[PATCH 04/05] ipv6: RFC4214 Support (4)
From: Fred L. Templin [EMAIL PROTECTED] This is experimental support for the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) per RFC4214. It uses the SIT module, and is configured using the unmodified ip utility with device names beginning with: isatap. The following diffs are specific to the Linux 2.6.24-rc2 kernel distribution. Signed-off-by: Fred L. Templin [EMAIL PROTECTED] --- --- linux-2.6.24-rc2/net/ipv6/sit.c.orig2007-11-08 12:03:41.0 -0800 +++ linux-2.6.24-rc2/net/ipv6/sit.c 2007-11-12 07:13:13.0 -0800 @@ -16,6 +16,7 @@ * Changes: * Roger Venning [EMAIL PROTECTED]: 6to4 support * Nate Thompson [EMAIL PROTECTED]:6to4 support + * Fred L. Templin [EMAIL PROTECTED]:isatap support */ #include linux/module.h @@ -182,6 +183,11 @@ static struct ip_tunnel * ipip6_tunnel_l dev-init = ipip6_tunnel_init; nt-parms = *parms; +#if defined(CONFIG_IPV6_ISATAP) + if (parms-i_key) + dev-priv_flags |= IFF_ISATAP; +#endif + if (register_netdevice(dev) 0) { free_netdev(dev); goto failed; @@ -382,6 +388,48 @@ static int ipip6_rcv(struct sk_buff *skb IPCB(skb)-flags = 0; skb-protocol = htons(ETH_P_IPV6); skb-pkt_type = PACKET_HOST; +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - check source address */ + if (tunnel-dev-priv_flags IFF_ISATAP) { + struct neighbour *neigh; + struct dst_entry *dst; + struct flowi fl; + struct in6_addr *addr6; + struct ipv6hdr *iph6; + + /* from ISATAP router */ + if ((tunnel-parms.i_key != INADDR_NONE) + (iph-saddr == tunnel-parms.i_key)) goto accept; + + iph6 = ipv6_hdr(skb); + addr6 = iph6-saddr; + + /* from legitimate previous hop */ + memset(fl, 0, sizeof(fl)); + fl.proto = iph6-nexthdr; + ipv6_addr_copy(fl.fl6_dst, addr6); + fl.oif = tunnel-dev-ifindex; + security_skb_classify_flow(skb, fl); + + if (!(dst = ip6_route_output(NULL, fl)) || +(dst-dev != tunnel-dev) || +((neigh = dst-neighbour) == NULL)) goto drop; + + addr6 = (struct in6_addr*)neigh-primary_key; + + if (!(ipv6_addr_is_isatap(addr6)) || +(addr6-s6_addr32[3] != iph-saddr)) { +drop: + tunnel-stat.rx_errors++; + read_unlock(ipip6_lock); + dst_release(dst); + kfree_skb(skb); + return 0; + } + dst_release(dst); + } +accept: +#endif tunnel-stat.rx_packets++; tunnel-stat.rx_bytes += skb-len; skb-dev = tunnel-dev; @@ -444,6 +492,31 @@ static int ipip6_tunnel_xmit(struct sk_b if (skb-protocol != htons(ETH_P_IPV6)) goto tx_error; +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - must come before 6to4 */ + if (dev-priv_flags IFF_ISATAP) { + struct neighbour *neigh = NULL; + + if (skb-dst) + neigh = skb-dst-neighbour; + + if (neigh == NULL) { + if (net_ratelimit()) + printk(KERN_DEBUG sit: nexthop == NULL\n); + goto tx_error; + } + + addr6 = (struct in6_addr*)neigh-primary_key; + addr_type = ipv6_addr_type(addr6); + + if ((addr_type IPV6_ADDR_UNICAST) +ipv6_addr_is_isatap(addr6)) + dst = addr6-s6_addr32[3]; + else + goto tx_error; + } +#endif + if (!dst) dst = try_6to4(iph6-daddr); @@ -651,6 +724,10 @@ ipip6_tunnel_ioctl (struct net_device *d ipip6_tunnel_unlink(t); t-parms.iph.saddr = p.iph.saddr; t-parms.iph.daddr = p.iph.daddr; +#if defined(CONFIG_IPV6_ISATAP) + t-parms.i_key = p.i_key; + t-parms.o_key = p.o_key; +#endif memcpy(dev-dev_addr, p.iph.saddr, 4); memcpy(dev-broadcast, p.iph.daddr, 4); ipip6_tunnel_link(t); @@ -663,6 +740,10 @@ ipip6_tunnel_ioctl (struct net_device *d if (cmd == SIOCCHGTUNNEL) {
