kern/91412: Problem with PMTU Discovery / DF / IPSEC / GIF Tunnels

Nate Nielsen nielsen at memberwebs.com
Fri Jan 6 12:00:26 PST 2006


The following reply was made to PR kern/91412; it has been noted by GNATS.

From: Nate Nielsen <nielsen at memberwebs.com>
To: bug-followup at freebsd.org
Cc:  
Subject: Re: kern/91412: Problem with PMTU Discovery / DF / IPSEC / GIF Tunnels
Date: Fri,  6 Jan 2006 20:13:52 +0000 (GMT)

 This is a multi-part message in MIME format.
 --------------070507060309070107090700
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 
 
 
 --------------070507060309070107090700
 Content-Type: application/x-gzip;
  name="pmtu-gif-ipsec-config.tar.gz"
 Content-Transfer-Encoding: base64
 Content-Disposition: inline;
  filename="pmtu-gif-ipsec-config.tar.gz"
 
 H4sICCX8u0MAA2ZyLjE0MTUyLjAucG10dS1naWYtaXBzZWMtY29uZmlnLnRhcgDtltuOmzAQ
 hrktT2H5HoPNaaUol7ndVupVpUqRAQNWwLDYdLVvXw67DVGrkN2o2R7miyLMMPkdxfNPpq1N
 7xQyd2SrReqkjcpl4XZNb0TncHeKkjFqvR1vIAqC8Urj0FteJ4KAWtTzwyiOwziOrOGpH0QW
 8q7Y82J6bXiHkKUFV+fy1p7/peRVr8uNrdvseWXzLEPUI4zcEfqyYEjoFrHh3JCzQ0nVPOZS
 l06apAjzJM1EXpSU+cFwhHd4s5RgR61nCXaRxPiNRhmPTC/XW6xkGyDnE5IKTeU5Crum40q3
 TWdctxMPvezE5gKJocxXNOz3PqDfTHve/93V5rfW/R/G/tH/wej/KAoZ+P8W2AU34pE/7YXi
 SSW2+MvuM7bLRhvF6+HW9EqJyqmkOjicGKENqZqUV9hOq0aJbC/VUCk5T4Xe4qGOPGzLfK6i
 /Xi7xVIJMzaBmFA6d5RpxdAQr7k+IBaG5OXtoa/2BzQzb/1zL1rsUKn0dIeQUJcFpxn0mDEJ
 TQn2QTzVvN3iXpPsW9PxA7a1LrPT30ELldVcVj+i9x/vd8OHH3peFPw0dzLQr0K5HAOuMOni
 7xT/IZ3lrP+Td/C/H87+p+D/W/Aa/yfX+58tOsHr/H8cJM75P1r3PwP/L1jx/63n/8hj/jT/
 ++D/mwDz//89/wMAAAAAAAAAAAAAAAAAAAAA8O/xHfPkVqoAKAAA
 --------------070507060309070107090700
 Content-Type: text/x-patch;
  name="pmtu-gif-ipsec.patch"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="pmtu-gif-ipsec.patch"
 
 --- sys/netinet/ip_input.c.orig	Wed Jan  4 10:18:01 2006
 +++ sys/netinet/ip_input.c	Wed Jan  4 10:39:35 2006
 @@ -1918,29 +1918,29 @@ ip_forward(struct mbuf *m, int srcrt)
  					}
  				}
  
  #ifdef IPSEC
  				key_freesp(sp);
  #else /* FAST_IPSEC */
  				KEY_FREESP(&sp);
  #endif
 -				ipstat.ips_cantfrag++;
 -				break;
 -			} else 
 +			}
  #endif /*IPSEC || FAST_IPSEC*/
 -		/*
 -		 * When doing source routing 'ia' can be NULL.  Fall back
 -		 * to the minimum guaranteed routeable packet size and use
 -		 * the same hack as IPSEC to setup a dummyifp for icmp.
 -		 */
 -		if (ia == NULL)
 -			mtu = IP_MSS;
 -		else
 -			mtu = ia->ia_ifp->if_mtu;
 +		if (!mtu) {
 +			/*
 +			 * When doing source routing 'ia' can be NULL.  Fall back
 +			 * to the minimum guaranteed routeable packet size and use
 +			 * the same hack as IPSEC to setup a dummyifp for icmp.
 +			 */
 +			if (ia == NULL)
 +				mtu = IP_MSS;
 +			else
 +				mtu = ia->ia_ifp->if_mtu;
 +		}
  #if defined(IPSEC) || defined(FAST_IPSEC)
  		}
  #endif /*IPSEC || FAST_IPSEC*/
  		ipstat.ips_cantfrag++;
  		break;
  
  	case ENOBUFS:
  		/*
 
 --------------070507060309070107090700--
 


More information about the freebsd-bugs mailing list