From: Steffen Klassert <steffen.klassert@secunet.com>
To: David Miller <davem@davemloft.net>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
Steffen Klassert <steffen.klassert@secunet.com>,
<netdev@vger.kernel.org>
Subject: [PATCH 19/19] xfrm: Make the policy hold queue work with VTI.
Date: Thu, 30 Jul 2020 07:41:30 +0200 [thread overview]
Message-ID: <20200730054130.16923-20-steffen.klassert@secunet.com> (raw)
In-Reply-To: <20200730054130.16923-1-steffen.klassert@secunet.com>
We forgot to support the xfrm policy hold queue when
VTI was implemented. This patch adds everything we
need so that we can use the policy hold queue together
with VTI interfaces.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/ipv4/ip_vti.c | 6 +++++-
net/ipv6/ip6_vti.c | 6 +++++-
net/xfrm/xfrm_policy.c | 11 +++++++++++
3 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index 3e5d54517145..8b962eac9ed8 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -218,12 +218,15 @@ static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev,
}
dst_hold(dst);
- dst = xfrm_lookup(tunnel->net, dst, fl, NULL, 0);
+ dst = xfrm_lookup_route(tunnel->net, dst, fl, NULL, 0);
if (IS_ERR(dst)) {
dev->stats.tx_carrier_errors++;
goto tx_error_icmp;
}
+ if (dst->flags & DST_XFRM_QUEUE)
+ goto queued;
+
if (!vti_state_check(dst->xfrm, parms->iph.daddr, parms->iph.saddr)) {
dev->stats.tx_carrier_errors++;
dst_release(dst);
@@ -255,6 +258,7 @@ static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev,
goto tx_error;
}
+queued:
skb_scrub_packet(skb, !net_eq(tunnel->net, dev_net(dev)));
skb_dst_set(skb, dst);
skb->dev = skb_dst(skb)->dev;
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index 53f12b40528e..f5a4c4a6492b 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -491,13 +491,16 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
}
dst_hold(dst);
- dst = xfrm_lookup(t->net, dst, fl, NULL, 0);
+ dst = xfrm_lookup_route(t->net, dst, fl, NULL, 0);
if (IS_ERR(dst)) {
err = PTR_ERR(dst);
dst = NULL;
goto tx_err_link_failure;
}
+ if (dst->flags & DST_XFRM_QUEUE)
+ goto queued;
+
x = dst->xfrm;
if (!vti6_state_check(x, &t->parms.raddr, &t->parms.laddr))
goto tx_err_link_failure;
@@ -533,6 +536,7 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
goto tx_err_dst_release;
}
+queued:
skb_scrub_packet(skb, !net_eq(t->net, dev_net(dev)));
skb_dst_set(skb, dst);
skb->dev = skb_dst(skb)->dev;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 564aa6492e7c..be150475b28b 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2758,6 +2758,7 @@ static void xfrm_policy_queue_process(struct timer_list *t)
struct xfrm_policy_queue *pq = &pol->polq;
struct flowi fl;
struct sk_buff_head list;
+ __u32 skb_mark;
spin_lock(&pq->hold_queue.lock);
skb = skb_peek(&pq->hold_queue);
@@ -2767,7 +2768,12 @@ static void xfrm_policy_queue_process(struct timer_list *t)
}
dst = skb_dst(skb);
sk = skb->sk;
+
+ /* Fixup the mark to support VTI. */
+ skb_mark = skb->mark;
+ skb->mark = pol->mark.v;
xfrm_decode_session(skb, &fl, dst->ops->family);
+ skb->mark = skb_mark;
spin_unlock(&pq->hold_queue.lock);
dst_hold(xfrm_dst_path(dst));
@@ -2799,7 +2805,12 @@ static void xfrm_policy_queue_process(struct timer_list *t)
while (!skb_queue_empty(&list)) {
skb = __skb_dequeue(&list);
+ /* Fixup the mark to support VTI. */
+ skb_mark = skb->mark;
+ skb->mark = pol->mark.v;
xfrm_decode_session(skb, &fl, skb_dst(skb)->ops->family);
+ skb->mark = skb_mark;
+
dst_hold(xfrm_dst_path(skb_dst(skb)));
dst = xfrm_lookup(net, xfrm_dst_path(skb_dst(skb)), &fl, skb->sk, 0);
if (IS_ERR(dst)) {
--
2.17.1
next prev parent reply other threads:[~2020-07-30 5:48 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-30 5:41 pull request (net-next): ipsec-next 2020-07-30 Steffen Klassert
2020-07-30 5:41 ` [PATCH 01/19] xfrm: introduce oseq-may-wrap flag Steffen Klassert
2020-07-30 5:41 ` [PATCH 02/19] xfrm: add is_ipip to struct xfrm_input_afinfo Steffen Klassert
2020-07-30 5:41 ` [PATCH 03/19] tunnel4: add cb_handler to struct xfrm_tunnel Steffen Klassert
2020-07-30 5:41 ` [PATCH 04/19] tunnel6: add tunnel6_input_afinfo for ipip and ipv6 tunnels Steffen Klassert
2020-07-30 5:41 ` [PATCH 05/19] ip_vti: support IPIP tunnel processing with .cb_handler Steffen Klassert
2020-07-30 5:41 ` [PATCH 06/19] ip_vti: support IPIP6 tunnel processing Steffen Klassert
2020-07-30 5:41 ` [PATCH 07/19] ip6_vti: support IP6IP6 tunnel processing with .cb_handler Steffen Klassert
2020-07-30 5:41 ` [PATCH 08/19] ip6_vti: support IP6IP tunnel processing Steffen Klassert
2020-07-30 5:41 ` [PATCH 09/19] ipcomp: assign if_id to child tunnel from parent tunnel Steffen Klassert
2020-07-30 5:41 ` [PATCH 10/19] xfrm: interface: support IP6IP6 and IP6IP tunnels processing with .cb_handler Steffen Klassert
2020-10-02 14:44 ` Nicolas Dichtel
2020-10-03 9:41 ` Xin Long
2020-10-05 15:11 ` Nicolas Dichtel
2020-10-07 15:40 ` Nicolas Dichtel
2020-10-07 16:26 ` Xin Long
2020-10-07 18:44 ` Nicolas Dichtel
2020-07-30 5:41 ` [PATCH 11/19] xfrm: interface: support IPIP and IPIP6 " Steffen Klassert
2020-07-30 5:41 ` [PATCH 12/19] xfrm interface: avoid xi lookup in xfrmi_decode_session() Steffen Klassert
2020-07-30 5:41 ` [PATCH 13/19] xfrm interface: store xfrmi contexts in a hash by if_id Steffen Klassert
2020-07-30 5:41 ` [PATCH 14/19] ip_vti: not register vti_ipip_handler twice Steffen Klassert
2020-07-30 5:41 ` [PATCH 15/19] ip6_vti: not register vti_ipv6_handler twice Steffen Klassert
2020-07-30 5:41 ` [PATCH 16/19] xfrm: interface: not xfrmi_ipv6/ipip_handler twice Steffen Klassert
2020-07-30 5:41 ` [PATCH 17/19] xfrm: interface: use IS_REACHABLE to avoid some compile errors Steffen Klassert
2020-07-30 5:41 ` [PATCH 18/19] ip6_vti: " Steffen Klassert
2020-07-30 5:41 ` Steffen Klassert [this message]
2020-07-30 21:40 ` pull request (net-next): ipsec-next 2020-07-30 David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200730054130.16923-20-steffen.klassert@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).