Re: [PATCH 04/05] ipv6: RFC4214 Support
Templin, Fred L [EMAIL PROTECTED] writes: +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - router address in daddr */ + if (!strncmp(parms-name, isatap, 6)) { Modern distributions tend to have daemons to automatically rename network interfaces using SIOCSIFNAME. Not sure they would touch isatap*, but they or someone else might. I would be likely safer to not base your user interface on the name only, but use a flag or number somewhere else. -Andi - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 04/05] ipv6: RFC4214 Support (3)
From: Fred L. Templin [EMAIL PROTECTED] This is experimental support for the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) per RFC4214. It uses the SIT module, and is configured using the unmodified ip utility with device names beginning with: isatap. The following diffs are specific to the Linux 2.6.24-rc2 kernel distribution. Signed-off-by: Fred L. Templin [EMAIL PROTECTED] --- --- linux-2.6.24-rc2/net/ipv6/sit.c.orig2007-11-08 12:03:41.0 -0800 +++ linux-2.6.24-rc2/net/ipv6/sit.c 2007-11-09 15:50:41.0 -0800 @@ -16,6 +16,7 @@ * Changes: * Roger Venning [EMAIL PROTECTED]: 6to4 support * Nate Thompson [EMAIL PROTECTED]:6to4 support + * Fred L. Templin [EMAIL PROTECTED]:isatap support */ #include linux/module.h @@ -182,6 +183,14 @@ static struct ip_tunnel * ipip6_tunnel_l dev-init = ipip6_tunnel_init; nt-parms = *parms; +#if defined(CONFIG_IPV6_ISATAP) + if (parms-router) { + dev-priv_flags |= IFF_ISATAP; + if (!nt-parms.lifetime) + nt-parms.lifetime = 120; /* RFC4214 Default */ + } +#endif + if (register_netdevice(dev) 0) { free_netdev(dev); goto failed; @@ -382,6 +391,48 @@ static int ipip6_rcv(struct sk_buff *skb IPCB(skb)-flags = 0; skb-protocol = htons(ETH_P_IPV6); skb-pkt_type = PACKET_HOST; +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - check source address */ + if (tunnel-dev-priv_flags IFF_ISATAP) { + struct neighbour *neigh; + struct dst_entry *dst; + struct flowi fl; + struct in6_addr *addr6; + struct ipv6hdr *iph6; + + /* from ISATAP router */ + if ((tunnel-parms.router != INADDR_NONE) + (iph-saddr == tunnel-parms.router)) goto accept; + + iph6 = ipv6_hdr(skb); + addr6 = iph6-saddr; + + /* from legitimate previous hop */ + memset(fl, 0, sizeof(fl)); + fl.proto = iph6-nexthdr; + ipv6_addr_copy(fl.fl6_dst, addr6); + fl.oif = tunnel-dev-ifindex; + security_skb_classify_flow(skb, fl); + + if (!(dst = ip6_route_output(NULL, fl)) || +(dst-dev != tunnel-dev) || +((neigh = dst-neighbour) == NULL)) goto drop; + + addr6 = (struct in6_addr*)neigh-primary_key; + + if (!(ipv6_addr_is_isatap(addr6)) || +(addr6-s6_addr32[3] != iph-saddr)) { +drop: + tunnel-stat.rx_errors++; + read_unlock(ipip6_lock); + dst_release(dst); + kfree_skb(skb); + return 0; + } + dst_release(dst); + } +accept: +#endif tunnel-stat.rx_packets++; tunnel-stat.rx_bytes += skb-len; skb-dev = tunnel-dev; @@ -444,6 +495,31 @@ static int ipip6_tunnel_xmit(struct sk_b if (skb-protocol != htons(ETH_P_IPV6)) goto tx_error; +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - must come before 6to4 */ + if (dev-priv_flags IFF_ISATAP) { + struct neighbour *neigh = NULL; + + if (skb-dst) + neigh = skb-dst-neighbour; + + if (neigh == NULL) { + if (net_ratelimit()) + printk(KERN_DEBUG sit: nexthop == NULL\n); + goto tx_error; + } + + addr6 = (struct in6_addr*)neigh-primary_key; + addr_type = ipv6_addr_type(addr6); + + if ((addr_type