From: Ben Greear <greearb@candelatech.com>
To: Lennert Buytenhek <buytenh@wantstofly.org>
Cc: netdev@oss.sgi.com, shemminger@osdl.org,
rhousley@rsasecurity.com, shollenbeck@verisign.com
Subject: Re: [PATCH][RFC] etherip: Ethernet-in-IPv4 tunneling
Date: Wed, 12 Jan 2005 14:42:49 -0800 [thread overview]
Message-ID: <41E5A7E9.4030101@candelatech.com> (raw)
In-Reply-To: <20050112222437.GC14280@xi.wantstofly.org>
Lennert Buytenhek wrote:
> Hi,
>
> After struggling with various userland VPN solutions for a while (and
> failing to make IPSEC tunnel mode do what I want), I decided to just
> implement ethernet-in-IP tunneling in the kernel and let IPSEC transport
> mode handle the rest.
>
> There appeared to be an RFC for ethernet-in-IP already, RFC 3378, so I
> just implemented that. It's very simple -- slap a 16-bit header (0x3000,
> which is 4 bits of etherip version number and 12 bits of padding) onto
> the beginning of the ethernet packet, and then wrap it in an IP packet.
>
> Below is what I came up with, against the latest Fedora Core 3 kernel,
> which is 2.6.10-something. It survives some fairly basic testing between
> a number of different machines, UP and SMP. (Corresponding iproute2
> patch is available from http://www.wantstofly.org/~buytenh/etherip/ )
>
> Notes:
> - daddr=0 tunnel mode is meaningless for generic ethernet tunneling,
> so I didn't implement that. Packets are just dropped on the floor
> if daddr==0 at the time of sending, which is the default mode for
> the etherip0 device.
>
> Issues and TODO:
> - Implement MULTICAST(daddr) tunnel mode, seems useful to have.
> - Perhaps we should always present a MTU=1500 device to the user and
> deal with fragmentation issues ourselves.
> - Don't take TTL of outer packet from inner packet.
> - Figure out what to do with DF.
> - Check whether ECN bits are correctly {en,de}capsulated.
> - Check out iffy-looking '2 * sizeof(struct etheriphdr)' construct
> (same problem in ip_gre.c?)
>
> Comments? I would like to see this upstream when the remaining issues
> have been sorted out.
Why do you add a single device when loading the module? Is this just
so you have something to hook the ioctl to?
My personal preference would be something where you do not automatically
create an etherip0, but would have an etherip-config tool or similar to
create/destroy interfaces.
Also, could you add an ioctl that allowed one to query whether or not
a particular device is an etherip device? I had always wished I had added
this earlier to the VLAN code :)
Thanks,
Ben
--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com
next prev parent reply other threads:[~2005-01-12 22:42 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-12 22:24 [PATCH][RFC] etherip: Ethernet-in-IPv4 tunneling Lennert Buytenhek
2005-01-12 22:42 ` Ben Greear [this message]
2005-01-12 22:48 ` Lennert Buytenhek
2005-01-12 23:11 ` Ben Greear
2005-01-12 23:16 ` Lennert Buytenhek
2005-01-12 23:43 ` Thomas Graf
2005-01-13 0:18 ` Lennert Buytenhek
2005-01-13 0:28 ` Thomas Graf
2005-01-13 0:36 ` Lennert Buytenhek
2005-01-13 1:20 ` Thomas Graf
2005-01-12 23:43 ` Ben Greear
2005-01-13 0:04 ` Stephen Hemminger
2005-01-13 0:29 ` Lennert Buytenhek
2005-01-13 7:49 ` Pekka Savola
2005-01-13 9:23 ` Lennert Buytenhek
2005-01-16 17:37 ` jamal
2005-01-16 18:55 ` tunneling in linux (was: Re: [PATCH][RFC] etherip: Ethernet-in-IPv4 tunneling) Lennert Buytenhek
2005-01-16 19:51 ` Pekka Savola
2005-01-16 19:57 ` Lennert Buytenhek
2005-01-17 5:45 ` Pekka Savola
2005-01-16 20:02 ` jamal
2005-01-16 20:20 ` Lennert Buytenhek
2005-01-16 20:37 ` Hasso Tepper
2005-01-16 21:21 ` Lennert Buytenhek
2005-01-16 21:32 ` Hasso Tepper
2005-01-16 21:44 ` Lennert Buytenhek
2005-01-16 23:09 ` jamal
2005-01-16 19:02 ` [PATCH][RFC] etherip: Ethernet-in-IPv4 tunneling Lennert Buytenhek
2005-01-16 20:05 ` jamal
2005-01-16 20:22 ` Lennert Buytenhek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41E5A7E9.4030101@candelatech.com \
--to=greearb@candelatech.com \
--cc=buytenh@wantstofly.org \
--cc=netdev@oss.sgi.com \
--cc=rhousley@rsasecurity.com \
--cc=shemminger@osdl.org \
--cc=shollenbeck@verisign.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).