2017-06-20 22:26:14 +00:00
|
|
|
From: Matthias Schiffer <mschiffer@universe-factory.net>
|
2018-07-10 20:57:40 +00:00
|
|
|
Date: Tue, 9 Jan 2018 22:38:19 +0100
|
|
|
|
Subject: generic: vxlan: backport support for VXLAN over link-local IPv6 to 4.9
|
2017-06-20 22:26:14 +00:00
|
|
|
|
2018-07-10 20:57:40 +00:00
|
|
|
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
|
|
|
|
diff --git a/target/linux/generic/backport-4.9/095-0001-vxlan-improve-validation-of-address-family-configura.patch b/target/linux/generic/backport-4.9/095-0001-vxlan-improve-validation-of-address-family-configura.patch
|
2017-06-20 22:26:14 +00:00
|
|
|
new file mode 100644
|
2018-07-10 20:57:40 +00:00
|
|
|
index 0000000000000000000000000000000000000000..2114562536675cd59450928f591e70d66f8fc7b9
|
2017-06-20 22:26:14 +00:00
|
|
|
--- /dev/null
|
2018-07-10 20:57:40 +00:00
|
|
|
+++ b/target/linux/generic/backport-4.9/095-0001-vxlan-improve-validation-of-address-family-configura.patch
|
|
|
|
@@ -0,0 +1,73 @@
|
|
|
|
+From f45ba82cd83d27b5d44d3dc417e0e480ba0d3703 Mon Sep 17 00:00:00 2001
|
|
|
|
+Message-Id: <f45ba82cd83d27b5d44d3dc417e0e480ba0d3703.1515533863.git.mschiffer@universe-factory.net>
|
2017-06-20 22:26:14 +00:00
|
|
|
+From: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
+Date: Mon, 19 Jun 2017 10:03:57 +0200
|
|
|
|
+Subject: [PATCH 1/4] vxlan: improve validation of address family configuration
|
|
|
|
+
|
|
|
|
+Address families of source and destination addresses must match, and
|
|
|
|
+changelink operations can't change the address family.
|
|
|
|
+
|
|
|
|
+In addition, always use the VXLAN_F_IPV6 to check if a VXLAN device uses
|
|
|
|
+IPv4 or IPv6.
|
|
|
|
+
|
|
|
|
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
+Signed-off-by: David S. Miller <davem@davemloft.net>
|
2018-07-10 20:57:40 +00:00
|
|
|
+[Matthias Schiffer: rebase to v4.9.y]
|
2017-06-20 22:26:14 +00:00
|
|
|
+---
|
|
|
|
+ drivers/net/vxlan.c | 23 +++++++++++++++--------
|
|
|
|
+ 1 file changed, 15 insertions(+), 8 deletions(-)
|
|
|
|
+
|
2018-07-10 20:57:40 +00:00
|
|
|
+diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
|
|
|
|
+index 983e941bdf29..fbe8da7fa296 100644
|
2017-06-20 22:26:14 +00:00
|
|
|
+--- a/drivers/net/vxlan.c
|
|
|
|
++++ b/drivers/net/vxlan.c
|
2018-07-10 20:57:40 +00:00
|
|
|
+@@ -2867,12 +2867,20 @@ static int vxlan_dev_configure(struct net *src_net, struct net_device *dev,
|
2017-06-20 22:26:14 +00:00
|
|
|
+
|
|
|
|
+ memcpy(&dst->remote_ip, &conf->remote_ip, sizeof(conf->remote_ip));
|
|
|
|
+
|
|
|
|
+- /* Unless IPv6 is explicitly requested, assume IPv4 */
|
|
|
|
+- if (!dst->remote_ip.sa.sa_family)
|
|
|
|
++ if (!dst->remote_ip.sa.sa_family && !conf->saddr.sa.sa_family) {
|
|
|
|
++ /* Unless IPv6 is explicitly requested, assume IPv4 */
|
|
|
|
+ dst->remote_ip.sa.sa_family = AF_INET;
|
|
|
|
++ conf->saddr.sa.sa_family = AF_INET;
|
|
|
|
++ } else if (!dst->remote_ip.sa.sa_family) {
|
|
|
|
++ dst->remote_ip.sa.sa_family = conf->saddr.sa.sa_family;
|
|
|
|
++ } else if (!conf->saddr.sa.sa_family) {
|
|
|
|
++ conf->saddr.sa.sa_family = dst->remote_ip.sa.sa_family;
|
|
|
|
++ }
|
|
|
|
++
|
|
|
|
++ if (conf->saddr.sa.sa_family != dst->remote_ip.sa.sa_family)
|
|
|
|
++ return -EINVAL;
|
|
|
|
+
|
|
|
|
+- if (dst->remote_ip.sa.sa_family == AF_INET6 ||
