ipsec: Don't update the pmtu on ICMPV6_DEST_UNREACH

Currently we update the pmtu in the IPsec protocol error handlers if icmpv6 message type is either ICMPV6_DEST_UNREACH or ICMPV6_PKT_TOOBIG. Updating the pmtu on ICMPV6_DEST_UNREACH is wrong in any case, it causes strangely fragmented packets. Only ICMPV6_PKT_TOOBIG signalizes pmtu discovery, so remove the ICMPV6_DEST_UNREACH check in the IPsec protocol error handlers. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
author: Steffen Klassert <steffen.klassert@secunet.com> 2013-09-10 13:43:09 +0200
committer: Steffen Klassert <steffen.klassert@secunet.com> 2013-09-16 09:45:32 +0200
commit: b3b2b9e192d5811f91f9cd92aeec489cecabc92e (patch)
tree: f5d068cf99b4ba7d3d650bd35d2fa5c9b2a7bcf6 /net/ipv6/ah6.c
parent: bafd4bd4dcfa13145db7f951251eef3e10f8c278 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index 73784c3d4642..82e1da3a40b9 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -618,8 +618,7 @@ static void ah6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
 	struct ip_auth_hdr *ah = (struct ip_auth_hdr*)(skb->data+offset);
 	struct xfrm_state *x;
 
-	if (type != ICMPV6_DEST_UNREACH &&
-	    type != ICMPV6_PKT_TOOBIG &&
+	if (type != ICMPV6_PKT_TOOBIG &&
 	    type != NDISC_REDIRECT)
 		return;
author	Steffen Klassert <steffen.klassert@secunet.com>	2013-09-10 13:43:09 +0200
committer	Steffen Klassert <steffen.klassert@secunet.com>	2013-09-16 09:45:32 +0200
commit	b3b2b9e192d5811f91f9cd92aeec489cecabc92e (patch)
tree	f5d068cf99b4ba7d3d650bd35d2fa5c9b2a7bcf6 /net/ipv6/ah6.c
parent	bafd4bd4dcfa13145db7f951251eef3e10f8c278 (diff)