IPV6_ADDR_UNICAST) +ipv6_addr_is_isatap(addr6)) + dst = addr6-s6_addr32[3]; + else + goto tx_error; + } +#endif /* CONFIG_IPV6_ISATAP */ + if (!dst) dst = try_6to4(iph6-daddr); @@ -651,6 +727,10 @@ ipip6_tunnel_ioctl (struct net_device *d ipip6_tunnel_unlink(t); t-parms.iph.saddr = p.iph.saddr; t-parms.iph.daddr = p.iph.daddr; +#if defined(CONFIG_IPV6_ISATAP) + if (p.router) t-parms.router = p.router; + if (p.lifetime) t-parms.lifetime = p.lifetime; +#endif memcpy(dev-dev_addr, p.iph.saddr, 4); memcpy(dev-broadcast,
Re: [PATCH 04/05] ipv6: RFC4214 Support
In article [EMAIL PROTECTED] (at Wed, 7 Nov 2007 11:12:47 -0800), Templin, Fred L [EMAIL PROTECTED] says: The goal was to avoid requiring changes to applications such as 'iproute2', i.e., the intention was for a standalone code insertion point within the kernel itself. What do you suggest? Agreed, magic names are evil. Change iproute2 utilities, if it is more logical for administration. This being an experimental release, I would prefer to go forward with a standalone kernel solution for the first iteration then come back with the iproute2 changes at a later time. IMHO, we should only touch iproute2 once, and it should be an architected solution - not just a quick hack. For the short term, timeliness of interoperability testing with the other major OS's should be the highest priority, IMHO. Hmm, what is missing from API POV? Since even if you do not change iproute2 now, users may need to change their configuration script twice anyway, we should be careful. --yoshfuji - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 04/05] ipv6: RFC4214 Support (2)
From: Fred L. Templin [EMAIL PROTECTED] This is experimental support for the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) per RFC4214. It uses the SIT module, and is configured using the unmodified ip utility with device names beginning with: isatap. The following diffs are specific to the Linux 2.6.24-rc2 kernel distribution. Signed-off-by: Fred L. Templin [EMAIL PROTECTED] --- --- linux-2.6.24-rc2/net/ipv6/sit.c.orig2007-11-08 12:03:41.0 -0800 +++ linux-2.6.24-rc2/net/ipv6/sit.c 2007-11-08 08:31:08.0 -0800 @@ -16,6 +16,7 @@ * Changes: * Roger Venning [EMAIL PROTECTED]: 6to4 support * Nate Thompson [EMAIL PROTECTED]:6to4 support + * Fred L. Templin [EMAIL PROTECTED]:isatap support */ #include linux/module.h @@ -154,6 +155,14 @@ static struct ip_tunnel * ipip6_tunnel_l struct net_device *dev; char name[IFNAMSIZ]; +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - router address in daddr */ + if (!strncmp(parms-name, isatap, 6)) { + parms-i_key = parms-iph.daddr; + parms-iph.daddr = remote = 0; + } +#endif + for (tp = __ipip6_bucket(parms); (t = *tp) != NULL; tp = t-next) { if (local == t-parms.iph.saddr remote == t-parms.iph.daddr) return t; @@ -182,6 +191,11 @@ static struct ip_tunnel * ipip6_tunnel_l dev-init = ipip6_tunnel_init; nt-parms = *parms; +#if defined(CONFIG_IPV6_ISATAP) + if (!strncmp(dev-name, isatap, 6)) + dev-priv_flags |= IFF_ISATAP; +#endif + if (register_netdevice(dev) 0) { free_netdev(dev); goto failed; @@ -382,6 +396,47 @@ static int ipip6_rcv(struct sk_buff *skb IPCB(skb)-flags = 0; skb-protocol = htons(ETH_P_IPV6); skb-pkt_type = PACKET_HOST; +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - check source address */ + if (tunnel-dev-priv_flags IFF_ISATAP) { + struct neighbour *neigh; + struct dst_entry *dst; + struct flowi fl; + struct in6_addr *addr6; + struct ipv6hdr *iph6; + + /* from ISATAP router */ + if (iph-saddr == tunnel-parms.i_key) goto accept; + + iph6 = ipv6_hdr(skb); + addr6 = iph6-saddr; + + /* from legitimate previous hop */ + memset(fl, 0, sizeof(fl)); + fl.proto = iph6-nexthdr; + ipv6_addr_copy(fl.fl6_dst, addr6); + fl.oif = tunnel-dev-ifindex; + security_skb_classify_flow(skb, fl); + + if (!