vti6: Fix dev->max_mtu setting

We shouldn't allow a tunnel to have IP_MAX_MTU as MTU, because
another IPv6 header is going on top of our packets. Without this
patch, we might end up building packets bigger than IP_MAX_MTU.

Fixes: b96f9afee4eb ("ipv4/6: use core net MTU range checking")
Signed-off-by: Stefano Brivio <[email protected]>
Acked-by: Sabrina Dubroca <[email protected]>
Signed-off-by: Steffen Klassert <[email protected]>

diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index 971175142e14df5b0cc8f89e020c81cb7e5fbfa9..ce18cd20389dca77418301250fb02056bde54822 100644 (file)
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -879,7 +879,7 @@ static void vti6_dev_setup(struct net_device *dev)
 
        dev->type = ARPHRD_TUNNEL6;
        dev->min_mtu = IPV6_MIN_MTU;
-       dev->max_mtu = IP_MAX_MTU;
+       dev->max_mtu = IP_MAX_MTU - sizeof(struct ipv6hdr);
        dev->flags |= IFF_NOARP;
        dev->addr_len = sizeof(struct in6_addr);
        netif_keep_dst(dev);