From: Steffen Klassert <steffen.klassert@secunet.com>
To: Tom Herbert <tom@herbertland.com>
Cc: <davem@davemloft.net>, <netdev@vger.kernel.org>, <kernel-team@fb.com>
Subject: Re: [PATCH net-next 5/6] ipv6: Call xfrm6_xlat_addr from ipv6_rcv
Date: Wed, 30 Sep 2015 11:06:17 +0200 [thread overview]
Message-ID: <20150930090617.GF7701@secunet.com> (raw)
In-Reply-To: <1443565043-1287886-6-git-send-email-tom@herbertland.com>
On Tue, Sep 29, 2015 at 03:17:22PM -0700, Tom Herbert wrote:
> Call before performing NF_HOOK and routing in order to perform address
> translation in the receive path.
>
> Signed-off-by: Tom Herbert <tom@herbertland.com>
> ---
> net/ipv6/ip6_input.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
> index 9075acf..06dac55 100644
> --- a/net/ipv6/ip6_input.c
> +++ b/net/ipv6/ip6_input.c
> @@ -183,6 +183,9 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
> /* Must drop socket now because of tproxy. */
> skb_orphan(skb);
>
> + /* Translate destination address before routing */
> + xfrm6_xlat_addr(skb);
> +
This shows that xfrm is not the right place to add this. The existing
xfrm hooks are located at the same place as your current LWT hooks are.
You could use the existing xfrm hooks similar to xfrm tunnel modes.
This reinserts the transformed packet back into layer2, but I guess
this is not what you want.
I'm currently paying with a GRO codepath for IPsec to get the
packets transformed early. If you can do your address translation
that early, it could be an option too. This clearly depends on
enabled GRO at the receiving device, but you would still have
the LWT hook as a fallback.
> return NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING,
> net, NULL, skb, dev, NULL,
> ip6_rcv_finish);
Or, try to use the netfilter hook that seems to be at the right
place at least.
next prev parent reply other threads:[~2015-09-30 9:06 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-29 22:17 [PATCH net-next 0/6] ila: Optimization to preserve value of early demux Tom Herbert
2015-09-29 22:17 ` [PATCH net-next 1/6] ila: Create net/ipv6/ila directory Tom Herbert
2015-09-29 22:17 ` [PATCH net-next 2/6] rhashtable: add function to replace an element Tom Herbert
2015-09-29 22:17 ` [PATCH net-next 3/6] netlink: add a start callback for starting a netlink dump Tom Herbert
2015-09-29 22:17 ` [PATCH net-next 4/6] xfrm: Add xfrm6 address translation function Tom Herbert
2015-09-29 22:58 ` David Ahern
2015-09-30 8:39 ` Steffen Klassert
2015-09-29 22:17 ` [PATCH net-next 5/6] ipv6: Call xfrm6_xlat_addr from ipv6_rcv Tom Herbert
2015-09-29 23:26 ` Florian Westphal
2015-09-30 9:06 ` Steffen Klassert [this message]
2015-09-30 18:40 ` Tom Herbert
2015-09-29 22:17 ` [PATCH net-next 6/6] ila: Add support for xfrm6_xlat_addr Tom Herbert
2015-09-29 22:34 ` kbuild test robot
2015-09-29 22:49 ` kbuild test robot
2015-09-29 23:18 ` kbuild test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150930090617.GF7701@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=kernel-team@fb.com \
--cc=netdev@vger.kernel.org \
--cc=tom@herbertland.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.