From: Steffen Klassert <steffen.klassert@secunet.com>
To: netdev@vger.kernel.org
Cc: Christophe Gouault <christophe.gouault@6wind.com>,
Saurabh Mohan <saurabh.mohan@vyatta.com>
Subject: [PATCH RFC v2 13/13] vti4: Support inter address family tunneling.
Date: Mon, 16 Dec 2013 10:28:03 +0100 [thread overview]
Message-ID: <20131216092803.GD31491@secunet.com> (raw)
In-Reply-To: <20131216091835.GQ31491@secunet.com>
With this patch we can tunnel ipv6 traffic via a vti4
interface. A vti4 interface can now have an ipv6 address
and ipv6 traffic can be routed via a vti4 interface.
The resulting traffic is xfrm transformed and tunneled
throuhg ipv4 if matching IPsec policies and states are
present.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/ipv4/ip_vti.c | 48 ++++++++++++++++++++++++++++++++++--------------
1 file changed, 34 insertions(+), 14 deletions(-)
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index f269310..8a2934c 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -34,6 +34,7 @@
#include <linux/init.h>
#include <linux/netfilter_ipv4.h>
#include <linux/if_ether.h>
+#include <linux/icmpv6.h>
#include <net/sock.h>
#include <net/ip.h>
@@ -110,26 +111,16 @@ static int vti_rcv_cb(struct sk_buff *skb, int err)
return 0;
}
-/* This function assumes it is being called from dev_queue_xmit()
- * and that skb is filled properly by that function.
- */
-static netdev_tx_t vti_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
+static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev,
+ struct flowi *fl)
{
struct ip_tunnel *tunnel = netdev_priv(dev);
struct dst_entry *dst;
struct net_device *tdev; /* Device to other host */
- struct flowi fl;
int err;
- if (skb->protocol != htons(ETH_P_IP))
- goto tx_error;
-
- memset(&fl, 0, sizeof(fl));
- skb->mark = be32_to_cpu(tunnel->parms.o_key);
- xfrm_decode_session(skb, &fl, AF_INET);
-
dst_hold(skb_dst(skb));
- dst = xfrm_lookup(tunnel->net, skb_dst(skb), &fl, NULL, 0);
+ dst = xfrm_lookup(tunnel->net, skb_dst(skb), fl, NULL, 0);
if (IS_ERR(dst)) {
dev->stats.tx_carrier_errors++;
goto tx_error_icmp;
@@ -161,7 +152,6 @@ static netdev_tx_t vti_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
tunnel->err_count = 0;
}
- memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
skb_scrub_packet(skb, !net_eq(tunnel->net, dev_net(dev)));
skb_dst_set(skb, dst);
skb->dev = skb_dst(skb)->dev;
@@ -180,6 +170,36 @@ tx_error:
return NETDEV_TX_OK;
}
+/* This function assumes it is being called from dev_queue_xmit()
+ * and that skb is filled properly by that function.
+ */
+static netdev_tx_t vti_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
+{
+ struct ip_tunnel *tunnel = netdev_priv(dev);
+ struct flowi fl;
+
+ memset(&fl, 0, sizeof(fl));
+
+ skb->mark = be32_to_cpu(tunnel->parms.o_key);
+
+ switch (skb->protocol) {
+ case htons(ETH_P_IP):
+ xfrm_decode_session(skb, &fl, AF_INET);
+ memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
+ break;
+ case htons(ETH_P_IPV6):
+ xfrm_decode_session(skb, &fl, AF_INET6);
+ memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
+ break;
+ default:
+ dev->stats.tx_errors++;
+ dev_kfree_skb(skb);
+ return NETDEV_TX_OK;
+ }
+
+ return vti_xmit(skb, dev, &fl);
+}
+
static int
vti_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
{
--
1.7.9.5
next prev parent reply other threads:[~2013-12-16 9:28 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-16 9:18 [PATCH RFC v2 0/13] vti4: prepare namespace and interfamily support Steffen Klassert
2013-12-16 9:19 ` [PATCH RFC v2 01/13] xfrm4: Add IPsec protocol multiplexer Steffen Klassert
2013-12-16 9:19 ` [PATCH RFC v2 02/13] esp4: Use the IPsec protocol multiplexer API Steffen Klassert
2013-12-16 9:20 ` [PATCH RFC v2 03/13] esp4: Export esp4_err Steffen Klassert
2013-12-16 9:21 ` [PATCH RFC v2 04/13] ah4: Use the IPsec protocol multiplexer API Steffen Klassert
2013-12-16 9:21 ` [PATCH RFC v2 05/13] ah4: Export ah4_err Steffen Klassert
2013-12-16 9:22 ` [PATCH RFC v2 06/13] ipcomp4: Use the IPsec protocol multiplexer API Steffen Klassert
2013-12-16 9:23 ` [PATCH RFC v2 07/13] ipcomp4: Export ipcomp4_err Steffen Klassert
2013-12-16 9:23 ` [PATCH RFC v2 08/13] xfrm: Add xfrm_tunnel_skb_cb to the skb common buffer Steffen Klassert
2013-12-16 12:54 ` Nicolas Dichtel
2013-12-16 13:02 ` Steffen Klassert
2013-12-16 9:24 ` [PATCH RFC v2 09/13] ip_tunnel: Make vti work with i_key set Steffen Klassert
2013-12-16 9:25 ` [PATCH RFC v2 10/13] vti: Update the ipv4 side to use it's own receive hook Steffen Klassert
2013-12-16 9:26 ` [PATCH RFC v2 11/13] xfrm4: Remove xfrm_tunnel_notifier Steffen Klassert
2013-12-16 9:27 ` [PATCH RFC v2 12/13] vti4: Use the on xfrm_lookup returned dst_entry directly Steffen Klassert
2013-12-16 9:28 ` Steffen Klassert [this message]
2014-01-07 16:11 ` [PATCH RFC v2 0/13] vti4: prepare namespace and interfamily support Christophe Gouault
2014-01-07 19:45 ` Christophe Gouault
2014-01-14 7:51 ` Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131216092803.GD31491@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=christophe.gouault@6wind.com \
--cc=netdev@vger.kernel.org \
--cc=saurabh.mohan@vyatta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.