|
|
|
|
+- vxlan->cfg.saddr.sa.sa_family == AF_INET6) {
|
|
|
|
++ if (conf->saddr.sa.sa_family == AF_INET6) {
|
|
|
|
+ if (!IS_ENABLED(CONFIG_IPV6))
|
|
|
|
+ return -EPFNOSUPPORT;
|
|
|
|
+ use_ipv6 = true;
|
2018-07-10 20:57:40 +00:00
|
|
|
+@@ -2938,11 +2946,9 @@ static int vxlan_dev_configure(struct net *src_net, struct net_device *dev,
|
2017-06-20 22:26:14 +00:00
|
|
|
+
|
|
|
|
+ list_for_each_entry(tmp, &vn->vxlan_list, next) {
|
|
|
|
+ if (tmp->cfg.vni == conf->vni &&
|
|
|
|
+- (tmp->default_dst.remote_ip.sa.sa_family == AF_INET6 ||
|
|
|
|
+- tmp->cfg.saddr.sa.sa_family == AF_INET6) == use_ipv6 &&
|
|
|
|
+ tmp->cfg.dst_port == vxlan->cfg.dst_port &&
|
|
|
|
+- (tmp->flags & VXLAN_F_RCV_FLAGS) ==
|
2018-07-10 20:57:40 +00:00
|
|
|
+- (vxlan->flags & VXLAN_F_RCV_FLAGS)) {
|
2017-06-20 22:26:14 +00:00
|
|
|
++ (tmp->flags & (VXLAN_F_RCV_FLAGS | VXLAN_F_IPV6)) ==
|
2018-07-10 20:57:40 +00:00
|
|
|
++ (vxlan->flags & (VXLAN_F_RCV_FLAGS | VXLAN_F_IPV6))) {
|
|
|
|
+ pr_info("duplicate VNI %u\n", be32_to_cpu(conf->vni));
|
|
|
|
+ return -EEXIST;
|
|
|
|
+ }
|
|
|
|
+@@ -2987,6 +2993,7 @@ static int vxlan_newlink(struct net *src_net, struct net_device *dev,
|
2017-06-20 22:26:14 +00:00
|
|
|
+
|
|
|
|
+ if (data[IFLA_VXLAN_GROUP]) {
|
|
|
|
+ conf.remote_ip.sin.sin_addr.s_addr = nla_get_in_addr(data[IFLA_VXLAN_GROUP]);
|
|
|
|
++ conf.remote_ip.sa.sa_family = AF_INET;
|
|
|
|
+ } else if (data[IFLA_VXLAN_GROUP6]) {
|
|
|
|
+ if (!IS_ENABLED(CONFIG_IPV6))
|
|
|
|
+ return -EPFNOSUPPORT;
|
2018-07-10 20:57:40 +00:00
|
|
|
+--
|
|
|
|
+2.15.1
|
|
|
|
+
|
|
|
|
diff --git a/target/linux/generic/backport-4.9/095-0002-vxlan-check-valid-combinations-of-address-scopes.patch b/target/linux/generic/backport-4.9/095-0002-vxlan-check-valid-combinations-of-address-scopes.patch
|
2017-06-20 22:26:14 +00:00
|
|
|
new file mode 100644
|
2018-07-10 20:57:40 +00:00
|
|
|
index 0000000000000000000000000000000000000000..b38b9977bca192eafe9a0d9b8c36a120b3a2c590
|
2017-06-20 22:26:14 +00:00
|
|
|
--- /dev/null
|
2018-07-10 20:57:40 +00:00
|
|
|
+++ b/target/linux/generic/backport-4.9/095-0002-vxlan-check-valid-combinations-of-address-scopes.patch
|
|
|
|
@@ -0,0 +1,91 @@
|
|
|
|
+From 0eb4ccfc77e07fb4bfc7b1778a7ecb136b47aba4 Mon Sep 17 00:00:00 2001
|
|
|
|
+Message-Id: <0eb4ccfc77e07fb4bfc7b1778a7ecb136b47aba4.1515533863.git.mschiffer@universe-factory.net>
|
|
|
|
+In-Reply-To: <f45ba82cd83d27b5d44d3dc417e0e480ba0d3703.1515533863.git.mschiffer@universe-factory.net>
|
|
|
|
+References: <f45ba82cd83d27b5d44d3dc417e0e480ba0d3703.1515533863.git.mschiffer@universe-factory.net>
|
2017-06-20 22:26:14 +00:00
|
|
|
+From: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
+Date: Mon, 19 Jun 2017 10:03:58 +0200
|
|
|
|
+Subject: [PATCH 2/4] vxlan: check valid combinations of address scopes
|
|
|
|
+
|
|
|
|
+* Multicast addresses are never valid as local address
|
|
|
|
+* Link-local IPv6 unicast addresses may only be used as remote when the
|
|
|
|
+ local address is link-local as well
|
|
|
|
+* Don't allow link-local IPv6 local/remote addresses without interface
|
|
|
|
+
|
|
|
|
+We also store in the flags field if link-local addresses are used for the
|
|
|
|
+follow-up patches that actually make VXLAN over link-local IPv6 work.
|
|
|
|
+
|
|
|
|
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
+Signed-off-by: David S. Miller <davem@davemloft.net>
|
2018-07-10 20:57:40 +00:00
|
|
|
+[Matthias Schiffer: rebase to v4.9.y]
|
2017-06-20 22:26:14 +00:00
|
|
|
+---
|
|
|
|
+ drivers/net/vxlan.c | 29 +++++++++++++++++++++++++++++
|
|
|
|
+ include/net/vxlan.h | 1 +
|
|
|
|
+ 2 files changed, 30 insertions(+)
|
|
|
|
+
|
2018-07-10 20:57:40 +00:00
|
|
|
+diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
|
|
|
|
+index fbe8da7fa296..863d9528b900 100644
|
2017-06-20 22:26:14 +00:00
|
|
|
+--- a/drivers/net/vxlan.c
|
|
|
|
++++ b/drivers/net/vxlan.c
|
2018-07-10 20:57:40 +00:00
|
|
|
+@@ -2880,11 +2880,35 @@ static int vxlan_dev_configure(struct net *src_net, struct net_device *dev,
|
2017-06-20 22:26:14 +00:00
|
|
|
+ if (conf->saddr.sa.sa_family != dst->remote_ip.sa.sa_family)
|
|
|
|
+ return -EINVAL;
|
|
|
|
+
|
|
|
|
++ if (vxlan_addr_multicast(&conf->saddr))
|
|
|
|
++ return -EINVAL;
|
|
|
|
++
|
|
|
|
+ if (conf->saddr.sa.sa_family == AF_INET6) {
|
|
|
|
+ if (!IS_ENABLED(CONFIG_IPV6))
|
|
|
|
+ return -EPFNOSUPPORT;
|
|
|
|
+ use_ipv6 = true;
|
|
|
|
+ vxlan->flags |= VXLAN_F_IPV6;
|
|
|
|
++
|
|
|
|
++ if (!(conf->flags & VXLAN_F_COLLECT_METADATA)) {
|
|
|
|
++ int local_type =
|
|
|
|
++ ipv6_addr_type(&conf->saddr.sin6.sin6_addr);
|
|
|
|
++ int remote_type =
|
|
|
|
++ ipv6_addr_type(&dst->remote_ip.sin6.sin6_addr);
|
|
|
|
++
|
|
|
|
++ if (local_type & IPV6_ADDR_LINKLOCAL) {
|
|
|
|
++ if (!(remote_type & IPV6_ADDR_LINKLOCAL) &&
|
|
|
|
++ (remote_type != IPV6_ADDR_ANY))
|
|
|
|
++ return -EINVAL;
|
|
|
|
++
|
|
|
|
++ vxlan->flags |= VXLAN_F_IPV6_LINKLOCAL;
|
|
|
|
++ } else {
|
|
|
|
++ if (remote_type ==
|
|
|
|
++ (IPV6_ADDR_UNICAST | IPV6_ADDR_LINKLOCAL))
|
|
|
|
++ return -EINVAL;
|
|
|
|
++
|
|
|
|
++ vxlan->flags &= ~VXLAN_F_IPV6_LINKLOCAL;
|
|
|
|
++ }
|
|
|
|
++ }
|
|
|
|
+ }
|
|
|
|
+
|
2018-07-10 20:57:40 +00:00
|
|
|
+ if (conf->label && !use_ipv6) {
|
|
|
|
+@@ -2918,6 +2942,11 @@ static int vxlan_dev_configure(struct net *src_net, struct net_device *dev,
|
|
|
|
+ } else if (vxlan_addr_multicast(&dst->remote_ip)) {
|
|
|
|
+ pr_info("multicast destination requires interface to be specified\n");
|
|
|
|
+ return -EINVAL;
|
2017-06-20 22:26:14 +00:00
|
|
|
++ } else {
|
|
|
|
++#if IS_ENABLED(CONFIG_IPV6)
|
|
|
|
++ if (vxlan->flags & VXLAN_F_IPV6_LINKLOCAL)
|
|
|
|
++ return -EINVAL;
|
|
|
|
++#endif
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (conf->mtu) {
|
2018-07-10 20:57:40 +00:00
|
|
|
+diff --git a/include/net/vxlan.h b/include/net/vxlan.h
|
|
|
|
+index 9fce47e3e13e..c1c0d03e3456 100644
|
2017-06-20 22:26:14 +00:00
|
|
|
+--- a/include/net/vxlan.h
|
|
|
|
++++ b/include/net/vxlan.h
|
2018-07-10 20:57:40 +00:00
|
|
|
+@@ -267,6 +267,7 @@ struct vxlan_dev {
|
2017-06-20 22:26:14 +00:00
|
|
|
+ #define VXLAN_F_REMCSUM_NOPARTIAL 0x1000
|
|
|
|
+ #define VXLAN_F_COLLECT_METADATA 0x2000
|
2018-07-10 20:57:40 +00:00
|
|
|
+ #define VXLAN_F_GPE 0x4000
|
2017-06-20 22:26:14 +00:00
|
|
|
++#define VXLAN_F_IPV6_LINKLOCAL 0x8000
|
|
|
|
+
|
|
|
|
+ /* Flags that are used in the receive path. These flags must match in
|
|
|
|
+ * order for a socket to be shareable
|
2018-07-10 20:57:40 +00:00
|
|
|
+--
|
|
|
|
+2.15.1
|
|
|
|
+
|
|
|
|
diff --git a/target/linux/generic/backport-4.9/095-0003-vxlan-fix-snooping-for-link-local-IPv6-addresses.patch b/target/linux/generic/backport-4.9/095-0003-vxlan-fix-snooping-for-link-local-IPv6-addresses.patch
|
2017-06-20 22:26:14 +00:00
|
|
|
new file mode 100644
|
2019-03-09 10:06:15 +00:00
|
|
|
index 0000000000000000000000000000000000000000..89523ac027b227a9f84b1130db06a7fc67ff68ce
|
2017-06-20 22:26:14 +00:00
|
|
|
--- /dev/null
|
2018-07-10 20:57:40 +00:00
|
|
|
+++ b/target/linux/generic/backport-4.9/095-0003-vxlan-fix-snooping-for-link-local-IPv6-addresses.patch
|
2019-03-09 10:06:15 +00:00
|
|
|
@@ -0,0 +1,88 @@
|
2018-07-10 20:57:40 +00:00
|
|
|
+From 010b2b541d958e12d78ba1c79734c700f169610b Mon Sep 17 00:00:00 2001
|
|
|
|
+Message-Id: <010b2b541d958e12d78ba1c79734c700f169610b.1515533863.git.mschiffer@universe-factory.net>
|
|
|
|
+In-Reply-To: <f45ba82cd83d27b5d44d3dc417e0e480ba0d3703.1515533863.git.mschiffer@universe-factory.net>
|
|
|
|
+References: <f45ba82cd83d27b5d44d3dc417e0e480ba0d3703.1515533863.git.mschiffer@universe-factory.net>
|
2017-06-20 22:26:14 +00:00
|
|
|
+From: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
+Date: Mon, 19 Jun 2017 10:03:59 +0200
|
|
|
|
+Subject: [PATCH 3/4] vxlan: fix snooping for link-local IPv6 addresses
|
|
|
|
+
|
|
|
|
+If VXLAN is run over link-local IPv6 addresses, it is necessary to store
|
|
|
|
+the ifindex in the FDB entries. Otherwise, the used interface is undefined
|
|
|
|
+and unicast communication will most likely fail.
|
|
|
|
+
|
|
|
|
+Support for link-local IPv4 addresses should be possible as well, but as
|
|
|
|
+the semantics aren't as well defined as for IPv6, and there doesn't seem to
|
|
|
|
+be much interest in having the support, it's not implemented for now.
|
|
|
|
+
|
|
|
|
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
+Signed-off-by: David S. Miller <davem@davemloft.net>
|
2018-07-10 20:57:40 +00:00
|
|
|
+[Matthias Schiffer: rebase to v4.9.y]
|
2017-06-20 22:26:14 +00:00
|
|
|
+---
|
|
|
|
+ drivers/net/vxlan.c | 20 +++++++++++++++-----
|
|
|
|
+ 1 file changed, 15 insertions(+), 5 deletions(-)
|
|
|
|
+
|
|
|
|
+--- a/drivers/net/vxlan.c
|
|
|
|
++++ b/drivers/net/vxlan.c
|
2019-03-09 10:06:15 +00:00
|
|
|
+@@ -917,16 +917,25 @@ out:
|
2017-06-20 22:26:14 +00:00
|
|
|
+ * Return true if packet is bogus and should be dropped.
|
|
|
|
+ */
|
|
|
|
+ static bool vxlan_snoop(struct net_device *dev,
|
|
|
|
+- union vxlan_addr *src_ip, const u8 *src_mac)
|
|
|
|
++ union vxlan_addr *src_ip, const u8 *src_mac,
|
|
|
|
++ u32 src_ifindex)
|
|
|
|
+ {
|
|
|
|
+ struct vxlan_dev *vxlan = netdev_priv(dev);
|
|
|
|
+ struct vxlan_fdb *f;
|
|
|
|
++ u32 ifindex = 0;
|
|
|
|
++
|
|
|
|
++#if IS_ENABLED(CONFIG_IPV6)
|
|
|
|
++ if (src_ip->sa.sa_family == AF_INET6 &&
|
|
|
|
++ (ipv6_addr_type(&src_ip->sin6.sin6_addr) & IPV6_ADDR_LINKLOCAL))
|
|
|
|
++ ifindex = src_ifindex;
|
|
|
|
++#endif
|
|
|
|
+
|
|
|
|
+ f = vxlan_find_mac(vxlan, src_mac);
|
|
|
|
+ if (likely(f)) {
|
|
|
|
+ struct vxlan_rdst *rdst = first_remote_rcu(f);
|
|
|
|
+
|
|
|
|
+- if (likely(vxlan_addr_equal(&rdst->remote_ip, src_ip)))
|
|
|
|
++ if (likely(vxlan_addr_equal(&rdst->remote_ip, src_ip) &&
|
|
|
|
++ rdst->remote_ifindex == ifindex))
|
|
|
|
+ return false;
|
|
|
|
+
|
|
|
|
+ /* Don't migrate static entries, drop packets */
|
2019-03-09 10:06:15 +00:00
|
|
|
+@@ -952,7 +961,7 @@ static bool vxlan_snoop(struct net_devic
|
2017-06-20 22:26:14 +00:00
|
|
|
+ NLM_F_EXCL|NLM_F_CREATE,
|
|
|
|
+ vxlan->cfg.dst_port,
|
|
|
|
+ vxlan->default_dst.remote_vni,
|
|
|
|
+- 0, NTF_SELF);
|
|
|
|
++ ifindex, NTF_SELF);
|
|
|
|
+ spin_unlock(&vxlan->hash_lock);
|
|
|
|
+ }
|
|
|
|
+
|
2019-03-09 10:06:15 +00:00
|
|
|
+@@ -1223,6 +1232,7 @@ static bool vxlan_set_mac(struct vxlan_d
|
2018-07-10 20:57:40 +00:00
|
|
|
+ struct sk_buff *skb)
|
|
|
|
+ {
|
2017-06-20 22:26:14 +00:00
|
|
|
+ union vxlan_addr saddr;
|
|
|
|
++ u32 ifindex = skb->dev->ifindex;
|
|
|
|
+
|
2018-07-10 20:57:40 +00:00
|
|
|
+ skb_reset_mac_header(skb);
|
|
|
|
+ skb->protocol = eth_type_trans(skb, vxlan->dev);
|
2019-03-09 10:06:15 +00:00
|
|
|
+@@ -1244,7 +1254,7 @@ static bool vxlan_set_mac(struct vxlan_d
|
2017-06-20 22:26:14 +00:00
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if ((vxlan->flags & VXLAN_F_LEARN) &&
|
|
|
|
+- vxlan_snoop(skb->dev, &saddr, eth_hdr(skb)->h_source))
|
|
|
|
++ vxlan_snoop(skb->dev, &saddr, eth_hdr(skb)->h_source, ifindex))
|
2018-07-10 20:57:40 +00:00
|
|
|
+ return false;
|
2017-06-20 22:26:14 +00:00
|
|
|
+
|
2018-07-10 20:57:40 +00:00
|
|
|
+ return true;
|
2019-03-09 10:06:15 +00:00
|
|
|
+@@ -1939,7 +1949,7 @@ static void vxlan_encap_bypass(struct sk
|
2017-06-20 22:26:14 +00:00
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (dst_vxlan->flags & VXLAN_F_LEARN)
|
2019-03-09 10:06:15 +00:00
|
|
|
+- vxlan_snoop(dev, &loopback, eth_hdr(skb)->h_source);
|
|
|
|
++ vxlan_snoop(dev, &loopback, eth_hdr(skb)->h_source, 0);
|
2017-06-20 22:26:14 +00:00
|
|
|
+
|
|
|
|
+ u64_stats_update_begin(&tx_stats->syncp);
|
|
|
|
+ tx_stats->tx_packets++;
|
2018-07-10 20:57:40 +00:00
|
|
|
diff --git a/target/linux/generic/backport-4.9/095-0004-vxlan-allow-multiple-VXLANs-with-same-VNI-for-IPv6-l.patch b/target/linux/generic/backport-4.9/095-0004-vxlan-allow-multiple-VXLANs-with-same-VNI-for-IPv6-l.patch
|
2017-06-20 22:26:14 +00:00
|
|
|
new file mode 100644
|
2018-07-10 20:57:40 +00:00
|
|
|
index 0000000000000000000000000000000000000000..18ae230a3b04d2b57184109fa14f9533f0fb7192
|
2017-06-20 22:26:14 +00:00
|
|
|
--- /dev/null
|
2018-07-10 20:57:40 +00:00
|
|
|
+++ b/target/linux/generic/backport-4.9/095-0004-vxlan-allow-multiple-VXLANs-with-same-VNI-for-IPv6-l.patch
|
|
|
|
@@ -0,0 +1,182 @@
|
|
|
|
+From 95583c75a95449dade713e1dad4ed0a8dcc1b391 Mon Sep 17 00:00:00 2001
|
|
|
|
+Message-Id: <95583c75a95449dade713e1dad4ed0a8dcc1b391.1515533863.git.mschiffer@universe-factory.net>
|
|
|
|
+In-Reply-To: <f45ba82cd83d27b5d44d3dc417e0e480ba0d3703.1515533863.git.mschiffer@universe-factory.net>
|
|
|
|
+References: <f45ba82cd83d27b5d44d3dc417e0e480ba0d3703.1515533863.git.mschiffer@universe-factory.net>
|
2017-06-20 22:26:14 +00:00
|
|
|
+From: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
+Date: Mon, 19 Jun 2017 10:04:00 +0200
|
|
|
|
+Subject: [PATCH 4/4] vxlan: allow multiple VXLANs with same VNI for IPv6
|
|
|
|
+ link-local addresses
|
|
|
|
+
|
|
|
|
+As link-local addresses are only valid for a single interface, we can allow
|
|
|
|
+to use the same VNI for multiple independent VXLANs, as long as the used
|
|
|
|
+interfaces are distinct. This way, VXLANs can always be used as a drop-in
|
|
|
|
+replacement for VLANs with greater ID space.
