Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/851556/?format=api
{ "id": 851556, "url": "http://patchwork.ozlabs.org/api/patches/851556/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netdev/patch/20171220170607.41516-7-lorenzo@google.com/", "project": { "id": 7, "url": "http://patchwork.ozlabs.org/api/projects/7/?format=api", "name": "Linux network development", "link_name": "netdev", "list_id": "netdev.vger.kernel.org", "list_email": "netdev@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20171220170607.41516-7-lorenzo@google.com>", "list_archive_url": null, "date": "2017-12-20T17:06:06", "name": "[ipsec-next,6/7] net: xfrm: Allow userspace to configure keyed VTI tunnels.", "commit_ref": null, "pull_url": null, "state": "awaiting-upstream", "archived": true, "hash": "8f4b4501b66c951acdbce4acc697cf59ddb6974f", "submitter": { "id": 3403, "url": "http://patchwork.ozlabs.org/api/people/3403/?format=api", "name": "Lorenzo Colitti", "email": "lorenzo@google.com" }, "delegate": { "id": 34, "url": "http://patchwork.ozlabs.org/api/users/34/?format=api", "username": "davem", "first_name": "David", "last_name": "Miller", "email": "davem@davemloft.net" }, "mbox": "http://patchwork.ozlabs.org/project/netdev/patch/20171220170607.41516-7-lorenzo@google.com/mbox/", "series": [ { "id": 19695, "url": "http://patchwork.ozlabs.org/api/series/19695/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netdev/list/?series=19695", "date": "2017-12-20T17:06:00", "name": ": Support multiple VTIs with the same src+dst pair", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/19695/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/851556/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/851556/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<netdev-owner@vger.kernel.org>", "X-Original-To": "patchwork-incoming@ozlabs.org", "Delivered-To": "patchwork-incoming@ozlabs.org", "Authentication-Results": [ "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)", "ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=google.com header.i=@google.com\n\theader.b=\"fIe2yuLz\"; dkim-atps=neutral" ], "Received": [ "from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3z21Qn2N1Gz9s83\n\tfor <patchwork-incoming@ozlabs.org>;\n\tThu, 21 Dec 2017 04:06:57 +1100 (AEDT)", "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1755759AbdLTRGy (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tWed, 20 Dec 2017 12:06:54 -0500", "from mail-pf0-f193.google.com ([209.85.192.193]:36837 \"EHLO\n\tmail-pf0-f193.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1755698AbdLTRGk (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Wed, 20 Dec 2017 12:06:40 -0500", "by mail-pf0-f193.google.com with SMTP id p84so12815857pfd.3\n\tfor <netdev@vger.kernel.org>; Wed, 20 Dec 2017 09:06:40 -0800 (PST)", "from lorenzo.tok.corp.google.com ([100.103.3.232])\n\tby smtp.gmail.com with ESMTPSA id\n\tt62sm29103067pgt.23.2017.12.20.09.06.36\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);\n\tWed, 20 Dec 2017 09:06:38 -0800 (PST)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=google.com; s=20161025;\n\th=from:to:cc:subject:date:message-id:in-reply-to:references;\n\tbh=GHsIO1OXZMa+Iq5ufSp0RT+Zh8x7bH7aaEyCZHvh4po=;\n\tb=fIe2yuLzcV7sASlupzI6GEU1LdGKGkajVJzKnFwqC5npC5EjamVDH0tgc+gTgDN0rm\n\t+gRe4KdwmV9OimW9RaKr7FjrAH5ffckRxV9xHC7Jfg+QM+2IbKp9z8t4NOaiy5JiiVvW\n\tHFeafo1do/0PtXjrLXTFzJjNjDIW0IH+Z5gd+DMhhiRIah6yBH3tHGaGda0AZ+X8hQJM\n\tQGMqapwkAOslIAJIXA9LYB4iC2CPyudLLXFPq88BtG6WfhaJ862Bd8qd2IF4EJ0KpKjB\n\t+SVG9pnCOtejgpidQVzgBwsTYAA8qEpj5Dqu/uVyosLLtZdQFp044K09mPB6Ho2I0j1K\n\tkDhg==