netfilter: nf_defrag_ipv4: Add sysctl to disable per interface

Add a sysctl nf_ipv4_defrag_skip to skip defragmentation per interface. This is set 0 to preserve existing behavior (always defrag per interface). This is useful for pure ipv4 forwarding scenarios (without NAT) in conjunction with xfrm. It appears that network stack defrags the packets and then forwards them to xfrm which then encrypts and then later fragments them on a different boundary compared to the source. CRs-Fixed: 2140310 Change-Id: I11956284a9692579274e8626f61cc6432232254c Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
author: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org> 2017-11-05 17:36:53 -0700
committer: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org> 2018-01-10 13:57:22 -0700
commit: 3ee7c157f796aac5c119669697e224eb4a0cf560 (patch)
tree: 15f9a753d4232431f20a3d178ddbdd71d2af70ba /kernel/sysctl_binary.c
parent: 1707cb3ff140dec01127669e1c88d5b850f272e4 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c
index 4a816bab38a2..d7612fcba10a 100644
--- a/kernel/sysctl_binary.c
+++ b/kernel/sysctl_binary.c
@@ -255,6 +255,7 @@ static const struct bin_table bin_net_ipv4_conf_vars_table[] = {
 	{ CTL_INT,	NET_IPV4_CONF_NOPOLICY,			"disable_policy" },
 	{ CTL_INT,	NET_IPV4_CONF_FORCE_IGMP_VERSION,	"force_igmp_version" },
 	{ CTL_INT,	NET_IPV4_CONF_PROMOTE_SECONDARIES,	"promote_secondaries" },
+	{ CTL_INT, NET_IPV4_CONF_NF_IPV4_DEFRAG_SKIP, "nf_ipv4_defrag_skip" },
 	{}
 };
author	Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>	2017-11-05 17:36:53 -0700
committer	Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>	2018-01-10 13:57:22 -0700
commit	3ee7c157f796aac5c119669697e224eb4a0cf560 (patch)
tree	15f9a753d4232431f20a3d178ddbdd71d2af70ba /kernel/sysctl_binary.c
parent	1707cb3ff140dec01127669e1c88d5b850f272e4 (diff)