diff options
| author |   Antonio Quartulli <antonio@openvpn.net> | 2025-05-06 01:05:01 +0200 |
|---|---|---|
| committer | Antonio Quartulli <antonio@openvpn.net> | 2025-05-15 13:09:36 +0200 |
| commit | 4e51141f1dce46189b347e59d008b7ca01044bf5 (patch) | |
| tree | 9d216c85bbefd302095ac250bcdd946940bd63fd /scripts/gdb/linux/interrupts.py | |
| parent | MAINTAINERS: update git URL for ovpn (diff) | |
| download | wireguard-linux-4e51141f1dce46189b347e59d008b7ca01044bf5.tar.xz wireguard-linux-4e51141f1dce46189b347e59d008b7ca01044bf5.zip | |
ovpn: set skb->ignore_df = 1 before sending IPv6 packets out
IPv6 user packets (sent over the tunnel) may be larger than
the outgoing interface MTU after encapsulation.
When this happens ovpn should allow the kernel to fragment
them because they are "locally generated".
To achieve the above, we must set skb->ignore_df = 1
so that ip6_fragment() can be made aware of this decision.
Failing to do so will result in ip6_fragment() dropping
the packet thinking it was "routed".
No change is required in the IPv4 path, because when
calling udp_tunnel_xmit_skb() we already pass the
'df' argument set to 0, therefore the resulting datagram
is allowed to be fragmented if need be.
Fixes: 08857b5ec5d9 ("ovpn: implement basic TX path (UDP)")
Reported-by: Gert Doering <gert@greenie.muc.de>
Closes: https://github.com/OpenVPN/ovpn-net-next/issues/3
Tested-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Gert Doering <gert@greenie.muc.de> # as primary user
Link: https://mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31577.html
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions