On 2018-04-27 20:18, David Ahern wrote:
On 4/27/18 5:02 AM, Ashwanth Goli wrote:
On 2018-04-26 17:21, Paolo Abeni wrote:
Hi,
[fixed CC list]
On Wed, 2018-04-25 at 21:43 +0530, Ashwanth Goli wrote:
Hi Pablo,
Actually I'm Paolo, but yours is a recurring mistake ;)
I am noticing an issue similar to the one reported by Alexis Perez
[Regression for ip6-in-ip4 IPsec tunnel in 4.14.16]
In my IPsec setup outer MTU is set to 1280, ip6_setup_cork sees an
MTU
less than IPV6_MIN_MTU because of the tunnel headers. -EINVAL is
being
returned as a result of the MTU check that got added with below
patch.
If you know you are running ipsec over the link why are you setting the
outer MTU to 1280? RFC 2460 suggests the fragmentation of packets for
links with MTU < 1280 should be done below the IPv6 layer:
5. Packet Size Issues
IPv6 requires that every link in the internet have an MTU of 1280
octets or greater. On any link that cannot convey a 1280-octet
packet in one piece, link-specific fragmentation and reassembly must
be provided at a layer below IPv6.
Links that have a configurable MTU (for example, PPP links [RFC-
1661]) must be configured to have an MTU of at least 1280 octets; it
is recommended that they be configured with an MTU of 1500 octets or
greater, to accommodate possible encapsulations (i.e., tunneling)
without incurring IPv6-layer fragmentation.
But is this not breaking point (b) from section 7.1 of RFC2473 since the
inner packet can be smaller than 1280.
https://tools.ietf.org/html/rfc2473#section-7.1
