const struct tnl_mutable_config *mutable,
const struct rtable *rt, __be16 *frag_offp)
{
+ bool df_inherit = mutable->flags & TNL_F_DF_INHERIT;
bool pmtud = mutable->flags & TNL_F_PMTUD;
- __be16 frag_off = 0;
+ __be16 frag_off = mutable->flags & TNL_F_DF_DEFAULT ? htons(IP_DF) : 0;
int mtu = 0;
unsigned int packet_length = skb->len - ETH_HLEN;
if (pmtud) {
int vlan_header = 0;
- frag_off = htons(IP_DF);
-
/* The tag needs to go in packet regardless of where it
* currently is, so subtract it from the MTU.
*/
if (skb->protocol == htons(ETH_P_IP)) {
struct iphdr *iph = ip_hdr(skb);
- frag_off |= iph->frag_off & htons(IP_DF);
+ if (df_inherit)
+ frag_off = iph->frag_off & htons(IP_DF);
if (pmtud && iph->frag_off & htons(IP_DF)) {
mtu = max(mtu, IP_MIN_MTU);
}
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
else if (skb->protocol == htons(ETH_P_IPV6)) {
- /* IPv6 requires PMTUD if the packet is above the minimum MTU. */
- if (packet_length > IPV6_MIN_MTU)
+ /* IPv6 requires end hosts to do fragmentation
+ * if the packet is above the minimum MTU.
+ */
+ if (df_inherit && packet_length > IPV6_MIN_MTU)
frag_off = htons(IP_DF);
if (pmtud) {
ovs_be32 daddr = htonl(0);
uint32_t flags;
- flags = TNL_F_PMTUD | TNL_F_HDR_CACHE;
+ flags = TNL_F_DF_DEFAULT | TNL_F_PMTUD | TNL_F_HDR_CACHE;
if (!strcmp(type, "gre")) {
is_gre = true;
} else if (!strcmp(type, "ipsec_gre")) {
if (!strcmp(node->data, "true")) {
flags |= TNL_F_CSUM;
}
+ } else if (!strcmp(node->name, "df_inherit")) {
+ if (!strcmp(node->data, "true")) {
+ flags |= TNL_F_DF_INHERIT;
+ }
+ } else if (!strcmp(node->name, "df_default")) {
+ if (!strcmp(node->data, "false")) {
+ flags &= ~TNL_F_DF_DEFAULT;
+ }
} else if (!strcmp(node->name, "pmtud")) {
if (!strcmp(node->data, "false")) {
flags &= ~TNL_F_PMTUD;
if (flags & TNL_F_CSUM) {
smap_add(args, "csum", "true");
}
+ if (flags & TNL_F_DF_INHERIT) {
+ smap_add(args, "df_inherit", "true");
+ }
+ if (!(flags & TNL_F_DF_DEFAULT)) {
+ smap_add(args, "df_default", "false");
+ }
if (!(flags & TNL_F_PMTUD)) {
smap_add(args, "pmtud", "false");
}
adds value for the GRE and encapsulated Ethernet headers.
Default is disabled, set to <code>true</code> to enable.</dd>
</dl>
+ <dl>
+ <dt><code>df_inherit</code></dt>
+ <dd>Optional. If enabled, the Don't Fragment bit will be copied
+ from the inner IP headers (those of the encapsulated traffic)
+ to the outer (tunnel) headers. Default is disabled; set to
+ <code>true</code> to enable.</dd>
+ </dl>
+ <dl>
+ <dt><code>df_default</code></dt>
+ <dd>Optional. If enabled, the Don't Fragment bit will be set by
+ default on tunnel headers if the <code>df_inherit</code> option
+ is not set, or if the encapsulated packet is not IP. Default
+ is enabled; set to <code>false</code> to disable.</dd>
+ </dl>
<dl>
<dt><code>pmtud</code></dt>
<dd>Optional. Enable tunnel path MTU discovery. If enabled
- ``ICMP destination unreachable - fragmentation'' needed
+ ``ICMP Destination Unreachable - Fragmentation Needed''
messages will be generated for IPv4 packets with the DF bit set
and IPv6 packets above the minimum MTU if the packet size
- exceeds the path MTU minus the size of the tunnel headers. It
- also forces the encapsulating packet DF bit to be set (it is
- always set if the inner packet implies path MTU discovery).
