diff options
| author |   Hannes Frederic Sowa <hannes@stressinduktion.org> | 2014-01-09 10:01:16 +0100 |
|---|---|---|
| committer |   David S. Miller <davem@davemloft.net> | 2014-01-13 11:22:54 -0800 |
| commit | 0954cf9c6141d597929a292b93a2dca2c1f29159 (patch) | |
| tree | acdc5ca06a9eda83c5094254fd6bfd67cbe9bdc5 /net/dccp/ipv4.c | |
| parent | ipv4: introduce ip_dst_mtu_maybe_forward and protect forwarding path against pmtu spoofing (diff) | |
| download | linux-dev-0954cf9c6141d597929a292b93a2dca2c1f29159.tar.xz linux-dev-0954cf9c6141d597929a292b93a2dca2c1f29159.zip | |
ipv6: introduce ip6_dst_mtu_forward and protect forwarding path with it
In the IPv6 forwarding path we are only concerend about the outgoing
interface MTU, but also respect locked MTUs on routes. Tunnel provider
or IPSEC already have to recheck and if needed send PtB notifications
to the sending host in case the data does not fit into the packet with
added headers (we only know the final header sizes there, while also
using path MTU information).
The reason for this change is, that path MTU information can be injected
into the kernel via e.g. icmp_err protocol handler without verification
of local sockets. As such, this could cause the IPv6 forwarding path to
wrongfully emit Packet-too-Big errors and drop IPv6 packets.
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: David Miller <davem@davemloft.net>
Cc: John Heffner <johnwheffner@gmail.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/dccp/ipv4.c')
0 files changed, 0 insertions, 0 deletions