linux/net/ipv6
Steffen Klassert d1d88e5de4 xfrm: fix fragmentation on inter family tunnels
If an ipv4 packet (not locally generated with IP_DF flag not set) bigger
than mtu size is supposed to go via a xfrm ipv6 tunnel, the packetsize
check in xfrm4_tunnel_check_size() is omited and ipv6 drops the packet
without sending a notice to the original sender of the ipv4 packet.

Another issue is that ipv4 connection tracking does reassembling of
incomming fragmented packets. If such a reassembled packet is supposed to
go via a xfrm ipv6 tunnel it will be droped, even if the original sender
did proper fragmentation.

According to RFC 2473 (section 7) tunnel ipv6 packets resulting from the
encapsulation of an original packet are considered as locally generated
packets. If such a packet passed the checks in xfrm{4,6}_tunnel_check_size()
fragmentation is allowed according to RFC 2473 (section 7.1/7.2).

This patch sets skb->local_df in xfrm6_prepare_output() to achieve
fragmentation in this case.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-04-06 17:07:59 -07:00
..
netfilter netfilter: use rcu_read_bh() in ipt_do_table() 2009-04-02 00:54:43 -07:00
addrconf_core.c
addrconf.c ipv6: Fix conflict resolutions during ipv6 binding 2009-03-24 19:49:11 -07:00
addrlabel.c net: replace %p6 with %pI6 2008-10-29 12:52:50 -07:00
af_inet6.c ipv6: Make v4-mapped bindings consistent with IPv4 2009-03-24 19:49:10 -07:00
ah6.c netns xfrm: AH/ESP in netns! 2008-11-25 17:59:27 -08:00
anycast.c net: replace %#p6 format specifier with %pi6 2008-10-29 12:50:24 -07:00
datagram.c netns xfrm: lookup in netns 2008-11-25 17:35:18 -08:00
esp6.c netns xfrm: AH/ESP in netns! 2008-11-25 17:59:27 -08:00
exthdrs_core.c
exthdrs.c net: replace %p6 with %pI6 2008-10-29 12:52:50 -07:00
fib6_rules.c netns: Add network namespace argument to rt6_fill_node() and ipv6_dev_get_saddr() 2008-08-14 15:33:21 -07:00
icmp.c net: fix xfrm reverse flow lookup for icmp6 2009-01-27 22:30:19 -08:00
inet6_connection_sock.c netns xfrm: lookup in netns 2008-11-25 17:35:18 -08:00
inet6_hashtables.c ipv6: don't use tw net when accounting for recycled tw 2009-02-26 03:35:13 -08:00
ip6_fib.c ipv6: Fix fib6_dump_table walker leak 2009-01-13 22:17:51 -08:00
ip6_flowlabel.c ipv6: Disallow rediculious flowlabel option sizes. 2009-02-06 00:49:55 -08:00
ip6_input.c ipv6: Plug sk_buff leak in ipv6_rcv (net/ipv6/ip6_input.c) 2009-03-27 00:17:45 -07:00
ip6_output.c ipv6: Copy cork options in ip6_append_data 2009-02-05 15:15:50 -08:00
ip6_tunnel.c IPv6: fix to set device name when new IPv6 over IPv6 tunnel device is created. 2009-02-09 15:01:19 -08:00
ip6mr.c ipv6: compile fix for ip6mr.c 2009-01-31 00:51:49 -08:00
ipcomp6.c netns xfrm: state lookup in netns 2008-11-25 17:30:50 -08:00
ipv6_sockglue.c ipv6: Remove some pointless conditionals before kfree_skb() 2009-02-24 23:33:52 -08:00
Kconfig ipsec: ipcomp - Merge IPComp implementations 2008-07-25 02:54:40 -07:00
Makefile [IPV6] MROUTE: Support multicast forwarding. 2008-04-05 22:33:38 +09:00
mcast.c ipv6/mcast: join error paths using goto 2008-12-14 23:15:21 -08:00
mip6.c netns xfrm: KM reporting in netns 2008-11-25 17:51:01 -08:00
ndisc.c netlink: change nlmsg_notify() return value logic 2009-02-24 23:18:28 -08:00
netfilter.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2008-11-28 02:19:15 -08:00
proc.c net: fix tiny output corruption of /proc/net/snmp6 2008-11-20 04:20:10 -08:00
protocol.c net: remove CVS keywords 2008-06-11 21:00:38 -07:00
raw.c netns xfrm: lookup in netns 2008-11-25 17:35:18 -08:00
reassembly.c netns: oops in ip[6]_frag_reasm incrementing stats 2009-03-18 23:26:11 -07:00
route.c netlink: change nlmsg_notify() return value logic 2009-02-24 23:18:28 -08:00
sit.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-03-20 02:27:41 -07:00
syncookies.c netns xfrm: lookup in netns 2008-11-25 17:35:18 -08:00
sysctl_net_ipv6.c remove lots of double-semicolons 2009-01-08 08:31:14 -08:00
tcp_ipv6.c ipv6: Remove some pointless conditionals before kfree_skb() 2009-02-24 23:33:52 -08:00
tunnel6.c [IPV6] TUNNEL6: Fix incoming packet length check for inter-protocol tunnel. 2008-06-05 04:02:32 +09:00
udp_impl.h udp: introduce struct udp_table and multiple spinlocks 2008-10-29 01:41:45 -07:00
udp.c ipv6: Fix conflict resolutions during ipv6 binding 2009-03-24 19:49:11 -07:00
udplite.c udp: RCU handling for Unicast packets. 2008-10-29 02:11:14 -07:00
xfrm6_input.c netns xfrm: per-netns MIBs 2008-11-25 17:59:52 -08:00
xfrm6_mode_beet.c ipsec: Interfamily IPSec BEET, ipv4-inner ipv6-outer 2008-08-06 02:40:25 -07:00
xfrm6_mode_ro.c [IPSEC]: Make x->lastused an unsigned long 2008-01-28 14:53:52 -08:00
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm6_output.c xfrm: fix fragmentation on inter family tunnels 2009-04-06 17:07:59 -07:00
xfrm6_policy.c net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
xfrm6_state.c ipv6: fix sparse warning: Using plain integer as NULL pointer 2009-02-21 23:37:10 -08:00
xfrm6_tunnel.c xfrm6_tunnel: join error paths using goto 2008-12-14 23:13:48 -08:00