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to\n\t:references;\n\tbh=GHsIO1OXZMa+Iq5ufSp0RT+Zh8x7bH7aaEyCZHvh4po=;\n\tb=RPQedeJWpYTGyQGNxe/safEULraOCrOJQbMS0AQpBunkjJJBhjc2N/cFKecOTq26fq\n\tj0e9ScVBDHkwgGd3bamZBSxK1gLe0b+et0zHgo2Iyn7mhkJuQ9Ry/0v02yEDGy2gKb8K\n\tYz/p1ngQOGO49m+4/xs/lRy12HQyEdK9OZxJA9sZotwCYJgKu7XDQKRKITbM96XsZhlc\n\tsf4k/pvdZmQfwss4HOX0Z1DBIwbhssXnBzUiQOignIXnXnhUNZAdWrtbbfz45I0qYfiW\n\tG8pd8wMsr2k8bDegqqGfh+PlfoqBneM4vMZM+8bxsv76uf7hiukZfULW4DHLtMfkFGu6\n\tBt2w==", "X-Gm-Message-State": "AKGB3mLqJTz10Qj7BjEQNf1vBO2D4YnTLjSJ6k/x5MYeMAfAqdIyYpRf\n\tEaT9+h4PdzXnq/H8Ojo7ssnYJksIwX4=", "X-Google-Smtp-Source": "ACJfBoui5prNM6JJJbSzClvkkrak9NlGdP+g7BraoZ4ZvmXeHnSrGRiqqm/tloakUw3F2g4kjI5rsw==", "X-Received": "by 10.99.49.215 with SMTP id x206mr6874099pgx.372.1513789598839; \n\tWed, 20 Dec 2017 09:06:38 -0800 (PST)", "From": "Lorenzo Colitti <lorenzo@google.com>", "To": "netdev@vger.kernel.org", "Cc": "steffen.klassert@secunet.com, subashab@codeaurora.org,\n\tnharold@google.com, davem@davemloft.net,\n\tLorenzo Colitti <lorenzo@google.com>", "Subject": "[PATCH ipsec-next 6/7] net: xfrm: Allow userspace to configure\n\tkeyed VTI tunnels.", "Date": "Thu, 21 Dec 2017 02:06:06 +0900", "Message-Id": "<20171220170607.41516-7-lorenzo@google.com>", "X-Mailer": "git-send-email 2.15.1.620.gb9897f4670-goog", "In-Reply-To": "<20171220170607.41516-1-lorenzo@google.com>", "References": "<20171220170607.41516-1-lorenzo@google.com>", "Sender": "netdev-owner@vger.kernel.org", "Precedence": "bulk", "List-ID": "<netdev.vger.kernel.org>", "X-Mailing-List": "netdev@vger.kernel.org" }, "content": "This commit allows userspace to configure keyed VTI tunnels by\nadding a IFLA_VTI_FLAGS attribute and a VTI_KEYED flag. When set,\nthe flag causes the tunnel parameter i_flags to be set to\nTUNNEL_KEY.\n\nCreating both a non-keyed VTI and a keyed VTI on the same IP\nsrc+dst pair is not useful. Because non-keyed VTIs always accept\npackets, in such a configuration the keyed VTI would not receive\nany traffic. This is disallowed by modifying the ip_tunnel_find\nand vti6_locate functions to treat VTIs on the same src+dst pair\nas identical unless they are both keyed (in which case they can\ncoexist, by design). So attempts to create such duplicate tunnels\n- or to change one tunnel in such a way that it would duplicate\nanother - will fail with EEXIST.\n\nSigned-off-by: Lorenzo Colitti <lorenzo@google.com>\n---\n include/uapi/linux/if_tunnel.h | 4 ++++\n net/ipv4/ip_tunnel.c | 10 +++++++++-\n net/ipv4/ip_vti.c | 26 +++++++++++++++++++++++---\n net/ipv6/ip6_vti.c | 33 +++++++++++++++++++++++++++++++--\n 4 files changed, 67 insertions(+), 6 deletions(-)", "diff": "diff --git a/include/uapi/linux/if_tunnel.h b/include/uapi/linux/if_tunnel.h\nindex 1b3d148c45..b431b1c209 100644\n--- a/include/uapi/linux/if_tunnel.h\n+++ b/include/uapi/linux/if_tunnel.h\n@@ -148,6 +148,9 @@ enum {\n /* VTI-mode i_flags */\n #define VTI_ISVTI ((__force __be16)0x0001)\n \n+/* VTI netlink iflags. */\n+#define VTI_KEYED 0x0001\n+\n enum {\n \tIFLA_VTI_UNSPEC,\n \tIFLA_VTI_LINK,\n@@ -156,6 +159,7 @@ enum {\n \tIFLA_VTI_LOCAL,\n \tIFLA_VTI_REMOTE,\n \tIFLA_VTI_FWMARK,\n+\tIFLA_VTI_FLAGS,\n \t__IFLA_VTI_MAX,\n };\n \ndiff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c\nindex f45968bb81..9a0a56b491 100644\n--- a/net/ipv4/ip_tunnel.c\n+++ b/net/ipv4/ip_tunnel.c\n@@ -84,6 +84,14 @@ static bool ip_tunnel_key_match(const struct ip_tunnel_parm *p,\n \t\treturn !(flags & TUNNEL_KEY);\n }\n \n+static bool ip_tunnel_match(const struct ip_tunnel_parm *p,\n+\t\t\t __be32 flags, u8 lookup_flags, __be32 key)\n+{\n+\treturn ip_tunnel_key_match(p, flags, lookup_flags, key) ||\n+\t ((p->i_flags & flags & VTI_ISVTI) &&\n+\t\t!