kern/91412: Problem with PMTU Discovery / DF / IPSEC / GIF
Tunnels
Nate Nielsen
nielsen at memberwebs.com
Fri Jan 6 12:00:26 PST 2006
The following reply was made to PR kern/91412; it has been noted by GNATS.
From: Nate Nielsen <nielsen at memberwebs.com>
To: bug-followup at freebsd.org
Cc:
Subject: Re: kern/91412: Problem with PMTU Discovery / DF / IPSEC / GIF Tunnels
Date: Fri, 6 Jan 2006 20:13:52 +0000 (GMT)
This is a multi-part message in MIME format.
--------------070507060309070107090700
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
--------------070507060309070107090700
Content-Type: application/x-gzip;
name="pmtu-gif-ipsec-config.tar.gz"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
filename="pmtu-gif-ipsec-config.tar.gz"
H4sICCX8u0MAA2ZyLjE0MTUyLjAucG10dS1naWYtaXBzZWMtY29uZmlnLnRhcgDtltuOmzAQ
hrktT2H5HoPNaaUol7ndVupVpUqRAQNWwLDYdLVvXw67DVGrkN2o2R7miyLMMPkdxfNPpq1N
7xQyd2SrReqkjcpl4XZNb0TncHeKkjFqvR1vIAqC8Urj0FteJ4KAWtTzwyiOwziOrOGpH0QW
8q7Y82J6bXiHkKUFV+fy1p7/peRVr8uNrdvseWXzLEPUI4zcEfqyYEjoFrHh3JCzQ0nVPOZS
l06apAjzJM1EXpSU+cFwhHd4s5RgR61nCXaRxPiNRhmPTC/XW6xkGyDnE5IKTeU5Crum40q3
TWdctxMPvezE5gKJocxXNOz3PqDfTHve/93V5rfW/R/G/tH/wej/KAoZ+P8W2AU34pE/7YXi
SSW2+MvuM7bLRhvF6+HW9EqJyqmkOjicGKENqZqUV9hOq0aJbC/VUCk5T4Xe4qGOPGzLfK6i
/Xi7xVIJMzaBmFA6d5RpxdAQr7k+IBaG5OXtoa/2BzQzb/1zL1rsUKn0dIeQUJcFpxn0mDEJ
TQn2QTzVvN3iXpPsW9PxA7a1LrPT30ELldVcVj+i9x/vd8OHH3peFPw0dzLQr0K5HAOuMOni
7xT/IZ3lrP+Td/C/H87+p+D/W/Aa/yfX+58tOsHr/H8cJM75P1r3PwP/L1jx/63n/8hj/jT/
++D/mwDz//89/wMAAAAAAAAAAAAAAAAAAAAA8O/xHfPkVqoAKAAA
--------------070507060309070107090700
Content-Type: text/x-patch;
name="pmtu-gif-ipsec.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="pmtu-gif-ipsec.patch"
--- sys/netinet/ip_input.c.orig Wed Jan 4 10:18:01 2006
+++ sys/netinet/ip_input.c Wed Jan 4 10:39:35 2006
@@ -1918,29 +1918,29 @@ ip_forward(struct mbuf *m, int srcrt)
}
}
#ifdef IPSEC
key_freesp(sp);
#else /* FAST_IPSEC */
KEY_FREESP(&sp);
#endif
- ipstat.ips_cantfrag++;
- break;
- } else
+ }
#endif /*IPSEC || FAST_IPSEC*/
- /*
- * When doing source routing 'ia' can be NULL. Fall back
- * to the minimum guaranteed routeable packet size and use
- * the same hack as IPSEC to setup a dummyifp for icmp.
- */
- if (ia == NULL)
- mtu = IP_MSS;
- else
- mtu = ia->ia_ifp->if_mtu;
+ if (!mtu) {
+ /*
+ * When doing source routing 'ia' can be NULL. Fall back
+ * to the minimum guaranteed routeable packet size and use
+ * the same hack as IPSEC to setup a dummyifp for icmp.
+ */
+ if (ia == NULL)
+ mtu = IP_MSS;
+ else
+ mtu = ia->ia_ifp->if_mtu;
+ }
#if defined(IPSEC) || defined(FAST_IPSEC)
}
#endif /*IPSEC || FAST_IPSEC*/
ipstat.ips_cantfrag++;
break;
case ENOBUFS:
/*
--------------070507060309070107090700--
More information about the freebsd-bugs
mailing list