From mboxrd@z Thu Jan 1 00:00:00 1970 From: David L Stevens Subject: [PATCH] fragment locally-generated IPsec6 packets that need it Date: Mon, 13 Dec 2010 12:19:31 -0800 Message-ID: <1292271571.8593.9.camel@w-dls.beaverton.ibm.com> Reply-To: dlstevens@us.ibm.com Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Cc: netdev@vger.kernel.org To: herbert@gondor.apana.org.au, davem@davemloft.net Return-path: Received: from e7.ny.us.ibm.com ([32.97.182.137]:41468 "EHLO e7.ny.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755018Ab0LMUTf (ORCPT ); Mon, 13 Dec 2010 15:19:35 -0500 Received: from d01dlp02.pok.ibm.com (d01dlp02.pok.ibm.com [9.56.224.85]) by e7.ny.us.ibm.com (8.14.4/8.13.1) with ESMTP id oBDK1nvH003078 for ; Mon, 13 Dec 2010 15:01:49 -0500 Received: from d01relay02.pok.ibm.com (d01relay02.pok.ibm.com [9.56.227.234]) by d01dlp02.pok.ibm.com (Postfix) with ESMTP id 61DF64DE803B for ; Mon, 13 Dec 2010 15:17:31 -0500 (EST) Received: from d03av01.boulder.ibm.com (d03av01.boulder.ibm.com [9.17.195.167]) by d01relay02.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id oBDKJXGC455358 for ; Mon, 13 Dec 2010 15:19:33 -0500 Received: from d03av01.boulder.ibm.com (loopback [127.0.0.1]) by d03av01.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id oBDKJXSq011151 for ; Mon, 13 Dec 2010 13:19:33 -0700 Sender: netdev-owner@vger.kernel.org List-ID: This patch modifies IPsec6 to fragment IPv6 packets that are locally generated as needed. Signed-off-by: David L Stevens diff -ruNp linux-2.6.36-rc8/include/net/ip6_route.h linux-2.6.36-rc8DLS/include/net/ip6_route.h --- linux-2.6.36-rc8/include/net/ip6_route.h 2010-10-14 16:26:43.000000000 -0700 +++ linux-2.6.36-rc8DLS/include/net/ip6_route.h 2010-12-12 09:22:48.582141401 -0800 @@ -164,5 +164,15 @@ static inline int ipv6_unicast_destinati return rt->rt6i_flags & RTF_LOCAL; } +int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)); + +static inline int ip6_skb_dst_mtu(struct sk_buff *skb) +{ + struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL; + + return (np && np->pmtudisc == IPV6_PMTUDISC_PROBE) ? + skb_dst(skb)->dev->mtu : dst_mtu(skb_dst(skb)); +} + #endif #endif diff -ruNp linux-2.6.36-rc8/net/ipv6/ip6_output.c linux-2.6.36-rc8DLS/net/ipv6/ip6_output.c --- linux-2.6.36-rc8/net/ipv6/ip6_output.c 2010-10-14 16:26:43.000000000 -0700 +++ linux-2.6.36-rc8DLS/net/ipv6/ip6_output.c 2010-12-12 09:24:25.377740025 -0800 @@ -56,7 +56,7 @@ #include #include -static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)); +int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)); int __ip6_local_out(struct sk_buff *skb) { @@ -145,14 +145,6 @@ static int ip6_finish_output2(struct sk_ return -EINVAL; } -static inline int ip6_skb_dst_mtu(struct sk_buff *skb) -{ - struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL; - - return (np && np->pmtudisc == IPV6_PMTUDISC_PROBE) ? - skb_dst(skb)->dev->mtu : dst_mtu(skb_dst(skb)); -} - static int ip6_finish_output(struct sk_buff *skb) { if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) || @@ -601,7 +593,7 @@ int ip6_find_1stfragopt(struct sk_buff * return offset; } -static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) +int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) { struct sk_buff *frag; struct rt6_info *rt = (struct rt6_info*)skb_dst(skb); @@ -874,6 +866,8 @@ fail: return err; } +EXPORT_SYMBOL_GPL(ip6_fragment); + static inline int ip6_rt_check(struct rt6key *rt_key, struct in6_addr *fl_addr, struct in6_addr *addr_cache) diff -ruNp linux-2.6.36-rc8/net/ipv6/xfrm6_output.c linux-2.6.36-rc8DLS/net/ipv6/xfrm6_output.c --- linux-2.6.36-rc8/net/ipv6/xfrm6_output.c 2010-10-14 16:26:43.000000000 -0700 +++ linux-2.6.36-rc8DLS/net/ipv6/xfrm6_output.c 2010-12-12 09:30:21.019560623 -0800 @@ -17,6 +17,7 @@ #include #include #include +#include #include int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb, @@ -88,8 +89,17 @@ static int xfrm6_output_finish(struct sk return xfrm_output(skb); } -int xfrm6_output(struct sk_buff *skb) +static int __xfrm6_output(struct sk_buff *skb) { return NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, skb_dst(skb)->dev, xfrm6_output_finish); } + +int xfrm6_output(struct sk_buff *skb) +{ + if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) || + dst_allfrag(skb_dst(skb))) { + return ip6_fragment(skb, __xfrm6_output); + } + return __xfrm6_output(skb); +}