@davemloft.net>
	Sun, 27 May 2012 05:11:22 +0000 (01:11 -0400)
commit	5b8fdc235b10c342d326a5901c2a5e173f3acf94
tree	1ea0d0ee1fb3915b30f7b40a91c0d047db5aeac3	tree \| snapshot
parent	6e2269b4852ab0acd9f400c51ce95934687fa27c	commit \| diff

ipv6: fix incorrect ipsec fragment

Since commit 68a232defb
"ipv6: Fragment locally generated tunnel-mode IPSec6 packets as needed"
the fragment of packets is incorrect.
because tunnel mode needs IPsec headers and trailer for all fragments,
while on transport mode it is sufficient to add the headers to the
first fragment and the trailer to the last.

so modify mtu and maxfraglen base on ipsec mode and if fragment is first
or last.

with my test,it work well(every fragment's size is the mtu)
and does not trigger slow fragment path.

Changes from v1:
though optimization, mtu_prev and maxfraglen_prev can be delete.
replace xfrm mode codes with dst_entry's new frag DST_XFRM_TUNNEL.
add fuction ip6_append_data_mtu to make codes clearer.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/net/dst.h		diff \| blob \| history
net/ipv6/ip6_output.c		diff \| blob \| history
net/xfrm/xfrm_policy.c		diff \| blob \| history