From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>, Willy Tarreau <w@1wt.eu>,
Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
Jake Edge <jake@lwn.net>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk,
Steffen Klassert <steffen.klassert@secunet.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Subject: [patch 8/9] xfrm: fix fragmentation for ipv4 xfrm tunnel
Date: Fri, 25 Jul 2008 16:07:36 -0700 [thread overview]
Message-ID: <20080725230736.GI1612@suse.de> (raw)
In-Reply-To: <20080725230644.GA1612@suse.de>
[-- Attachment #1: 0008-xfrm-fix-fragmentation-for-ipv4-xfrm-tunnel.patch --]
[-- Type: text/plain, Size: 1468 bytes --]
2.6.25-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Steffen Klassert <steffen.klassert@secunet.com>
[ Upstream commit fe833fca2eac6b3d3ad5e35f44ad4638362f1da8 ]
When generating the ip header for the transformed packet we just copy
the frag_off field of the ip header from the original packet to the ip
header of the new generated packet. If we receive a packet as a chain
of fragments, all but the last of the new generated packets have the
IP_MF flag set. We have to mask the frag_off field to only keep the
IP_DF flag from the original packet. This got lost with git commit
36cf9acf93e8561d9faec24849e57688a81eb9c5 ("[IPSEC]: Separate
inner/outer mode processing on output")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/ipv4/xfrm4_mode_tunnel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv4/xfrm4_mode_tunnel.c
+++ b/net/ipv4/xfrm4_mode_tunnel.c
@@ -52,7 +52,7 @@ static int xfrm4_mode_tunnel_output(stru
IP_ECN_clear(top_iph);
top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
- 0 : XFRM_MODE_SKB_CB(skb)->frag_off;
+ 0 : (XFRM_MODE_SKB_CB(skb)->frag_off & htons(IP_DF));
ip_select_ident(top_iph, dst->child, NULL);
top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT);
--
next prev parent reply other threads:[~2008-07-25 23:13 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080725225425.193966072@mini.kroah.org>
2008-07-25 23:06 ` [patch 0/9] 2.6.25-stable review Greg KH
2008-07-25 23:07 ` [patch 1/9] hdlcdrv: Fix CRC calculation Greg KH
2008-07-25 23:07 ` [patch 2/9] ipv6: __KERNEL__ ifdef struct ipv6_devconf Greg KH
2008-07-25 23:07 ` [patch 3/9] ipv6: use timer pending Greg KH
2008-07-25 23:07 ` [patch 4/9] l2tp: Fix potential memory corruption in pppol2tp_recvmsg() Greg KH
2008-07-25 23:07 ` [patch 5/9] net pppoe: Check packet length on all receive paths Greg KH
2008-07-25 23:07 ` [patch 6/9] pppoe: Unshare skb before anything else Greg KH
2008-07-25 23:07 ` [patch 7/9] raw: Restore /proc/net/raw correct behavior Greg KH
2008-07-25 23:07 ` Greg KH [this message]
2008-07-25 23:07 ` [patch 9/9] udplite: Protection against coverage value wrap-around Greg KH
2008-07-26 2:54 ` [patch 0/9] 2.6.25-stable review Grant Coady
2008-07-26 3:44 ` Greg KH
2008-07-26 4:07 ` Richard A Nelson
2008-07-26 5:08 ` [stable] " Greg KH
2008-07-26 6:27 ` Henrique de Moraes Holschuh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080725230736.GI1612@suse.de \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=jake@lwn.net \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=rbranco@la.checkpoint.com \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=steffen.klassert@secunet.com \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=w@1wt.eu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.