The check of upper MTU limit when changing it in ip6 gre tunnel seems incorrect.
The function in question is:
static int ip6gre_tunnel_change_mtu(struct net_device *dev, int new_mtu)
{
struct ip6_tnl *tunnel = netdev_priv(dev);
if (new_mtu < 68 ||
new_mtu > 0xFFF8 - dev->hard_header_len - tunnel->hlen)
return -EINVAL;
dev->mtu = new_mtu;
return 0;
}
However the dev->hard_header_len and tunnel->hlen are initialized in
the following way in ip6gre_tnl_link_config():
int addend = sizeof(struct ipv6hdr) + 4;
...
dev->hard_header_len = rt->dst.dev->hard_header_len + addend;
...
t->hlen = addend; // t is ip6_tnl pointer
As you see the information t->hlen is already included in
dev->hard_header_len, so why calculate it twice?
Thanks