IPSEC: tunnel fragmentation
Change-Id: I63741a22bc82f5f861e1c0f26a93b5569cc52061
Signed-off-by: Neale Ranns <nranns@cisco.com>
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index c2069e5..8224769 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -563,6 +563,11 @@
.n_errors = ARRAY_LEN(esp_encrypt_error_strings),
.error_strings = esp_encrypt_error_strings,
+
+ .n_next_nodes = 1,
+ .next_nodes = {
+ [ESP_ENCRYPT_NEXT_DROP] = "ip4-drop",
+ },
};
VNET_FEATURE_INIT (esp4_encrypt_tun_feat_node, static) =
@@ -590,6 +595,11 @@
.n_errors = ARRAY_LEN(esp_encrypt_error_strings),
.error_strings = esp_encrypt_error_strings,
+
+ .n_next_nodes = 1,
+ .next_nodes = {
+ [ESP_ENCRYPT_NEXT_DROP] = "ip6-drop",
+ },
};
VNET_FEATURE_INIT (esp6_encrypt_tun_feat_node, static) =
diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index 7d6c725..17f28a0 100644
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -352,6 +352,9 @@
t->hw_if_index = hw_if_index;
t->sw_if_index = hi->sw_if_index;
+ /* Standard default jumbo MTU. */
+ vnet_sw_interface_set_mtu (vnm, t->sw_if_index, 9000);
+
/* Add the new tunnel to the DB of tunnels per sw_if_index ... */
vec_validate_init_empty (im->ipsec_if_by_sw_if_index, t->sw_if_index,
~0);