(dst = ip6_route_output(NULL, fl)) || +(dst-dev != tunnel-dev) || +((neigh = dst-neighbour) == NULL)) goto drop; + + addr6 = (struct in6_addr*)neigh-primary_key; + + if (!(ipv6_addr_is_isatap(addr6)) || +(addr6-s6_addr32[3] != iph-saddr)) { +drop: + tunnel-stat.rx_errors++; + read_unlock(ipip6_lock); + dst_release(dst); + kfree_skb(skb); + return 0; + } + dst_release(dst); + } +accept: +#endif tunnel-stat.rx_packets++; tunnel-stat.rx_bytes += skb-len; skb-dev = tunnel-dev; @@ -444,6 +499,31 @@ static int ipip6_tunnel_xmit(struct sk_b if (skb-protocol != htons(ETH_P_IPV6)) goto tx_error; +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - must come before 6to4 */ + if (dev-priv_flags IFF_ISATAP) { + struct neighbour *neigh = NULL; + + if (skb-dst) + neigh = skb-dst-neighbour; + + if (neigh == NULL) { + if (net_ratelimit()) + printk(KERN_DEBUG sit: nexthop == NULL\n); + goto tx_error; + } + + addr6 = (struct in6_addr*)neigh-primary_key; + addr_type = ipv6_addr_type(addr6); + + if ((addr_type IPV6_ADDR_UNICAST) +ipv6_addr_is_isatap(addr6)) + dst = addr6-s6_addr32[3]; + else + goto tx_error; + } +#endif /* CONFIG_IPV6_ISATAP */ + if (!dst) dst = try_6to4(iph6-daddr); - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [PATCH 04/05] ipv6: RFC4214 Support
Hmm, what is missing from API POV? This would have to be determined under a follow-on project (hopefully with input from others) after we have gained operational experience. Since even if you do not change iproute2 now, users may need to change their configuration script twice anyway, we should be careful. The unmodified iproute2 gives a basic API that is sufficient for now. A more feature-rich API can be developed later, but the basic API will remain in place such that no existing scripts would have to change and new scripts could benefit from the new API. Thanks - Fred [EMAIL PROTECTED] --yoshfuji - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 04/05] ipv6: RFC4214 Support
From: Templin, Fred L [EMAIL PROTECTED] Date: Thu, 8 Nov 2007 13:01:34 -0800 Hmm, what is missing from API POV? This would have to be determined under a follow-on project (hopefully with input from others) after we have gained operational experience. I personally don't buy any of this desire to avoid iproute2 changes at this time. This is never how we handle this kind of situation. We add in the new feature, and add support to iproute2 in parallel. If we screw it up we figure that out quickly and fix things before it's been deployed for too long. I suspect you simply want users to just be able to use the new feature with only a kernel patch, but that's not an appropriate reason to not do things correctly when submitting a feature upstream. Please use the new name in the kernel side changes and implement iproute2 support for these ISATAP devices. Thank you. - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [PATCH 04/05] ipv6: RFC4214 Support
