tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec

Steffen Klassert says:

====================
ipsec 2022-06-01

1) Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
From Michal Kubecek.

2) Don't set IPv4 DF bit when encapsulating IPv6 frames below 1280 bytes.
From Maciej Żenczykowski.

* 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec:
xfrm: do not set IPv4 DF flag when encapsulating IPv6 frames <= 1280 bytes.
Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
====================

Link: https://lore.kernel.org/r/20220601103349.2297361-1-steffen.klassert@secunet.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Jakub Kicinski 2440d206 38a4762e

+8 -5
+6 -4
net/key/af_key.c
··· 2826 2826 void *ext_hdrs[SADB_EXT_MAX]; 2827 2827 int err; 2828 2828 2829 - err = pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL, 2830 - BROADCAST_PROMISC_ONLY, NULL, sock_net(sk)); 2831 - if (err) 2832 - return err; 2829 + /* Non-zero return value of pfkey_broadcast() does not always signal 2830 + * an error and even on an actual error we may still want to process 2831 + * the message so rather ignore the return value. 2832 + */ 2833 + pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL, 2834 + BROADCAST_PROMISC_ONLY, NULL, sock_net(sk)); 2833 2835 2834 2836 memset(ext_hdrs, 0, sizeof(ext_hdrs)); 2835 2837 err = parse_exthdrs(skb, hdr, ext_hdrs);
+2 -1
net/xfrm/xfrm_output.c
··· 273 273 */ 274 274 static int xfrm4_tunnel_encap_add(struct xfrm_state *x, struct sk_buff *skb) 275 275 { 276 + bool small_ipv6 = (skb->protocol == htons(ETH_P_IPV6)) && (skb->len <= IPV6_MIN_MTU); 276 277 struct dst_entry *dst = skb_dst(skb); 277 278 struct iphdr *top_iph; 278 279 int flags; ··· 304 303 if (flags & XFRM_STATE_NOECN) 305 304 IP_ECN_clear(top_iph); 306 305 307 - top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ? 306 + top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) || small_ipv6 ? 308 307 0 : (XFRM_MODE_SKB_CB(skb)->frag_off & htons(IP_DF)); 309 308 310 309 top_iph->ttl = ip4_dst_hoplimit(xfrm_dst_child(dst));