2013-10-02 22:23:27

by Oussama Ghorbel

[permalink] [raw]
Subject: Fwd: The check of upper MTU limit when changing it in ip6 gre tunnel seems incorrect.

The check of upper MTU limit when changing it in ip6 gre tunnel seems incorrect.
The function in question is:

static int ip6gre_tunnel_change_mtu(struct net_device *dev, int new_mtu)
{
struct ip6_tnl *tunnel = netdev_priv(dev);

if (new_mtu < 68 ||
new_mtu > 0xFFF8 - dev->hard_header_len - tunnel->hlen)
return -EINVAL;
dev->mtu = new_mtu;
return 0;
}

However the dev->hard_header_len and tunnel->hlen are initialized in
the following way in ip6gre_tnl_link_config():

int addend = sizeof(struct ipv6hdr) + 4;
...
dev->hard_header_len = rt->dst.dev->hard_header_len + addend;
...
t->hlen = addend; // t is ip6_tnl pointer

As you see the information t->hlen is already included in
dev->hard_header_len, so why calculate it twice?

Thanks