From: Steffen Klassert <steffen.klassert@secunet.com>
To: David Miller <davem@davemloft.net>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
Steffen Klassert <steffen.klassert@secunet.com>,
<netdev@vger.kernel.org>
Subject: pull request (net-next): ipsec-next 2014-02-27
Date: Thu, 27 Feb 2014 09:00:28 +0100 [thread overview]
Message-ID: <1393488040-22005-1-git-send-email-steffen.klassert@secunet.com> (raw)
This is the rework of the IPsec virtual tunnel interface
for ipv4 to support inter address family tunneling and
namespace crossing. The only change to the last RFC version
is a compile fix for an odd configuration where CONFIG_XFRM
is set but CONFIG_INET is not set.
1) Add and use a IPsec protocol multiplexer.
2) Add xfrm_tunnel_skb_cb to the skb common buffer
to store a receive callback there.
3) Make vti work with i_key set by not including the i_key
when comupting the hash for the tunnel lookup in case of
vti tunnels.
4) Update ip_vti to use it's own receive hook.
5) Remove xfrm_tunnel_notifier, this is replaced by the IPsec
protocol multiplexer.
6) We need to be protocol family indepenent, so use the on xfrm_lookup
returned dst_entry instead of the ipv4 rtable in vti_tunnel_xmit().
7) Add support for inter address family tunneling.
8) Check if the tunnel endpoints of the xfrm state and the vti interface
are matching and return an error otherwise.
8) Enable namespace crossing tor vti devices.
Please pull or let me know if there are problems.
Thanks!
The following changes since commit 51adfcc333e1490d3a22490f5b3504f64c7b28b4:
net: bcmgenet: remove unused bh_lock member (2014-02-24 20:26:37 -0500)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git master
for you to fetch changes up to 895de9a3488abcdd186680f0af3cce7f2d4d4a6e:
vti4: Enable namespace changing (2014-02-25 07:04:19 +0100)
----------------------------------------------------------------
Steffen Klassert (12):
xfrm4: Add IPsec protocol multiplexer
esp4: Use the IPsec protocol multiplexer API
ah4: Use the IPsec protocol multiplexer API
ipcomp4: Use the IPsec protocol multiplexer API
xfrm: Add xfrm_tunnel_skb_cb to the skb common buffer
ip_tunnel: Make vti work with i_key set
vti: Update the ipv4 side to use it's own receive hook.
xfrm4: Remove xfrm_tunnel_notifier
vti4: Use the on xfrm_lookup returned dst_entry directly
vti4: Support inter address family tunneling.
vti4: Check the tunnel endpoints of the xfrm state and the vti interface
vti4: Enable namespace changing
include/net/xfrm.h | 83 +++++++++--
net/ipv4/Makefile | 2 +-
net/ipv4/ah4.c | 25 ++--
net/ipv4/esp4.c | 26 ++--
net/ipv4/ip_tunnel.c | 6 +-
net/ipv4/ip_vti.c | 310 +++++++++++++++++++++++++++++++++---------
net/ipv4/ipcomp.c | 26 ++--
net/ipv4/xfrm4_input.c | 9 --
net/ipv4/xfrm4_mode_tunnel.c | 68 ---------
net/ipv4/xfrm4_protocol.c | 275 +++++++++++++++++++++++++++++++++++++
net/xfrm/xfrm_input.c | 22 ++-
11 files changed, 659 insertions(+), 193 deletions(-)
create mode 100644 net/ipv4/xfrm4_protocol.c
next reply other threads:[~2014-02-27 8:00 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-27 8:00 Steffen Klassert [this message]
2014-02-27 8:00 ` [PATCH 01/12] xfrm4: Add IPsec protocol multiplexer Steffen Klassert
2014-02-27 8:00 ` [PATCH 02/12] esp4: Use the IPsec protocol multiplexer API Steffen Klassert
2014-02-27 8:00 ` [PATCH 03/12] ah4: " Steffen Klassert
2014-02-27 8:00 ` [PATCH 04/12] ipcomp4: " Steffen Klassert
2014-02-27 8:00 ` [PATCH 05/12] xfrm: Add xfrm_tunnel_skb_cb to the skb common buffer Steffen Klassert
2014-02-27 8:00 ` [PATCH 06/12] ip_tunnel: Make vti work with i_key set Steffen Klassert
2014-02-27 8:00 ` [PATCH 07/12] vti: Update the ipv4 side to use it's own receive hook Steffen Klassert
2014-02-27 10:42 ` Neil Jerram
2014-02-27 8:00 ` [PATCH 08/12] xfrm4: Remove xfrm_tunnel_notifier Steffen Klassert
2014-02-27 8:00 ` [PATCH 09/12] vti4: Use the on xfrm_lookup returned dst_entry directly Steffen Klassert
2014-02-27 8:00 ` [PATCH 10/12] vti4: Support inter address family tunneling Steffen Klassert
2014-02-27 8:00 ` [PATCH 11/12] vti4: Check the tunnel endpoints of the xfrm state and the vti interface Steffen Klassert
2014-02-27 8:00 ` [PATCH 12/12] vti4: Enable namespace changing Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1393488040-22005-1-git-send-email-steffen.klassert@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).