@@ -395,8 +451,6 @@ static int ipip6_rcv(struct sk_buff *skb } icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); - kfree_skb(skb); - read_unlock(ipip6_lock); out: return 0; } Note that the above lines were incorrectly deleted. This has been fixed and tested. Fred [EMAIL PROTECTED] -Original Message- From: Templin, Fred L Sent: Tuesday, November 06, 2007 5:16 PM To: netdev@vger.kernel.org Subject: [PATCH 04/05] ipv6: RFC4214 Support From: Fred L. Templin [EMAIL PROTECTED] This is experimental support for the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) per RFC4214. It uses the SIT module, and is configured using the unmodified ip utility with device names beginning with: isatap. The following diffs are specific to the Linux 2.6.23 kernel distribution. Signed-off-by: Fred L. Templin [EMAIL PROTECTED] --- --- linux-2.6.23/net/ipv6/sit.c.orig 2007-10-09 13:31:38.0 -0700 +++ linux-2.6.23/net/ipv6/sit.c 2007-11-06 15:32:27.0 -0800 @@ -16,6 +16,7 @@ * Changes: * Roger Venning [EMAIL PROTECTED]:6to4 support * Nate Thompson [EMAIL PROTECTED]:6to4 support + * Fred L. Templin [EMAIL PROTECTED]: isatap support */ #include linux/module.h @@ -154,6 +155,14 @@ static struct ip_tunnel * ipip6_tunnel_l struct net_device *dev; char name[IFNAMSIZ]; +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - router address in daddr */ + if (!strncmp(parms-name, isatap, 6)) { + parms-i_key = parms-iph.daddr; + parms-iph.daddr = remote = 0; + } +#endif + for (tp = __ipip6_bucket(parms); (t = *tp) != NULL; tp = t-next) { if (local == t-parms.iph.saddr remote == t-parms.iph.daddr) return t; @@ -182,6 +191,11 @@ static struct ip_tunnel * ipip6_tunnel_l dev-init = ipip6_tunnel_init; nt-parms = *parms; +#if defined(CONFIG_IPV6_ISATAP) + if (!strncmp(dev-name, isatap, 6)) + dev-priv_flags |= IFF_ISATAP; +#endif + if (register_netdevice(dev) 0) { free_netdev(dev); goto failed; @@ -382,6 +396,48 @@ static int ipip6_rcv(struct sk_buff *skb IPCB(skb)-flags = 0; skb-protocol = htons(ETH_P_IPV6); skb-pkt_type = PACKET_HOST; +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - check source address */ + if (tunnel-dev-priv_flags IFF_ISATAP) { + struct neighbour *neigh; + struct dst_entry *dst; + struct flowi fl; + struct in6_addr *addr6; + struct ipv6hdr *iph6; + + /* from ISATAP router */ + if (iph-saddr == tunnel-parms.i_key) goto accept; + + iph6 = ipv6_hdr(skb); + addr6 = iph6-saddr; + + /* from legitimate previous hop */ + memset(fl, 0, sizeof(fl)); + fl.proto = iph6-nexthdr; + ipv6_addr_copy(fl.fl6_dst, addr6); + fl.oif = tunnel-dev-ifindex; + security_skb_classify_flow(skb, fl); + + if (!(dst = ip6_route_output(NULL, fl)) || + (dst-dev != tunnel-dev) || + ((neigh = dst-neighbour) == NULL)) + goto drop; + + addr6 = (struct in6_addr*)neigh-primary_key; + + if (!(ipv6_addr_is_isatap(addr6)) || + (addr6-s6_addr32[3] != iph-saddr)) { +drop: + tunnel-stat.rx_errors++; + dst_release(dst); + kfree_skb(skb); + read_unlock(ipip6_lock); + return 0; + } + dst_release(dst); + } +accept: +#endif tunnel-stat.rx_packets++; tunnel-stat.rx_bytes += skb-len; skb-dev = tunnel-dev; @@ -395,8 +451,6 @@ static int ipip6_rcv(struct sk_buff *skb } icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); - kfree_skb(skb); - read_unlock(ipip6_lock); out: return 0; } @@ -444,6 +498,31 @@ static int ipip6_tunnel_xmit(struct sk_b if (skb-protocol != htons(ETH_P_IPV6)) goto tx_error; +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - must come before 6to4 */ + if (dev-priv_flags IFF_ISATAP) { + struct neighbour *neigh = NULL; + + if (skb-dst) + neigh = skb-dst-neighbour; + + if (neigh == NULL) { + if (net_ratelimit()) + printk(KERN_DEBUG sit: nexthop == NULL\n); + goto tx_error; + } + + addr6 = (struct
