From: Steffen Klassert <steffen.klassert@secunet.com>
To: <netdev@vger.kernel.org>
Cc: Steffen Klassert <steffen.klassert@secunet.com>,
Christophe Gouault <christophe.gouault@6wind.com>
Subject: [PATCH RFC v4 10/12] vti4: Support inter address family tunneling.
Date: Fri, 14 Feb 2014 09:30:18 +0100 [thread overview]
Message-ID: <1392366620-31923-11-git-send-email-steffen.klassert@secunet.com> (raw)
In-Reply-To: <1392366620-31923-1-git-send-email-steffen.klassert@secunet.com>
With this patch we can tunnel ipv6 traffic via a vti4
interface. A vti4 interface can now have an ipv6 address
and ipv6 traffic can be routed via a vti4 interface.
The resulting traffic is xfrm transformed and tunneled
throuhg ipv4 if matching IPsec policies and states are
present.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/ipv4/ip_vti.c | 48 ++++++++++++++++++++++++++++++++++--------------
1 file changed, 34 insertions(+), 14 deletions(-)
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index 0dc341d..9369b7c 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -34,6 +34,7 @@
#include <linux/init.h>
#include <linux/netfilter_ipv4.h>
#include <linux/if_ether.h>
+#include <linux/icmpv6.h>
#include <net/sock.h>
#include <net/ip.h>
@@ -122,31 +123,21 @@ static int vti_rcv_cb(struct sk_buff *skb, int err)
return 0;
}
-/* This function assumes it is being called from dev_queue_xmit()
- * and that skb is filled properly by that function.
- */
-static netdev_tx_t vti_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
+static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev,
+ struct flowi *fl)
{
struct ip_tunnel *tunnel = netdev_priv(dev);
struct dst_entry *dst = skb_dst(skb);
struct net_device *tdev; /* Device to other host */
- struct flowi fl;
int err;
- if (skb->protocol != htons(ETH_P_IP))
- goto tx_error;
-
- memset(&fl, 0, sizeof(fl));
- skb->mark = be32_to_cpu(tunnel->parms.o_key);
- xfrm_decode_session(skb, &fl, AF_INET);
-
if (!dst) {
dev->stats.tx_carrier_errors++;
goto tx_error_icmp;
}
dst_hold(dst);
- dst = xfrm_lookup(tunnel->net, dst, &fl, NULL, 0);
+ dst = xfrm_lookup(tunnel->net, dst, fl, NULL, 0);
if (IS_ERR(dst)) {
dev->stats.tx_carrier_errors++;
goto tx_error_icmp;
@@ -178,7 +169,6 @@ static netdev_tx_t vti_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
tunnel->err_count = 0;
}
- memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
skb_scrub_packet(skb, !net_eq(tunnel->net, dev_net(dev)));
skb_dst_set(skb, dst);
skb->dev = skb_dst(skb)->dev;
@@ -197,6 +187,36 @@ tx_error:
return NETDEV_TX_OK;
}
+/* This function assumes it is being called from dev_queue_xmit()
+ * and that skb is filled properly by that function.
+ */
+static netdev_tx_t vti_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
+{
+ struct ip_tunnel *tunnel = netdev_priv(dev);
+ struct flowi fl;
+
+ memset(&fl, 0, sizeof(fl));
+
+ skb->mark = be32_to_cpu(tunnel->parms.o_key);
+
+ switch (skb->protocol) {
+ case htons(ETH_P_IP):
+ xfrm_decode_session(skb, &fl, AF_INET);
+ memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
+ break;
+ case htons(ETH_P_IPV6):
+ xfrm_decode_session(skb, &fl, AF_INET6);
+ memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
+ break;
+ default:
+ dev->stats.tx_errors++;
+ dev_kfree_skb(skb);
+ return NETDEV_TX_OK;
+ }
+
+ return vti_xmit(skb, dev, &fl);
+}
+
static int vti4_err(struct sk_buff *skb, u32 info)
{
__be32 spi;
--
1.7.9.5
next prev parent reply other threads:[~2014-02-14 8:30 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-14 8:30 [PATCH RFC v4 0/12] vti4: prepare namespace and interfamily support Steffen Klassert
2014-02-14 8:30 ` [PATCH RFC v4 01/12] xfrm4: Add IPsec protocol multiplexer Steffen Klassert
2014-02-14 8:30 ` [PATCH RFC v4 02/12] esp4: Use the IPsec protocol multiplexer API Steffen Klassert
2014-02-14 8:30 ` [PATCH RFC v4 03/12] ah4: " Steffen Klassert
2014-02-14 8:30 ` [PATCH RFC v4 04/12] ipcomp4: " Steffen Klassert
2014-02-14 8:30 ` [PATCH RFC v4 05/12] xfrm: Add xfrm_tunnel_skb_cb to the skb common buffer Steffen Klassert
2014-02-14 8:30 ` [PATCH RFC v4 06/12] ip_tunnel: Make vti work with i_key set Steffen Klassert
2014-02-14 8:30 ` [PATCH RFC v4 07/12] vti: Update the ipv4 side to use it's own receive hook Steffen Klassert
2014-02-14 8:30 ` [PATCH RFC v4 08/12] xfrm4: Remove xfrm_tunnel_notifier Steffen Klassert
2014-02-14 8:30 ` [PATCH RFC v4 09/12] vti4: Use the on xfrm_lookup returned dst_entry directly Steffen Klassert
2014-02-14 8:30 ` Steffen Klassert [this message]
2014-02-14 8:30 ` [PATCH RFC v4 11/12] vti4: Check the tunnel endpoints of the xfrm state and the vti interface Steffen Klassert
2014-02-14 8:30 ` [PATCH RFC v4 12/12] vti4: Enable namespace changing Steffen Klassert
2014-02-25 7:42 ` [PATCH RFC v4 0/12] vti4: prepare namespace and interfamily support Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1392366620-31923-11-git-send-email-steffen.klassert@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=christophe.gouault@6wind.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.