gre: Disable ERSPAN support in ip_gre module

Konstantin Khorenko Wed, 25 Jan 2023 08:49:48 -0800

The commit is pushed to "branch-rh9-5.14.0-162.6.1.vz9.18.x-ovz" and will 
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh9-5.14.0-162.6.1.vz9.18.6
------>
commit 7f237b6252db4ab4809e75e3d7282948db1c2b94
Author: Nikolay Borisov <nikolay.bori...@virtuozzo.com>
Date:   Tue Jan 24 09:46:01 2023 +0200


    ve/net/gre: Disable ERSPAN support in ip_gre module
    
    Fix GRE support in Containers by disabling Encapsulated Remote Switched
    Port Analyzer (ERSPAN), this is needed as the newly added ERSPAN support
    isn't enabled for per-Container operation.
    
    Furthermore this is a Cisco-specific protocol supported on some Catalyst
    switches, used for traffic mirroring.
    
    https://jira.sw.ru/browse/PSBM-144221
    
    Signed-off-by: Nikolay Borisov <nikolay.bori...@virtuozzo.com>
---
 net/ipv4/ip_gre.c | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index 21f8cd379aca..c35f2031c1f5 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -1099,6 +1099,7 @@ static int ipgre_tap_validate(struct nlattr *tb[], struct 
nlattr *data[],
        return ipgre_tunnel_validate(tb, data, extack);
 }
 
+#ifndef CONFIG_VE
 static int erspan_validate(struct nlattr *tb[], struct nlattr *data[],
                           struct netlink_ext_ack *extack)
 {
@@ -1138,6 +1139,7 @@ static int erspan_validate(struct nlattr *tb[], struct 
nlattr *data[],
 
        return 0;
 }
+#endif
 
 static int ipgre_netlink_parms(struct net_device *dev,
                                struct nlattr *data[],
@@ -1206,6 +1208,7 @@ static int ipgre_netlink_parms(struct net_device *dev,
        return 0;
 }
 
+#ifndef CONFIG_VE
 static int erspan_netlink_parms(struct net_device *dev,
                                struct nlattr *data[],
                                struct nlattr *tb[],
@@ -1249,6 +1252,7 @@ static int erspan_netlink_parms(struct net_device *dev,
 
        return 0;
 }
+#endif
 
 /* This function returns true when ENCAP attributes are present in the nl msg 
*/
 static bool ipgre_netlink_encap_parms(struct nlattr *data[],
@@ -1387,6 +1391,7 @@ static int ipgre_newlink(struct net *src_net, struct 
net_device *dev,
        return ip_tunnel_newlink(dev, tb, &p, fwmark);
 }
 
+#ifndef CONFIG_VE
 static int erspan_newlink(struct net *src_net, struct net_device *dev,
                          struct nlattr *tb[], struct nlattr *data[],
                          struct netlink_ext_ack *extack)
@@ -1404,6 +1409,7 @@ static int erspan_newlink(struct net *src_net, struct 
net_device *dev,
                return err;
        return ip_tunnel_newlink(dev, tb, &p, fwmark);
 }
+#endif
 
 static int ipgre_changelink(struct net_device *dev, struct nlattr *tb[],
                            struct nlattr *data[],
@@ -1434,6 +1440,7 @@ static int ipgre_changelink(struct net_device *dev, 
struct nlattr *tb[],
        return 0;
 }
 
+#ifndef CONFIG_VE
 static int erspan_changelink(struct net_device *dev, struct nlattr *tb[],
                             struct nlattr *data[],
                             struct netlink_ext_ack *extack)
@@ -1460,6 +1467,7 @@ static int erspan_changelink(struct net_device *dev, 
struct nlattr *tb[],
 
        return 0;
 }
+#endif
 
 static size_t ipgre_get_size(const struct net_device *dev)
 {
@@ -1573,6 +1581,7 @@ static int ipgre_fill_info(struct sk_buff *skb, const 
struct net_device *dev)
        return -EMSGSIZE;
 }
 
+#ifndef CONFIG_VE
 static void erspan_setup(struct net_device *dev)
 {
        struct ip_tunnel *t = netdev_priv(dev);
@@ -1585,6 +1594,7 @@ static void erspan_setup(struct net_device *dev)
        ip_tunnel_setup(dev, erspan_net_id);
        t->erspan_ver = 1;
 }
+#endif
 
 static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
        [IFLA_GRE_LINK]         = { .type = NLA_U32 },
@@ -1640,6 +1650,7 @@ static struct rtnl_link_ops ipgre_tap_ops __read_mostly = 
{
        .get_link_net   = ip_tunnel_get_link_net,
 };
 