|
|
|
|
+
|
|
|
|
+This also extends VNI lookup to respect the ifindex when link-local IPv6
|
|
|
|
+addresses are used, so using the same VNI on multiple interfaces can
|
|
|
|
+actually work.
|
|
|
|
+
|
|
|
|
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
+Signed-off-by: David S. Miller <davem@davemloft.net>
|
2018-07-10 20:57:40 +00:00
|
|
|
+[Matthias Schiffer: rebase to v4.9.y]
|
2017-06-20 22:26:14 +00:00
|
|
|
+---
|
2018-07-10 20:57:40 +00:00
|
|
|
+ drivers/net/vxlan.c | 60 ++++++++++++++++++++++++++++++++++++-----------------
|
|
|
|
+ 1 file changed, 41 insertions(+), 19 deletions(-)
|
2017-06-20 22:26:14 +00:00
|
|
|
+
|
2018-07-10 20:57:40 +00:00
|
|
|
+diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
|
|
|
|
+index c28c6f34b3b3..9208e3d9ec43 100644
|
2017-06-20 22:26:14 +00:00
|
|
|
+--- a/drivers/net/vxlan.c
|
|
|
|
++++ b/drivers/net/vxlan.c
|
2018-07-10 20:57:40 +00:00
|
|
|
+@@ -225,7 +225,8 @@ static struct vxlan_sock *vxlan_find_sock(struct net *net, sa_family_t family,
|
2017-06-20 22:26:14 +00:00
|
|
|
+ return NULL;
|
|
|
|
+ }
|
|
|
|
+
|
2018-07-10 20:57:40 +00:00
|
|
|
+-static struct vxlan_dev *vxlan_vs_find_vni(struct vxlan_sock *vs, __be32 vni)
|
2017-06-20 22:26:14 +00:00
|
|
|
++static struct vxlan_dev *vxlan_vs_find_vni(struct vxlan_sock *vs, int ifindex,
|
2018-07-10 20:57:40 +00:00
|
|
|
++ __be32 vni)
|
2017-06-20 22:26:14 +00:00
|
|
|
+ {
|
2018-07-10 20:57:40 +00:00
|
|
|
+ struct vxlan_dev_node *node;
|
|
|
|
+
|
|
|
|
+@@ -234,17 +235,27 @@ static struct vxlan_dev *vxlan_vs_find_vni(struct vxlan_sock *vs, __be32 vni)
|
|
|
|
+ vni = 0;
|
2017-06-20 22:26:14 +00:00
|
|
|
+
|
2018-07-10 20:57:40 +00:00
|
|
|
+ hlist_for_each_entry_rcu(node, vni_head(vs, vni), hlist) {
|
|
|
|
+- if (node->vxlan->default_dst.remote_vni == vni)
|
|
|
|
+- return node->vxlan;
|
|
|
|
++ if (node->vxlan->default_dst.remote_vni != vni)
|
2017-06-20 22:26:14 +00:00
|
|
|
++ continue;
|
|
|
|
++
|
|
|
|
++ if (IS_ENABLED(CONFIG_IPV6)) {
|
2018-07-10 20:57:40 +00:00
|
|
|
++ const struct vxlan_config *cfg = &node->vxlan->cfg;
|
2017-06-20 22:26:14 +00:00
|
|
|
++
|
2018-07-10 20:57:40 +00:00
|
|
|
++ if ((node->vxlan->flags & VXLAN_F_IPV6_LINKLOCAL) &&
|
2017-06-20 22:26:14 +00:00
|
|
|
++ cfg->remote_ifindex != ifindex)
|
|
|
|
++ continue;
|
|
|
|
++ }
|
|
|
|
++
|
2018-07-10 20:57:40 +00:00
|
|
|
++ return node->vxlan;
|
2017-06-20 22:26:14 +00:00
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ return NULL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Look up VNI in a per net namespace table */
|
2018-07-10 20:57:40 +00:00
|
|
|
+-static struct vxlan_dev *vxlan_find_vni(struct net *net, __be32 vni,
|
2017-06-20 22:26:14 +00:00
|
|
|
+- sa_family_t family, __be16 port,
|
|
|
|
