Re: [net-next PATCH 02/02] net/ipv4: VTI support new module for ip_vti.

public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: Steffen Klassert <steffen.klassert@secunet•com>
To: Saurabh <saurabh.mohan@vyatta•com>
Cc: netdev@vger•kernel.org
Subject: Re: [net-next PATCH 02/02] net/ipv4: VTI support new module for ip_vti.
Date: Thu, 28 Jun 2012 10:04:59 +0200	[thread overview]
Message-ID: <20120628080459.GC1869@secunet.com> (raw)
In-Reply-To: <20120628010218.GA4056@debian-saurabh-64.vyatta.com>

On Wed, Jun 27, 2012 at 06:02:18PM -0700, Saurabh wrote:
> 
> +config NET_IPVTI
> +	tristate "Virtual (secure) IP: tunneling"
> +	select INET_TUNNEL
> +	depends on INET_XFRM_MODE_TUNNEL
> +	---help---
> +	Tunneling means encapsulating data of one protocol type within
> +	another protocol and sending it over a channel that understands the
> +	Pencapsulating protocol. This particular tunneling driver implements
> +	encapsulation of IP within IP-ESP. This can be used with xfrm to give

This is not ESP specific anymore.

> +	the notion of a secure tunnel and then use routing protocol on top.
> +
> +	Saying Y to this option will produce one module ( = code which can
> +	be inserted in and removed from the running kernel whenever you
> +	want). Most people won't need this and can say N.
> +

Saying Y does not build a module, saying M builds a module. Also,
even if build as a module, you can't remove it whenever you want.
You can remove it as long as it is unused.

...

> +static netdev_tx_t vti_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
> +{
> +	struct ip_tunnel *tunnel = netdev_priv(dev);
> +	struct pcpu_tstats *tstats;
> +	struct net_device_stats *stats = &tunnel->dev->stats;
> +	struct iphdr  *tiph = &tunnel->parms.iph;
> +	u8     tos = tunnel->parms.iph.tos;
> +	struct rtable *rt;		/* Route to the other host */
> +	struct net_device *tdev;	/* Device to other host */
> +	struct iphdr  *old_iph = ip_hdr(skb);
> +	__be32 dst = tiph->daddr;
> +	struct flowi4 fl4;
> +
> +	if (skb->protocol != htons(ETH_P_IP))
> +		goto tx_error;
> +
> +	if (tos&1)
> +		tos = old_iph->tos;
> +
> +	if (!dst) {
> +		/* NBMA tunnel */
> +		rt = skb_rtable(skb);
> +		if (rt == NULL) {
> +			stats->tx_fifo_errors++;
> +			goto tx_error;
> +		}
> +		dst = rt->rt_gateway;
> +		if (dst == 0)
> +			goto tx_error_icmp;
> +	}
> +
> +	memset(&fl4, 0, sizeof(fl4));
> +	flowi4_init_output(&fl4, tunnel->parms.link,
> +		htonl(tunnel->parms.i_key), RT_TOS(tos), RT_SCOPE_UNIVERSE,
> +		IPPROTO_IPIP, 0,
> +		dst, tiph->saddr, 0, 0);
> +	rt = ip_route_output_key(dev_net(dev), &fl4);
> +	if (IS_ERR(rt)) {
> +		dev->stats.tx_carrier_errors++;
> +		goto tx_error_icmp;
> +	}
> +#ifdef CONFIG_XFRM
> +		/* if there is no transform then this tunnel is not functional. */
> +		if (!rt->dst.xfrm) {

What if this is a transport mode xfrm?
You should ensure that this is really a tunnel mode xfrm.

> +			stats->tx_carrier_errors++;
> +			goto tx_error_icmp;
> +		}
> +#endif

next prev parent reply	other threads:[~2012-06-28  8:05 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-06-28  1:02 [net-next PATCH 02/02] net/ipv4: VTI support new module for ip_vti Saurabh
2012-06-28  1:19 ` David Miller
2012-06-28  8:04 ` Steffen Klassert [this message]
  -- strict thread matches above, loose matches on Subject: below --
2012-07-17 19:44 Saurabh
2012-06-29  1:30 Saurabh
2012-07-09  6:47 ` David Miller
2012-06-29  0:52 Saurabh
2012-06-29  1:07 ` David Miller
2012-06-08 17:32 Saurabh
2012-06-14  9:12 ` Steffen Klassert
2012-06-15  2:43   ` Saurabh Mohan
2012-06-15  3:50     ` David Miller
2012-06-15  5:37     ` Steffen Klassert
2012-06-16  1:12       ` Saurabh Mohan
2012-06-17 23:27       ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120628080459.GC1869@secunet.com \
    --to=steffen.klassert@secunet$(echo .)com \
    --cc=netdev@vger$(echo .)kernel.org \
    --cc=saurabh.mohan@vyatta$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox