Message ID | F2E313A0-60C5-49DE-BBB7-BAEF532C0433@ipflavors.com |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Romain KUNTZ <r.kuntz@ipflavors.com> Date: Wed, 16 Jan 2013 23:47:40 +0100 > Commit 299b0767 (ipv6: Fix IPsec slowpath fragmentation problem) > has introduced a error in the header length calculation that > provokes corrupted packets when non-fragmentable extensions > headers (Destination Option or Routing Header Type 2) are used. > > rt->rt6i_nfheader_len is the length of the non-fragmentable > extension header, and it should be substracted to > rt->dst.header_len, and not to exthdrlen, as it was done before > commit 299b0767. > > This patch reverts to the original and correct behavior. It has > been successfully tested with and without IPsec on packets > that include non-fragmentable extensions headers. > > Signed-off-by: Romain Kuntz <r.kuntz@ipflavors.com> > Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 5552d13..0c7c03d 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1213,10 +1213,10 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, if (dst_allfrag(rt->dst.path)) cork->flags |= IPCORK_ALLFRAG; cork->length = 0; - exthdrlen = (opt ? opt->opt_flen : 0) - rt->rt6i_nfheader_len; + exthdrlen = (opt ? opt->opt_flen : 0); length += exthdrlen; transhdrlen += exthdrlen; - dst_exthdrlen = rt->dst.header_len; + dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len; } else { rt = (struct rt6_info *)cork->dst; fl6 = &inet->cork.fl.u.ip6;