From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCH] ipv6_tunnel: Allow receiving packets on the fallback tunnel if they pass sanity checks Date: Fri, 29 Jun 2012 00:52:58 -0700 (PDT) Message-ID: <20120629.005258.2188206674865275736.davem@davemloft.net> References: <20120629041552.GA27362@ipom.com> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: netdev@vger.kernel.org, phild@fb.com, ville.nuorvala@gmail.com To: phil@ipom.com Return-path: Received: from shards.monkeyblade.net ([149.20.54.216]:59890 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751210Ab2F2Hw7 (ORCPT ); Fri, 29 Jun 2012 03:52:59 -0400 In-Reply-To: <20120629041552.GA27362@ipom.com> Sender: netdev-owner@vger.kernel.org List-ID: From: Phil Dibowitz Date: Thu, 28 Jun 2012 21:15:52 -0700 > From: Ville Nuorvala > > At Facebook, we do Layer-3 DSR via IP-in-IP tunneling. Our load balancers wrap > an extra IP header on incoming packets so they can be routed to the backend. > In the v4 tunnel driver, when these packets fall on the default tunl0 device, > the behavior is to decapsulate them and drop them back on the stack. So our > setup is that tunl0 has the VIP and eth0 has (obviously) the backend's real > address. > > In IPv6 we do the same thing, but the v6 tunnel driver didn't have this same > behavior - if you didn't have an explicit tunnel setup, it would drop the > packet. > > This patch brings that v4 feature to the v6 driver. > > The same IPv6 address checks are performed as with any normal tunnel, > but as the fallback tunnel endpoint addresses are unspecified, the checks > must be performed on a per-packet basis, rather than at tunnel > configuration time. > > [Patch description modified by phil@ipom.com] > > Signed-off-by: Ville Nuorvala > Tested-by: Phil Dibowitz Applied to net-next