Re: [PATCH] vti: remove GRE_KEY flag for vti tunnel

[Hangbin Liu <liuhangbin@gmail.com>]

On Thu, Dec 05, 2013 at 09:47:27AM +0100, Steffen Klassert wrote:
> On Wed, Dec 04, 2013 at 01:46:40PM +0100, Christophe Gouault wrote:
> > Hello Hangbin,
> > 
> > vti interfaces precisely need an o_key to be configured (it must be set
> > to the mark of ipsec policies attached to this interface). Consequently,
> > this flag must not be removed.
> > 
> 
> Why do we need to set these flags in vti_tunnel_ioctl()? All we do
> here, is to cheat userspace. The userspace should set these flags
> to configure the tunnel. Please note that we completely ignore
> the flags from userspace, instead we set our own flags.
> 
> I think the only reason why we set these flags here, is to make iproute2
> to print the i_key/o_key.
> 
> I've already metntioned that I'am a bit disappointed on how the gre
> keys and flags are used with vti. But I fear we need to keep it
> as it is for now, because it would at least change the behaviour
> of iproute2 if we remove the flags.

I submit this patch just beacuse iproute2 will return fail when we modify vti
parameters. Code here

ip/iptunnel.c#L226:
        if (p->iph.protocol == IPPROTO_IPIP || p->iph.protocol == IPPROTO_IPV6) {
                if ((p->i_flags & GRE_KEY) || (p->o_flags & GRE_KEY)) {
                        fprintf(stderr, "Keys are not allowed with ipip and sit tunnels\n");
                        return -1;
                }
        }

So should we modify iproute2 or kernel code?
-- 

Thanks & Best Regards
Hangbin Liu <liuhangbin@gmail.com>