ip: generate unique IP identificator if local fragmentation is allowed
[ Upstream commit 703133de ] If local fragmentation is allowed, then ip_select_ident() and ip_select_ident_more() need to generate unique IDs to ensure correct defragmentation on the peer. For example, if IPsec (tunnel mode) has to encrypt large skbs that have local_df bit set, then all IP fragments that belonged to different ESP datagrams would have used the same identificator. If one of these IP fragments would get lost or reordered, then peer could possibly stitch together wrong IP fragments that did not belong to the same datagram. This would lead to a packet loss or data corruption. Signed-off-by:Ansis Atteka <aatteka@nicira.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Showing
- drivers/net/pptp.c 1 addition, 1 deletiondrivers/net/pptp.c
- include/net/ip.h 8 additions, 4 deletionsinclude/net/ip.h
- include/net/ipip.h 1 addition, 1 deletioninclude/net/ipip.h
- net/ipv4/igmp.c 2 additions, 2 deletionsnet/ipv4/igmp.c
- net/ipv4/inetpeer.c 2 additions, 2 deletionsnet/ipv4/inetpeer.c
- net/ipv4/ip_output.c 3 additions, 3 deletionsnet/ipv4/ip_output.c
- net/ipv4/ipmr.c 1 addition, 1 deletionnet/ipv4/ipmr.c
- net/ipv4/raw.c 1 addition, 1 deletionnet/ipv4/raw.c
- net/ipv4/xfrm4_mode_tunnel.c 1 addition, 1 deletionnet/ipv4/xfrm4_mode_tunnel.c
- net/netfilter/ipvs/ip_vs_xmit.c 1 addition, 1 deletionnet/netfilter/ipvs/ip_vs_xmit.c
Loading
Please register or sign in to comment