+#ifndef CONFIG_VE
 static struct rtnl_link_ops erspan_link_ops __read_mostly = {
        .kind           = "erspan",
        .maxtype        = IFLA_GRE_MAX,
@@ -1654,6 +1665,7 @@ static struct rtnl_link_ops erspan_link_ops __read_mostly 
= {
        .fill_info      = ipgre_fill_info,
        .get_link_net   = ip_tunnel_get_link_net,
 };
+#endif
 
 struct net_device *gretap_fb_dev_create(struct net *net, const char *name,
                                        u8 name_assign_type)
@@ -1723,6 +1735,7 @@ static struct pernet_operations ipgre_tap_net_ops = {
        .size = sizeof(struct ip_tunnel_net),
 };
 
+#ifndef CONFIG_VE
 static int __net_init erspan_init_net(struct net *net)
 {
        return ip_tunnel_init_net(net, erspan_net_id,
@@ -1740,6 +1753,7 @@ static struct pernet_operations erspan_net_ops = {
        .id   = &erspan_net_id,
        .size = sizeof(struct ip_tunnel_net),
 };
+#endif
 
 static int __init ipgre_init(void)
 {
@@ -1754,11 +1768,11 @@ static int __init ipgre_init(void)
        err = register_pernet_device(&ipgre_tap_net_ops);
        if (err < 0)
                goto pnet_tap_failed;
-
+#ifndef CONFIG_VE
        err = register_pernet_device(&erspan_net_ops);
        if (err < 0)
                goto pnet_erspan_failed;
-
+#endif
        err = gre_add_protocol(&ipgre_protocol, GREPROTO_CISCO);
        if (err < 0) {
                pr_info("%s: can't add protocol\n", __func__);
@@ -1772,22 +1786,27 @@ static int __init ipgre_init(void)
        err = rtnl_link_register(&ipgre_tap_ops);
        if (err < 0)
                goto tap_ops_failed;
-
+#ifndef CONFIG_VE
        err = rtnl_link_register(&erspan_link_ops);
        if (err < 0)
                goto erspan_link_failed;
+#endif
 
        return 0;
 
+#ifndef CONFIG_VE
 erspan_link_failed:
+#endif
        rtnl_link_unregister(&ipgre_tap_ops);
 tap_ops_failed:
        rtnl_link_unregister(&ipgre_link_ops);
 rtnl_link_failed:
        gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO);
 add_proto_failed:
+#ifndef CONFIG_VE
        unregister_pernet_device(&erspan_net_ops);
 pnet_erspan_failed:
+#endif
        unregister_pernet_device(&ipgre_tap_net_ops);
 pnet_tap_failed:
        unregister_pernet_device(&ipgre_net_ops);
@@ -1798,11 +1817,15 @@ static void __exit ipgre_fini(void)
 {
        rtnl_link_unregister(&ipgre_tap_ops);
        rtnl_link_unregister(&ipgre_link_ops);
+#ifndef CONFIG_VE
        rtnl_link_unregister(&erspan_link_ops);
+#endif
        gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO);
        unregister_pernet_device(&ipgre_tap_net_ops);
        unregister_pernet_device(&ipgre_net_ops);
+#ifndef CONFIG_VE
        unregister_pernet_device(&erspan_net_ops);
+#endif
 }
 
 module_init(ipgre_init);
@@ -1810,7 +1833,9 @@ module_exit(ipgre_fini);
 MODULE_LICENSE("GPL");
 MODULE_ALIAS_RTNL_LINK("gre");
 MODULE_ALIAS_RTNL_LINK("gretap");
+#ifndef CONFIG_VE
 MODULE_ALIAS_RTNL_LINK("erspan");
+MODULE_ALIAS_NETDEV("erspan0");
+#endif
 MODULE_ALIAS_NETDEV("gre0");
 MODULE_ALIAS_NETDEV("gretap0");
-MODULE_ALIAS_NETDEV("erspan0");
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

[Devel] [PATCH RHEL9 COMMIT] ve/net/gre: Disable ERSPAN support in ip_gre module

Reply via email to