From: Robert Shearman <rshearma@brocade.com>
To: roopa <roopa@cumulusnetworks.com>
Cc: <davem@davemloft.net>, <netdev@vger.kernel.org>,
Nicolas Dichtel <nicolas.dichtel@6wind.com>,
Thomas Graf <tgraf@suug.ch>
Subject: Re: [PATCH net-next 0/2] lwtunnel: encap locally-generated ipv4 packets
Date: Tue, 4 Aug 2015 14:55:59 +0100 [thread overview]
Message-ID: <55C0C46F.6000103@brocade.com> (raw)
In-Reply-To: <55BFDFF3.2030309@cumulusnetworks.com>
On 03/08/15 22:41, roopa wrote:
> On 8/3/15, 9:39 AM, Robert Shearman wrote:
>> Locally-generated IPv4 packets, such as from applications running on
>> the host or traceroute/ping currently don't have lwtunnel output
>> redirected encap applied. However, they should do in the same way as
>> for forwarded packets and this patch series addresses that.
>>
>> Robert Shearman (2):
>> lwtunnel: set skb protocol and dev
>> ipv4: apply lwtunnel encap for locally-generated packets
>>
>> net/core/lwtunnel.c | 12 ++++++++++--
>> net/ipv4/route.c | 2 ++
>> 2 files changed, 12 insertions(+), 2 deletions(-)
>>
> Thanks for this patch Robert. Looks good.
> I have been thinking of sending a similar patch out for this and
> since i was also looking at ip fragmentation, I have a slightly
> different patch which I think should also take care of
> encapsulating locally generated packets too. This patch moves the output
> redirection to after ip fragmentation.
> What do you think about the below (I have briefly tested it. Was
> planning to test some more before sending it out as RFC) ?
I'm glad you're looking at fragmentation - this does need to be
implemented at some point.
While it looks like fragmentation should work, the issue is that now
post-routing netfilter modules will be presented with un-encapsulated
packets without distinguishing them from encapsulated packets.
An example of why this is a problem is that this would prevent operators
from implementing rules to prevent non-control IP packets being output
onto an interface in an MPLS core, and I have seen service providers
doing this sort of thing in the past. So I think this is a pretty big
deal for MPLS. There are possibly other less obvious use cases that
would be prevented by this change.
So as long as you can keep these working, I'd be fine with such an approach.
Thanks,
Rob
next prev parent reply other threads:[~2015-08-04 13:56 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-03 16:39 [PATCH net-next 0/2] lwtunnel: encap locally-generated ipv4 packets Robert Shearman
2015-08-03 16:39 ` [PATCH net-next 1/2] lwtunnel: set skb protocol and dev Robert Shearman
2015-08-03 16:39 ` [PATCH net-next 2/2] ipv4: apply lwtunnel encap for locally-generated packets Robert Shearman
2015-08-03 21:41 ` [PATCH net-next 0/2] lwtunnel: encap locally-generated ipv4 packets roopa
2015-08-04 13:55 ` Robert Shearman [this message]
2015-08-04 5:26 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55C0C46F.6000103@brocade.com \
--to=rshearma@brocade.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=nicolas.dichtel@6wind.com \
--cc=roopa@cumulusnetworks.com \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.