RE: [PATCH 04/05] ipv6: RFC4214 Support
-Original Message- From: Stephen Hemminger [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 07, 2007 10:45 AM To: Templin, Fred L Cc: YOSHIFUJI Hideaki / 吉藤英明; netdev@vger.kernel.org Subject: Re: [PATCH 04/05] ipv6: RFC4214 Support On Wed, 7 Nov 2007 10:41:49 -0800 Templin, Fred L [EMAIL PROTECTED] wrote: Yoshifuji, -Original Message- From: YOSHIFUJI Hideaki / 吉藤英明 [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 07, 2007 10:37 AM To: Templin, Fred L Cc: netdev@vger.kernel.org; [EMAIL PROTECTED] Subject: Re: [PATCH 04/05] ipv6: RFC4214 Support Hello. In article [EMAIL PROTECTED] eing.com (at Tue, 6 Nov 2007 17:16:11 -0800), Templin, Fred L [EMAIL PROTECTED] says: @@ -154,6 +155,14 @@ static struct ip_tunnel * ipip6_tunnel_l struct net_device *dev; char name[IFNAMSIZ]; +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - router address in daddr */ + if (!strncmp(parms-name, isatap, 6)) { + parms-i_key = parms-iph.daddr; + parms-iph.daddr = remote = 0; + } +#endif + for (tp = __ipip6_bucket(parms); (t = *tp) != NULL; tp = t-next) { if (local == t-parms.iph.saddr remote == t-parms.iph.daddr) return t; I do not think it is a good idea to change the behavior based on the interface name. The goal was to avoid requiring changes to applications such as 'iproute2', i.e., the intention was for a standalone code insertion point within the kernel itself. What do you suggest? Agreed, magic names are evil. Change iproute2 utilities, if it is more logical for administration. This being an experimental release, I would prefer to go forward with a standalone kernel solution for the first iteration then come back with the iproute2 changes at a later time. IMHO, we should only touch iproute2 once, and it should be an architected solution - not just a quick hack. For the short term, timeliness of interoperability testing with the other major OS's should be the highest priority, IMHO. Other opinions? Fred [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 04/05] ipv6: RFC4214 Support
On Wed, 7 Nov 2007 10:41:49 -0800 Templin, Fred L [EMAIL PROTECTED] wrote: Yoshifuji, -Original Message- From: YOSHIFUJI Hideaki / 吉藤英明 [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 07, 2007 10:37 AM To: Templin, Fred L Cc: netdev@vger.kernel.org; [EMAIL PROTECTED] Subject: Re: [PATCH 04/05] ipv6: RFC4214 Support Hello. In article [EMAIL PROTECTED] eing.com (at Tue, 6 Nov 2007 17:16:11 -0800), Templin, Fred L [EMAIL PROTECTED] says: @@ -154,6 +155,14 @@ static struct ip_tunnel * ipip6_tunnel_l struct net_device *dev; char name[IFNAMSIZ]; +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - router address in daddr */ + if (!strncmp(parms-name, isatap, 6)) { + parms-i_key = parms-iph.daddr; + parms-iph.daddr = remote = 0; + } +#endif + for (tp = __ipip6_bucket(parms); (t = *tp) != NULL; tp = t-next) { if (local == t-parms.iph.saddr remote == t-parms.iph.daddr) return t; I do not think it is a good idea to change the behavior based on the interface name. The goal was to avoid requiring changes to applications such as 'iproute2', i.e., the intention was for a standalone code insertion point within the kernel itself. What do you suggest? Agreed, magic names are evil. Change iproute2 utilities, if it is more logical for administration. -- Stephen Hemminger [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 04/05] ipv6: RFC4214 Support
