| Message ID | 20220808112738.1908633-1-gert@greenie.muc.de |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [Openvpn-devel] Ensure outer IPv6 (proto udp6) packets can be fragmitted on sending. | expand |
Hi, On Mon, Aug 08, 2022 at 01:27:38PM +0200, Gert Doering wrote: > If the inside packet is fragmented already, Linux kernel hands us > packets with skb->ignore_df=0. Since this is applied to the encapsulated > packet, the kernel will then refuse to fragment the resulting UDP/IPv6 > packet (for IPv4, it seems to look at the actual DF bit, which does > not exist for IPv6). > > Always set ignore_df=1 in the udp6 output path. > > Fixes t_client tests with "ping -s 3000" across UDP6 tunnels. For the sake of the archives, this made it in into the ovpn-dco repo in slightly modified form, as commit 3ba6c07ababd4d491c77f5327f8105bead6ddccc (HEAD -> master, origin/master, origin/HEAD) Author: Gert Doering <gert@greenie.muc.de> Date: Mon Aug 8 13:27:38 2022 +0200 ovpn-dco: ensure outer IPv6 (proto udp6) packets can be fragmitted on sending so, closing on patchwork. Thanks, Antonio. gert
diff --git a/drivers/net/ovpn-dco/udp.c b/drivers/net/ovpn-dco/udp.c index 4c54068..9416338 100644 --- a/drivers/net/ovpn-dco/udp.c +++ b/drivers/net/ovpn-dco/udp.c @@ -215,6 +215,9 @@ static int ovpn_udp6_output(struct ovpn_struct *ovpn, struct ovpn_bind *bind, dst_cache_set_ip6(cache, dst, &fl.saddr); transmit: + /* always permit openvpn-created packets to be (outside) fragmented */ + skb->ignore_df = 1; + udp_tunnel6_xmit_skb(dst, sk, skb, skb->dev, &fl.saddr, &fl.daddr, 0, ip6_dst_hoplimit(dst), 0, fl.fl6_sport, fl.fl6_dport, udp_get_no_check6_tx(sk));
If the inside packet is fragmented already, Linux kernel hands us packets with skb->ignore_df=0. Since this is applied to the encapsulated packet, the kernel will then refuse to fragment the resulting UDP/IPv6 packet (for IPv4, it seems to look at the actual DF bit, which does not exist for IPv6). Always set ignore_df=1 in the udp6 output path. Fixes t_client tests with "ping -s 3000" across UDP6 tunnels. Signed-off-by: Gert Doering <gert@greenie.muc.de> --- drivers/net/ovpn-dco/udp.c | 3 +++ 1 file changed, 3 insertions(+)