By default we set the DF bit on tunneled packets because we want to
get path MTU discovery from the underlying network. In turn this
causes Linux to leave the IP ID as 0 because it believes that
fragmentation can never occur. However, with GRE fragmentation is
still possible because we may get a large packet to be encapsulated
and let the local IP stack do fragmentation. As long as packets are
kept in order fragments are not misassociated and everything works fine.
However, if there is reordering in the underlying network then packets
can become corrupted. This forces selection of an IP ID for GRE packets
to avoid misassociation.
Bug #6128
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
0));
/*
* Allow our local IP stack to fragment the outer packet even if the
- * DF bit is set as a last resort.
+ * DF bit is set as a last resort. We also need to force selection of
+ * an IP ID here because Linux will otherwise leave it at 0 if the
+ * packet originally had DF set.
*/
skb->local_df = 1;
+ __ip_select_ident(ip_hdr(skb), dst, 0);
return skb;
}