+- u32 flags)
|
|
|
|
++static struct vxlan_dev *vxlan_find_vni(struct net *net, int ifindex,
|
2018-07-10 20:57:40 +00:00
|
|
|
++ __be32 vni, sa_family_t family,
|
2017-06-20 22:26:14 +00:00
|
|
|
++ __be16 port, u32 flags)
|
|
|
|
+ {
|
|
|
|
+ struct vxlan_sock *vs;
|
|
|
|
+
|
2018-07-10 20:57:40 +00:00
|
|
|
+@@ -252,7 +263,7 @@ static struct vxlan_dev *vxlan_find_vni(struct net *net, __be32 vni,
|
2017-06-20 22:26:14 +00:00
|
|
|
+ if (!vs)
|
|
|
|
+ return NULL;
|
|
|
|
+
|
2018-07-10 20:57:40 +00:00
|
|
|
+- return vxlan_vs_find_vni(vs, vni);
|
|
|
|
++ return vxlan_vs_find_vni(vs, ifindex, vni);
|
2017-06-20 22:26:14 +00:00
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Fill in neighbour message in skbuff. */
|
2018-07-10 20:57:40 +00:00
|
|
|
+@@ -1317,7 +1328,8 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb)
|
|
|
|
+ if (!vs)
|
|
|
|
+ goto drop;
|
2017-06-20 22:26:14 +00:00
|
|
|
+
|
2018-07-10 20:57:40 +00:00
|
|
|
+- vxlan = vxlan_vs_find_vni(vs, vxlan_vni(vxlan_hdr(skb)->vx_vni));
|
|
|
|
++ vxlan = vxlan_vs_find_vni(vs, skb->dev->ifindex,
|
|
|
|
++ vxlan_vni(vxlan_hdr(skb)->vx_vni));
|
2017-06-20 22:26:14 +00:00
|
|
|
+ if (!vxlan)
|
|
|
|
+ goto drop;
|
|
|
|
+
|
2018-07-10 20:57:40 +00:00
|
|
|
+@@ -1976,6 +1988,7 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
|
|
|
|
+ __be32 vni, label;
|
2017-06-20 22:26:14 +00:00
|
|
|
+ __be16 df = 0;
|
|
|
|
+ __u8 tos, ttl;
|
|
|
|
++ int ifindex;
|
|
|
|
+ int err;
|
|
|
|
+ u32 flags = vxlan->flags;
|
2018-07-10 20:57:40 +00:00
|
|
|
+ bool udp_sum = false;
|
|
|
|
+@@ -1987,6 +2000,7 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
|
2017-06-20 22:26:14 +00:00
|
|
|
+ if (rdst) {
|
|
|
|
+ dst_port = rdst->remote_port ? rdst->remote_port : vxlan->cfg.dst_port;
|
|
|
|
+ vni = rdst->remote_vni;
|
|
|
|
++ ifindex = rdst->remote_ifindex;
|
|
|
|
+ dst = &rdst->remote_ip;
|
2018-07-10 20:57:40 +00:00
|
|
|
+ local_ip = vxlan->cfg.saddr;
|
|
|
|
+ dst_cache = &rdst->dst_cache;
|
|
|
|
+@@ -1998,6 +2012,7 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
|
2017-06-20 22:26:14 +00:00
|
|
|
+ }
|
|
|
|
+ dst_port = info->key.tp_dst ? : vxlan->cfg.dst_port;
|
2018-07-10 20:57:40 +00:00
|
|
|
+ vni = tunnel_id_to_key32(info->key.tun_id);
|
2017-06-20 22:26:14 +00:00
|
|
|
++ ifindex = 0;
|
|
|
|
+ remote_ip.sa.sa_family = ip_tunnel_info_af(info);
|
2018-07-10 20:57:40 +00:00
|
|
|
+ if (remote_ip.sa.sa_family == AF_INET) {
|
2017-06-20 22:26:14 +00:00
|
|
|
+ remote_ip.sin.sin_addr.s_addr = info->key.u.ipv4.dst;
|
2018-07-10 20:57:40 +00:00
|
|
|
+@@ -2053,7 +2068,7 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
|
|
|
|
+ sk = sock4->sock->sk;
|
|
|
|
+
|
|
|
|
+ rt = vxlan_get_route(vxlan, skb,
|
|
|
|
+- rdst ? rdst->remote_ifindex : 0, tos,
