aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-03-28 08:56:10 +0000
committerDamjan Marion <dmarion@me.com>2019-03-29 11:10:33 +0000
commitd7603d97e046d59aba6864b208c181b39fc72b52 (patch)
treeae68418e3987cf2e849df482e3aa3563f42b8f1c /src/vnet/ipsec
parent74b7437bd118e104f50831f8a8f3cc8d10aa2530 (diff)
IPSEC: tunnel fragmentation
Change-Id: I63741a22bc82f5f861e1c0f26a93b5569cc52061 Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r--src/vnet/ipsec/esp_encrypt.c10
-rw-r--r--src/vnet/ipsec/ipsec_if.c3
2 files changed, 13 insertions, 0 deletions
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index c2069e52b33..82247697cba 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -563,6 +563,11 @@ VLIB_REGISTER_NODE (esp4_encrypt_tun_node) = {
.n_errors = ARRAY_LEN(esp_encrypt_error_strings),
.error_strings = esp_encrypt_error_strings,
+
+ .n_next_nodes = 1,
+ .next_nodes = {
+ [ESP_ENCRYPT_NEXT_DROP] = "ip4-drop",
+ },
};
VNET_FEATURE_INIT (esp4_encrypt_tun_feat_node, static) =
@@ -590,6 +595,11 @@ VLIB_REGISTER_NODE (esp6_encrypt_tun_node) = {
.n_errors = ARRAY_LEN(esp_encrypt_error_strings),
.error_strings = esp_encrypt_error_strings,
+
+ .n_next_nodes = 1,
+ .next_nodes = {
+ [ESP_ENCRYPT_NEXT_DROP] = "ip6-drop",
+ },
};
VNET_FEATURE_INIT (esp6_encrypt_tun_feat_node, static) =
diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index 7d6c725e539..17f28a09ac8 100644
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -352,6 +352,9 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
t->hw_if_index = hw_if_index;
t->sw_if_index = hi->sw_if_index;
+ /* Standard default jumbo MTU. */
+ vnet_sw_interface_set_mtu (vnm, t->sw_if_index, 9000);
+
/* Add the new tunnel to the DB of tunnels per sw_if_index ... */
vec_validate_init_empty (im->ipsec_if_by_sw_if_index, t->sw_if_index,
~0);