[Openswan Users]
XFRM_STATE_NOPMTUDISC, was : MTU/DF problem with 2.6
Paul Wouters
paul at xelerance.com
Tue Feb 14 16:54:17 CET 2006
On Tue, 14 Feb 2006, Beschorner Daniel wrote:
> >OK, perhaps you can use the mtu lock option in ip route.
>
> Thank you Andy, I found a more general solution for the moment.
>
> Since 2.6.13 there seems to be a XFRM_STATE_NOPMTUDISC flag for this case.
> In net/ipv4/xfrm4_state.c I simply commented out the "if" line.
There must be a better way to enable it. A quick grep showed me:
./net/ipv4/xfrm4_output.c: top_iph->frag_off = (flags &
XFRM_STATE_NOPMTUDISC) ?
So isn't it supposed to be set when the DF bit is set?
> static int xfrm4_init_flags(struct xfrm_state *x)
> {
> /*if (ipv4_config.no_pmtu_disc)*/
> x->props.flags |= XFRM_STATE_NOPMTUDISC;
> return 0;
> }
>
> So only the tunnels are affected, normal pmtud works.
Perhaps this option can be exported to /proc/sys/net/ipv4/xfrm4_no_pmtu_disc ?
It definately seems useful to me to be able to disable PMTU on all IPsec
tunnels explicitely.
Herbert?
Paul
More information about the Users
mailing list