diff options
author | Neale Ranns <nranns@cisco.com> | 2019-03-28 08:56:10 +0000 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2019-03-29 11:10:33 +0000 |
commit | d7603d97e046d59aba6864b208c181b39fc72b52 (patch) | |
tree | ae68418e3987cf2e849df482e3aa3563f42b8f1c /src | |
parent | 74b7437bd118e104f50831f8a8f3cc8d10aa2530 (diff) |
IPSEC: tunnel fragmentation
Change-Id: I63741a22bc82f5f861e1c0f26a93b5569cc52061
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/vnet/ipsec/esp_encrypt.c | 10 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_if.c | 3 |
2 files changed, 13 insertions, 0 deletions
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c index c2069e52b33..82247697cba 100644 --- a/src/vnet/ipsec/esp_encrypt.c +++ b/src/vnet/ipsec/esp_encrypt.c @@ -563,6 +563,11 @@ VLIB_REGISTER_NODE (esp4_encrypt_tun_node) = { .n_errors = ARRAY_LEN(esp_encrypt_error_strings), .error_strings = esp_encrypt_error_strings, + + .n_next_nodes = 1, + .next_nodes = { + [ESP_ENCRYPT_NEXT_DROP] = "ip4-drop", + }, }; VNET_FEATURE_INIT (esp4_encrypt_tun_feat_node, static) = @@ -590,6 +595,11 @@ VLIB_REGISTER_NODE (esp6_encrypt_tun_node) = { .n_errors = ARRAY_LEN(esp_encrypt_error_strings), .error_strings = esp_encrypt_error_strings, + + .n_next_nodes = 1, + .next_nodes = { + [ESP_ENCRYPT_NEXT_DROP] = "ip6-drop", + }, }; VNET_FEATURE_INIT (esp6_encrypt_tun_feat_node, static) = diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c index 7d6c725e539..17f28a09ac8 100644 --- a/src/vnet/ipsec/ipsec_if.c +++ b/src/vnet/ipsec/ipsec_if.c @@ -352,6 +352,9 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, t->hw_if_index = hw_if_index; t->sw_if_index = hi->sw_if_index; + /* Standard default jumbo MTU. */ + vnet_sw_interface_set_mtu (vnm, t->sw_if_index, 9000); + /* Add the new tunnel to the DB of tunnels per sw_if_index ... */ vec_validate_init_empty (im->ipsec_if_by_sw_if_index, t->sw_if_index, ~0); |