[Openswan Users] Re: XFRM_STATE_NOPMTUDISC, was : MTU/DF problem with 2.6

Wed Feb 15 17:11:56 CET 2006

>It's available in the kernel as a per-state flag so someone can
>write up a patch for Openswan and make it a per-connection (or global)
>flag.

I use it now this way so I have no need to change the kernel.

Daniel

-------------- next part --------------
diff -uprN openswan-2.4.5rc5/programs/pluto/kernel_netlink.c openswan-2.4.5rc5-2/programs/pluto/kernel_netlink.c

--- openswan-2.4.5rc5/programs/pluto/kernel_netlink.c	2005-11-13 15:59:57.000000000 +0100
+++ openswan-2.4.5rc5-2/programs/pluto/kernel_netlink.c	2006-02-15 16:39:36.000000000 +0100
@@ -595,6 +595,7 @@ netlink_add_sa(const struct kernel_sa *s
     req.p.lft.soft_packet_limit = XFRM_INF;
     req.p.lft.hard_byte_limit = XFRM_INF;
     req.p.lft.hard_packet_limit = XFRM_INF;
+    req.p.flags = XFRM_STATE_NOPMTUDISC;
 
     req.n.nlmsg_len = NLMSG_ALIGN(NLMSG_LENGTH(sizeof(req.p)));
 
diff -uprN openswan-2.4.5rc5/programs/pluto/linux26/xfrm.h openswan-2.4.5rc5-2/programs/pluto/linux26/xfrm.h
--- openswan-2.4.5rc5/programs/pluto/linux26/xfrm.h	2003-09-02 03:14:07.000000000 +0200
+++ openswan-2.4.5rc5-2/programs/pluto/linux26/xfrm.h	2006-02-15 16:43:34.000000000 +0100
@@ -170,6 +170,8 @@ struct xfrm_usersa_info {
 	uint8_t				replay_window;
 	uint8_t				flags;
 #define XFRM_STATE_NOECN	1
+#define XFRM_STATE_DECAP_DSCP	2
+#define XFRM_STATE_NOPMTUDISC	4
 };
 
 struct xfrm_usersa_id {