Hello. In article [EMAIL PROTECTED] (at Tue, 6 Nov 2007 17:16:11 -0800), Templin, Fred L [EMAIL PROTECTED] says: @@ -154,6 +155,14 @@ static struct ip_tunnel * ipip6_tunnel_l struct net_device *dev; char name[IFNAMSIZ]; +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - router address in daddr */ + if (!strncmp(parms-name, isatap, 6)) { + parms-i_key = parms-iph.daddr; + parms-iph.daddr = remote = 0; + } +#endif + for (tp = __ipip6_bucket(parms); (t = *tp) != NULL; tp = t-next) { if (local == t-parms.iph.saddr remote == t-parms.iph.daddr) return t; I do not think it is a good idea to change the behavior based on the interface name. @@ -182,6 +191,11 @@ static struct ip_tunnel * ipip6_tunnel_l dev-init = ipip6_tunnel_init; nt-parms = *parms; +#if defined(CONFIG_IPV6_ISATAP) + if (!strncmp(dev-name, isatap, 6)) + dev-priv_flags |= IFF_ISATAP; +#endif + ditto. + if (!(ipv6_addr_is_isatap(addr6)) || + (addr6-s6_addr32[3] != iph-saddr)) { +drop: + tunnel-stat.rx_errors++; you can unlock here. + dst_release(dst); + kfree_skb(skb); + read_unlock(ipip6_lock); + return 0; + } + dst_release(dst); + } +accept: +#endif --yoshfuji - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [PATCH 04/05] ipv6: RFC4214 Support
Yoshifuji, -Original Message- From: YOSHIFUJI Hideaki / 吉藤英明 [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 07, 2007 10:37 AM To: Templin, Fred L Cc: netdev@vger.kernel.org; [EMAIL PROTECTED] Subject: Re: [PATCH 04/05] ipv6: RFC4214 Support Hello. In article [EMAIL PROTECTED] eing.com (at Tue, 6 Nov 2007 17:16:11 -0800), Templin, Fred L [EMAIL PROTECTED] says: @@ -154,6 +155,14 @@ static struct ip_tunnel * ipip6_tunnel_l struct net_device *dev; char name[IFNAMSIZ]; +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - router address in daddr */ + if (!strncmp(parms-name, isatap, 6)) { + parms-i_key = parms-iph.daddr; + parms-iph.daddr = remote = 0; + } +#endif + for (tp = __ipip6_bucket(parms); (t = *tp) != NULL; tp = t-next) { if (local == t-parms.iph.saddr remote == t-parms.iph.daddr) return t; I do not think it is a good idea to change the behavior based on the interface name. The goal was to avoid requiring changes to applications such as 'iproute2', i.e., the intention was for a standalone code insertion point within the kernel itself. What do you suggest? @@ -182,6 +191,11 @@ static struct ip_tunnel * ipip6_tunnel_l dev-init = ipip6_tunnel_init; nt-parms = *parms; +#if defined(CONFIG_IPV6_ISATAP) + if (!strncmp(dev-name, isatap, 6)) + dev-priv_flags |= IFF_ISATAP; +#endif + ditto. Same as above, but note that the name check is confined to these two places. + if (!(ipv6_addr_is_isatap(addr6)) || + (addr6-s6_addr32[3] != iph-saddr)) { +drop: + tunnel-stat.rx_errors++; you can unlock here. OK; will fix. Fred [EMAIL PROTECTED] + dst_release(dst); + kfree_skb(skb); + read_unlock(ipip6_lock); + return 0; + } + dst_release(dst); + } +accept: +#endif --yoshfuji - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 04/05] ipv6: RFC4214 Support
