diff options
author | Ansis Atteka <aatteka@nicira.com> | 2013-09-18 15:29:53 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-10-13 16:08:30 -0700 |
commit | 68a9e707892caf0fda14656963fd99c6a1c10e46 (patch) | |
tree | ef96c22ea4cfc833ecdb25a234231f5d085d8d94 /net/ipv6 | |
parent | cd176b578d356844f68176a1e0b6346c1cc9e33d (diff) | |
download | linux-3.10-68a9e707892caf0fda14656963fd99c6a1c10e46.tar.gz linux-3.10-68a9e707892caf0fda14656963fd99c6a1c10e46.tar.bz2 linux-3.10-68a9e707892caf0fda14656963fd99c6a1c10e46.zip |
ip: generate unique IP identificator if local fragmentation is allowed
[ Upstream commit 703133de331a7a7df47f31fb9de51dc6f68a9de8 ]
If local fragmentation is allowed, then ip_select_ident() and
ip_select_ident_more() need to generate unique IDs to ensure
correct defragmentation on the peer.
For example, if IPsec (tunnel mode) has to encrypt large skbs
that have local_df bit set, then all IP fragments that belonged
to different ESP datagrams would have used the same identificator.
If one of these IP fragments would get lost or reordered, then
peer could possibly stitch together wrong IP fragments that did
not belong to the same datagram. This would lead to a packet loss
or data corruption.
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/sit.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c index 60df36d1539..bacc415287f 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -865,7 +865,7 @@ static netdev_tx_t ipip6_tunnel_xmit(struct sk_buff *skb, iph->ttl = iph6->hop_limit; skb->ip_summed = CHECKSUM_NONE; - ip_select_ident(iph, skb_dst(skb), NULL); + ip_select_ident(skb, skb_dst(skb), NULL); iptunnel_xmit(skb, dev); return NETDEV_TX_OK; |