diff options
| author |   markus <markus@openbsd.org> | 2006-12-05 09:17:12 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2006-12-05 09:17:12 +0000 |
| commit | fafccbc33d848fd0c4831f8ca8723b77b549651f (patch) | |
| tree | 3f706cd2d6eff9e8603c69dc88a62f6997f27fa2 | |
| parent | do the proper dance to order libary dependencies, let modversion do (diff) | |
| download | wireguard-openbsd-fafccbc33d848fd0c4831f8ca8723b77b549651f.tar.xz wireguard-openbsd-fafccbc33d848fd0c4831f8ca8723b77b549651f.zip | |
do not install pmtu routes for transport mode SAs, as they do not
the dest IP; PMTU debugging support; ok hshoexer
| -rw-r--r-- | sys/netinet/ip_output.c | 13 | ||||
| -rw-r--r-- | sys/netinet/ipsec_input.c | 10 | ||||
| -rw-r--r-- | sys/netinet/ipsec_output.c | 6 |
3 files changed, 25 insertions, 4 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 1df80f8c50b..46356b27166 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.183 2006/12/01 12:33:28 henning Exp $ */ +/* $OpenBSD: ip_output.c,v 1.184 2006/12/05 09:17:12 markus Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -602,20 +602,29 @@ sendit: tdb->tdb_mtutimeout > time_second) { struct rtentry *rt = NULL; int rt_mtucloned = 0; + int transportmode = 0; + transportmode = (tdb->tdb_dst.sa.sa_family == AF_INET) && + (tdb->tdb_dst.sin.sin_addr.s_addr == + ip->ip_dst.s_addr); icmp_mtu = tdb->tdb_mtu; splx(s); /* Find a host route to store the mtu in */ if (ro != NULL) rt = ro->ro_rt; - if (rt == NULL || (rt->rt_flags & RTF_HOST) == 0) { + /* but don't add a PMTU route for transport mode SAs */ + if (transportmode) + rt = NULL; + else if (rt == NULL || (rt->rt_flags & RTF_HOST) == 0) { struct sockaddr_in dst = { sizeof(struct sockaddr_in), AF_INET}; dst.sin_addr = ip->ip_dst; rt = icmp_mtudisc_clone((struct sockaddr *)&dst); rt_mtucloned = 1; } + DPRINTF(("ip_output: spi %08x mtu %d rt %p cloned %d\n", + ntohl(tdb->tdb_spi), icmp_mtu, rt, rt_mtucloned)); if (rt != NULL) { rt->rt_rmx.rmx_mtu = icmp_mtu; if (ro && ro->ro_rt != NULL) { diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index e00cf80b590..abdafdc066d 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.80 2006/11/24 13:52:14 reyk Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.81 2006/12/05 09:17:12 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -864,6 +864,10 @@ ipsec_common_ctlinput(int cmd, struct sockaddr *sa, void *v, int proto) tdbp->tdb_mtu = mtu; tdbp->tdb_mtutimeout = time_second + ip_mtudisc_timeout; + DPRINTF(("ipsec_common_ctlinput: " + "spi %08x mtu %d adjust %d\n", + ntohl(tdbp->tdb_spi), tdbp->tdb_mtu, + adjust)); } splx(s); return (NULL); @@ -918,6 +922,10 @@ udpencap_ctlinput(int cmd, struct sockaddr *sa, void *v) tdbp->tdb_mtu = mtu - adjust; tdbp->tdb_mtutimeout = time_second + ip_mtudisc_timeout; + DPRINTF(("udpencap_ctlinput: " + "spi %08x mtu %d adjust %d\n", + ntohl(tdbp->tdb_spi), tdbp->tdb_mtu, + adjust)); } } } diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c index 1e91a4997ac..b52b542cd01 100644 --- a/sys/netinet/ipsec_output.c +++ b/sys/netinet/ipsec_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_output.c,v 1.34 2006/11/24 13:52:14 reyk Exp $ */ +/* $OpenBSD: ipsec_output.c,v 1.35 2006/12/05 09:17:12 markus Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -550,6 +550,10 @@ ipsec_adjust_mtu(struct mbuf *m, u_int32_t mtu) mtu -= adjust; tdbp->tdb_mtu = mtu; tdbp->tdb_mtutimeout = time_second + ip_mtudisc_timeout; + DPRINTF(("ipsec_adjust_mtu: " + "spi %08x mtu %d adjust %d mbuf %p\n", + ntohl(tdbp->tdb_spi), tdbp->tdb_mtu, + adjust, m)); } splx(s); |