From d7603d97e046d59aba6864b208c181b39fc72b52 Mon Sep 17 00:00:00 2001 From: Neale Ranns Date: Thu, 28 Mar 2019 08:56:10 +0000 Subject: IPSEC: tunnel fragmentation Change-Id: I63741a22bc82f5f861e1c0f26a93b5569cc52061 Signed-off-by: Neale Ranns --- src/vnet/ipsec/esp_encrypt.c | 10 ++++++++++ src/vnet/ipsec/ipsec_if.c | 3 +++ 2 files changed, 13 insertions(+) (limited to 'src') diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c index c2069e52b33..82247697cba 100644 --- a/src/vnet/ipsec/esp_encrypt.c +++ b/src/vnet/ipsec/esp_encrypt.c @@ -563,6 +563,11 @@ VLIB_REGISTER_NODE (esp4_encrypt_tun_node) = { .n_errors = ARRAY_LEN(esp_encrypt_error_strings), .error_strings = esp_encrypt_error_strings, + + .n_next_nodes = 1, + .next_nodes = { + [ESP_ENCRYPT_NEXT_DROP] = "ip4-drop", + }, }; VNET_FEATURE_INIT (esp4_encrypt_tun_feat_node, static) = @@ -590,6 +595,11 @@ VLIB_REGISTER_NODE (esp6_encrypt_tun_node) = { .n_errors = ARRAY_LEN(esp_encrypt_error_strings), .error_strings = esp_encrypt_error_strings, + + .n_next_nodes = 1, + .next_nodes = { + [ESP_ENCRYPT_NEXT_DROP] = "ip6-drop", + }, }; VNET_FEATURE_INIT (esp6_encrypt_tun_feat_node, static) = diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c index 7d6c725e539..17f28a09ac8 100644 --- a/src/vnet/ipsec/ipsec_if.c +++ b/src/vnet/ipsec/ipsec_if.c @@ -352,6 +352,9 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, t->hw_if_index = hw_if_index; t->sw_if_index = hi->sw_if_index; + /* Standard default jumbo MTU. */ + vnet_sw_interface_set_mtu (vnm, t->sw_if_index, 9000); + /* Add the new tunnel to the DB of tunnels per sw_if_index ... */ vec_validate_init_empty (im->ipsec_if_by_sw_if_index, t->sw_if_index, ~0); -- cgit 1.2.3-korg