git.karo-electronics.de Git - karo-tx-linux.git/commit

author	Steffen Klassert <steffen.klassert@secunet.com>
	Thu, 24 Jul 2008 06:55:40 +0000 (23:55 -0700)
committer	Greg Kroah-Hartman <gregkh@suse.de>
	Mon, 28 Jul 2008 17:58:18 +0000 (10:58 -0700)
commit	b5fe255cb6adab0cfe9826ce792d0f866323b269
tree	0702554080de95ca1c02f8d058a5a233eef6d502	tree \| snapshot
parent	2377f8ce84aa89678c51cb764337d2f2e1133835	commit \| diff

xfrm: fix fragmentation for ipv4 xfrm tunnel

[ Upstream commit fe833fca2eac6b3d3ad5e35f44ad4638362f1da8 ]

When generating the ip header for the transformed packet we just copy
the frag_off field of the ip header from the original packet to the ip
header of the new generated packet. If we receive a packet as a chain
of fragments, all but the last of the new generated packets have the
IP_MF flag set. We have to mask the frag_off field to only keep the
IP_DF flag from the original packet. This got lost with git commit
36cf9acf93e8561d9faec24849e57688a81eb9c5 ("[IPSEC]: Separate
inner/outer mode processing on output")

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>