|
|
|
|
++ ifindex, tos,
|
|
|
|
+ dst->sin.sin_addr.s_addr,
|
|
|
|
+ &local_ip.sin.sin_addr.s_addr,
|
|
|
|
+ dst_cache, info);
|
|
|
|
+@@ -2077,7 +2092,7 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
|
2017-06-20 22:26:14 +00:00
|
|
|
+ struct vxlan_dev *dst_vxlan;
|
|
|
|
+
|
|
|
|
+ ip_rt_put(rt);
|
|
|
|
+- dst_vxlan = vxlan_find_vni(vxlan->net, vni,
|
|
|
|
++ dst_vxlan = vxlan_find_vni(vxlan->net, ifindex, vni,
|
|
|
|
+ dst->sa.sa_family, dst_port,
|
|
|
|
+ vxlan->flags);
|
|
|
|
+ if (!dst_vxlan)
|
2018-07-10 20:57:40 +00:00
|
|
|
+@@ -2112,7 +2127,7 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
|
|
|
|
+ sk = sock6->sock->sk;
|
|
|
|
+
|
|
|
|
+ ndst = vxlan6_get_route(vxlan, skb,
|
|
|
|
+- rdst ? rdst->remote_ifindex : 0, tos,
|
|
|
|
++ ifindex, tos,
|
|
|
|
+ label, &dst->sin6.sin6_addr,
|
|
|
|
+ &local_ip.sin6.sin6_addr,
|
|
|
|
+ dst_cache, info);
|
|
|
|
+@@ -2138,7 +2153,7 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
|
2017-06-20 22:26:14 +00:00
|
|
|
+ struct vxlan_dev *dst_vxlan;
|
|
|
|
+
|
|
|
|
+ dst_release(ndst);
|
|
|
|
+- dst_vxlan = vxlan_find_vni(vxlan->net, vni,
|
|
|
|
++ dst_vxlan = vxlan_find_vni(vxlan->net, ifindex, vni,
|
|
|
|
+ dst->sa.sa_family, dst_port,
|
|
|
|
+ vxlan->flags);
|
|
|
|
+ if (!dst_vxlan)
|
2018-07-10 20:57:40 +00:00
|
|
|
+@@ -2984,13 +2999,20 @@ static int vxlan_dev_configure(struct net *src_net, struct net_device *dev,
|
2017-06-20 22:26:14 +00:00
|
|
|
+ vxlan->cfg.age_interval = FDB_AGE_DEFAULT;
|
|
|
|
+
|
|
|
|
+ list_for_each_entry(tmp, &vn->vxlan_list, next) {
|
|
|
|
+- if (tmp->cfg.vni == conf->vni &&
|
|
|
|
+- tmp->cfg.dst_port == vxlan->cfg.dst_port &&
|
|
|
|
+- (tmp->flags & (VXLAN_F_RCV_FLAGS | VXLAN_F_IPV6)) ==
|
2018-07-10 20:57:40 +00:00
|
|
|
+- (vxlan->flags & (VXLAN_F_RCV_FLAGS | VXLAN_F_IPV6))) {
|
|
|
|
+- pr_info("duplicate VNI %u\n", be32_to_cpu(conf->vni));
|
|
|
|
+- return -EEXIST;
|
|
|
|
+- }
|
2017-06-20 22:26:14 +00:00
|
|
|
++ if (tmp->cfg.vni != conf->vni)
|
|
|
|
++ continue;
|
|
|
|
++ if (tmp->cfg.dst_port != vxlan->cfg.dst_port)
|
|
|
|
++ continue;
|
|
|
|
++ if ((tmp->flags & (VXLAN_F_RCV_FLAGS | VXLAN_F_IPV6)) !=
|
2018-07-10 20:57:40 +00:00
|
|
|
++ (vxlan->flags & (VXLAN_F_RCV_FLAGS | VXLAN_F_IPV6)))
|
2017-06-20 22:26:14 +00:00
|
|
|
++ continue;
|
|
|
|
++
|
|
|
|
++ if ((vxlan->flags & VXLAN_F_IPV6_LINKLOCAL) &&
|
|
|
|
++ tmp->cfg.remote_ifindex != vxlan->cfg.remote_ifindex)
|
|
|
|
++ continue;
|
|
|
|
++
|
2018-07-10 20:57:40 +00:00
|
|
|
++ pr_info("duplicate VNI %u\n", be32_to_cpu(conf->vni));
|
|
|
|
++ return -EEXIST;
|
2017-06-20 22:26:14 +00:00
|
|
|
+ }
|
|
|
|
+
|
2018-07-10 20:57:40 +00:00
|
|
|
+ dev->ethtool_ops = &vxlan_ethtool_ops;
|
|
|
|
+--
|
|
|
|
+2.15.1
|
|
|
|
+
|