+ exceeds the path MTU minus the size of the tunnel headers.
Note that this option causes behavior that is typically
reserved for routers and therefore is not entirely in
compliance with the IEEE 802.1D specification for bridges.
- Default is enabled, set to <code>false</code> to disable.</dd>
+ Default is enabled; set to <code>false</code> to disable.</dd>
</dl>
<dl>
<dt><code>header_cache</code></dt>
adds value for the GRE and encapsulated Ethernet headers.
Default is disabled, set to <code>true</code> to enable.</dd>
</dl>
+ <dl>
+ <dt><code>df_inherit</code></dt>
+ <dd>Optional. If enabled, the Don't Fragment bit will be copied
+ from the inner IP headers (those of the encapsulated traffic)
+ to the outer (tunnel) headers. Default is disabled; set to
+ <code>true</code> to enable.</dd>
+ </dl>
+ <dl>
+ <dt><code>df_default</code></dt>
+ <dd>Optional. If enabled, the Don't Fragment bit will be set by
+ default on tunnel headers if the <code>df_inherit</code> option
+ is not set, or if the encapsulated packet is not IP. Default
+ is enabled; set to <code>false</code> to disable.</dd>
+ </dl>
<dl>
<dt><code>pmtud</code></dt>
<dd>Optional. Enable tunnel path MTU discovery. If enabled
- ``ICMP destination unreachable - fragmentation'' needed
+ ``ICMP Destination Unreachable - Fragmentation Needed''
messages will be generated for IPv4 packets with the DF bit set
and IPv6 packets above the minimum MTU if the packet size
- exceeds the path MTU minus the size of the tunnel headers. It
- also forces the encapsulating packet DF bit to be set (it is
- always set if the inner packet implies path MTU discovery).
+ exceeds the path MTU minus the size of the tunnel headers.
Note that this option causes behavior that is typically
reserved for routers and therefore is not entirely in
compliance with the IEEE 802.1D specification for bridges.
- Default is enabled, set to <code>false</code> to disable.</dd>
+ Default is enabled; set to <code>false</code> to disable.</dd>
</dl>
</dd>
<dt><code>capwap</code></dt>
(otherwise it will be the system default, typically 64).
Default is the system default TTL.</dd>
</dl>
+ <dl>
+ <dt><code>df_inherit</code></dt>
+ <dd>Optional. If enabled, the Don't Fragment bit will be copied
+ from the inner IP headers (those of the encapsulated traffic)
+ to the outer (tunnel) headers. Default is disabled; set to
+ <code>true</code> to enable.</dd>
+ </dl>
+ <dl>
+ <dt><code>df_default</code></dt>
+ <dd>Optional. If enabled, the Don't Fragment bit will be set by
+ default on tunnel headers if the <code>df_inherit</code> option
+ is not set, or if the encapsulated packet is not IP. Default
+ is enabled; set to <code>false</code> to disable.</dd>
+ </dl>
<dl>
<dt><code>pmtud</code></dt>
<dd>Optional. Enable tunnel path MTU discovery. If enabled
- ``ICMP destination unreachable - fragmentation'' needed
+ ``ICMP Destination Unreachable - Fragmentation Needed''
messages will be generated for IPv4 packets with the DF bit set
and IPv6 packets above the minimum MTU if the packet size
- exceeds the path MTU minus the size of the tunnel headers. It
- also forces the encapsulating packet DF bit to be set (it is
- always set if the inner packet implies path MTU discovery).
+ exceeds the path MTU minus the size of the tunnel headers.
Note that this option causes behavior that is typically
reserved for routers and therefore is not entirely in
compliance with the IEEE 802.1D specification for bridges.
- Default is enabled, set to <code>false</code> to disable.</dd>
+ Default is enabled; set to <code>false</code> to disable.</dd>
</dl>
<dl>
<dt><code>header_cache</code></dt>
projects / openvswitch / commitdiff