From: Fred L. Templin [EMAIL PROTECTED] This is experimental support for the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) per RFC4214. It uses the SIT module, and is configured using the unmodified ip utility with device names beginning with: isatap. The following diffs are specific to the Linux 2.6.23 kernel distribution. Signed-off-by: Fred L. Templin [EMAIL PROTECTED] --- --- linux-2.6.23/net/ipv6/sit.c.orig2007-10-09 13:31:38.0 -0700 +++ linux-2.6.23/net/ipv6/sit.c 2007-11-06 15:32:27.0 -0800 @@ -16,6 +16,7 @@ * Changes: * Roger Venning [EMAIL PROTECTED]: 6to4 support * Nate Thompson [EMAIL PROTECTED]: 6to4 support + * Fred L. Templin [EMAIL PROTECTED]:isatap support */ #include linux/module.h @@ -154,6 +155,14 @@ static struct ip_tunnel * ipip6_tunnel_l struct net_device *dev; char name[IFNAMSIZ]; +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - router address in daddr */ + if (!strncmp(parms-name, isatap, 6)) { + parms-i_key = parms-iph.daddr; + parms-iph.daddr = remote = 0; + } +#endif + for (tp = __ipip6_bucket(parms); (t = *tp) != NULL; tp = t-next) { if (local == t-parms.iph.saddr remote == t-parms.iph.daddr) return t; @@ -182,6 +191,11 @@ static struct ip_tunnel * ipip6_tunnel_l dev-init = ipip6_tunnel_init; nt-parms = *parms; +#if defined(CONFIG_IPV6_ISATAP) + if (!strncmp(dev-name, isatap, 6)) + dev-priv_flags |= IFF_ISATAP; +#endif + if (register_netdevice(dev) 0) { free_netdev(dev); goto failed; @@ -382,6 +396,48 @@ static int ipip6_rcv(struct sk_buff *skb IPCB(skb)-flags = 0; skb-protocol = htons(ETH_P_IPV6); skb-pkt_type = PACKET_HOST; +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - check source address */ + if (tunnel-dev-priv_flags IFF_ISATAP) { + struct neighbour *neigh; + struct dst_entry *dst; + struct flowi fl; + struct in6_addr *addr6; + struct ipv6hdr *iph6; + + /* from ISATAP router */ + if (iph-saddr == tunnel-parms.i_key) goto accept; + + iph6 = ipv6_hdr(skb); + addr6 = iph6-saddr; + + /* from legitimate previous hop */ + memset(fl, 0, sizeof(fl)); + fl.proto = iph6-nexthdr; + ipv6_addr_copy(fl.fl6_dst, addr6); + fl.oif = tunnel-dev-ifindex; + security_skb_classify_flow(skb, fl); + + if (!(dst = ip6_route_output(NULL, fl)) || +(dst-dev != tunnel-dev) || +((neigh = dst-neighbour) == NULL)) + goto drop; + + addr6 = (struct in6_addr*)neigh-primary_key; + + if (!(ipv6_addr_is_isatap(addr6)) || + (addr6-s6_addr32[3] != iph-saddr)) { +drop: + tunnel-stat.rx_errors++; + dst_release(dst); + kfree_skb(skb); + read_unlock(ipip6_lock); + return 0; + } + dst_release(dst); + } +accept: +#endif tunnel-stat.rx_packets++; tunnel-stat.rx_bytes += skb-len; skb-dev = tunnel-dev; @@ -395,8 +451,6 @@ static int ipip6_rcv(struct sk_buff *skb } icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); - kfree_skb(skb); - read_unlock(ipip6_lock); out: return 0; } @@ -444,6 +498,31 @@ static int ipip6_tunnel_xmit(struct sk_b if (skb-protocol != htons(ETH_P_IPV6)) goto tx_error; +#if defined(CONFIG_IPV6_ISATAP) + /* ISATAP (RFC4214) - must come before 6to4 */ + if (dev-priv_flags IFF_ISATAP) { + struct neighbour *neigh = NULL; + + if (skb-dst) + neigh = skb-dst-neighbour; + + if (neigh == NULL) { + if (net_ratelimit()) + printk(KERN_DEBUG sit: nexthop == NULL\n); + goto tx_error; + } + + addr6 = (struct in6_addr*)neigh-primary_key; + addr_type = ipv6_addr_type(addr6); + + if ((addr_type IPV6_ADDR_UNICAST) +ipv6_addr_is_isatap(addr6)) + dst = addr6-s6_addr32[3]; + else + goto tx_error; + } +#endif /* CONFIG_IPV6_ISATAP */ + if (!dst) dst = try_6to4(iph6-daddr); - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL