From 192cf19b3a97871a508ad57ba5893d1719877f13 Mon Sep 17 00:00:00 2001
From: Alexander Heinlein
Date: Mon, 16 Jan 2017 14:48:25 +0100
Subject: [PATCH] ip/xfrm: Fix deleteall when having many policies installed
Fix "Policy buffer overflow" when trying to use deleteall with many
policies
On 01/17/2017 05:44 PM, Stephen Hemminger wrote:
> What happens when many many policies are installed?
> It looks like your patch would silently stop deleting.
> Does the the code flush all of them?
Yes, it flushes all of them. xfrm_policy_list_or_deleteall() performs
multiple rounds until there a
Fix "Policy buffer overflow" error when trying to use deleteall with
many policies installed.
Signed-off-by: Alexander Heinlein
---
ip/xfrm_policy.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
index cc9c0f1..451b982 10
Hi,
I would like to know why ip_tunnel_ioctl() enforces the DF bit whenever
the tunnel device has a fixed TTL set. The same restriction is enforced
by iproute2 (iptunnel.c and link_iptnl.c).
Ideally I would like to use an IPIP tunnel with a fixed TTL but no DF
bit set. Otherwise for non-TCP packe
