From 8da378abead2407ed0b10727b52cce22ef951bfc Mon Sep 17 00:00:00 2001 From: itojun Date: Wed, 14 Jul 2004 03:06:08 +0000 Subject: [PATCH] - update ro_pmtu on IPsec tunnel encapsulation. ro != ro_pmtu is used as the sign for the existence of routing header. - fragment to 1280 on IPv6-over-IPv6 encapsulation, as ICMPv6 too big may not give you enough information to update pmtu cache. from iij seil team, via kame. --- sys/netinet6/ip6_output.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index d799943597d9..bb948a03b02b 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_output.c,v 1.84 2004/07/06 04:30:29 minoura Exp $ */ +/* $NetBSD: ip6_output.c,v 1.85 2004/07/14 03:06:08 itojun Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.84 2004/07/06 04:30:29 minoura Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.85 2004/07/14 03:06:08 itojun Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -505,7 +505,7 @@ skip_ipsec2:; error = ipsec6_output_tunnel(&state, sp, flags); m = state.m; - ro = (struct route_in6 *)state.ro; + ro_pmtu = ro = (struct route_in6 *)state.ro; dst = (struct sockaddr_in6 *)state.dst; if (error) { /* mbuf is already reclaimed in ipsec6_output_tunnel. */ @@ -721,6 +721,10 @@ skip_ipsec2:; if ((error = ip6_getpmtu(ro_pmtu, ro, ifp, &finaldst, &mtu, &alwaysfrag)) != 0) goto bad; +#ifdef IPSEC + if (needipsectun) + mtu = IPV6_MMTU; +#endif /* * The caller of this function may specify to use the minimum MTU