(p->i_flags & flags & TUNNEL_KEY));\n+}\n+\n /* Fallback tunnel: no source, no destination, no key, no options\n \n Tunnel hash table:\n@@ -242,7 +250,7 @@ static struct ip_tunnel *ip_tunnel_find(struct ip_tunnel_net *itn,\n \t\t remote == t->parms.iph.daddr &&\n \t\t link == t->parms.link &&\n \t\t type == t->dev->type &&\n-\t\t ip_tunnel_key_match(&t->parms, flags, 0, key))\n+\t\t ip_tunnel_match(&t->parms, flags, 0, key))\n \t\t\tbreak;\n \t}\n \treturn t;\ndiff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c\nindex 9d28433a60..1f52719228 100644\n--- a/net/ipv4/ip_vti.c\n+++ b/net/ipv4/ip_vti.c\n@@ -385,6 +385,16 @@ static int vti4_err(struct sk_buff *skb, u32 info)\n \treturn tunnel ? 0 : -1;\n }\n \n+static __be16 vti_flags_to_tnl_flags(__u16 flags)\n+{\n+\treturn VTI_ISVTI | ((flags & VTI_KEYED) ? TUNNEL_KEY : 0);\n+}\n+\n+static __u16 tnl_flags_to_vti_flags(__be16 i_flags)\n+{\n+\treturn (i_flags & TUNNEL_KEY) ? VTI_KEYED : 0;\n+}\n+\n static int\n vti_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)\n {\n@@ -525,6 +535,8 @@ static void vti_netlink_parms(struct nlattr *data[],\n \t\t\t struct ip_tunnel_parm *parms,\n \t\t\t __u32 *fwmark)\n {\n+\t__u16 flags = 0;\n+\n \tmemset(parms, 0, sizeof(*parms));\n \n \tparms->iph.protocol = IPPROTO_IPIP;\n@@ -532,8 +544,6 @@ static void vti_netlink_parms(struct nlattr *data[],\n \tif (!data)\n \t\treturn;\n \n-\tparms->i_flags = VTI_ISVTI;\n-\n \tif (data[IFLA_VTI_LINK])\n \t\tparms->link = nla_get_u32(data[IFLA_VTI_LINK]);\n \n@@ -551,6 +561,11 @@ static void vti_netlink_parms(struct nlattr *data[],\n \n \tif (data[IFLA_VTI_FWMARK])\n \t\t*fwmark = nla_get_u32(data[IFLA_VTI_FWMARK]);\n+\n+\tif (data[IFLA_VTI_FLAGS])\n+\t\tflags = nla_get_u16(data[IFLA_VTI_FLAGS]);\n+\n+\tparms->i_flags = vti_flags_to_tnl_flags(flags);\n }\n \n static int vti_newlink(struct net *src_net, struct net_device *dev,\n@@ -591,6 +606,8 @@ static size_t vti_get_size(const struct net_device *dev)\n \t\tnla_total_size(4) +\n \t\t/* IFLA_VTI_FWMARK */\n \t\tnla_total_size(4) +\n+\t\t/* IFLA_VTI_FLAGS */\n+\t\tnla_total_size(2) +\n \t\t0;\n }\n \n@@ -604,7 +621,9 @@ static int vti_fill_info(struct sk_buff *skb, const struct net_device *dev)\n \t nla_put_be32(skb, IFLA_VTI_OKEY, p->o_key) ||\n \t nla_put_in_addr(skb, IFLA_VTI_LOCAL, p->iph.saddr) ||\n \t nla_put_in_addr(skb, IFLA_VTI_REMOTE, p->iph.daddr) ||\n-\t nla_put_u32(skb, IFLA_VTI_FWMARK, t->fwmark))\n+\t nla_put_u32(skb, IFLA_VTI_FWMARK, t->fwmark) ||\n+\t nla_put_u16(skb, IFLA_VTI_FLAGS,\n+\t\t\ttnl_flags_to_vti_flags(p->i_flags)))\n \t\treturn -EMSGSIZE;\n \n \treturn 0;\n@@ -617,6 +636,7 @@ static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = {\n \t[IFLA_VTI_LOCAL]\t= { .len = FIELD_SIZEOF(struct iphdr, saddr) },\n \t[IFLA_VTI_REMOTE]\t= { .len = FIELD_SIZEOF(struct iphdr, daddr) },\n \t[IFLA_VTI_FWMARK]\t= { .type = NLA_U32 },\n+\t[IFLA_VTI_FLAGS]\t= { .type = NLA_U16 },\n };\n \n static struct rtnl_link_ops vti_link_ops __read_mostly = {\ndiff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c\nindex bf64821b8a..18c2695dc3 100644\n--- a/net/ipv6/ip6_vti.c\n+++ b/net/ipv6/ip6_vti.c\n@@ -86,6 +86,13 @@ static bool vti6_match_key(const struct ip6_tnl *t, __be32 key, bool in)\n \treturn !(flags & TUNNEL_KEY) || tunnel_key == key;\n }\n \n+static bool vti6_match_tunnel(const struct ip6_tnl *t, struct __ip6_tnl_parm *p)\n+{\n+\treturn !(t->parms.i_flags & TUNNEL_KEY) ||\n+\t !(p->i_flags & TUNNEL_KEY) ||\n+\t vti6_match_key(t, p->i_key, true);\n+}\n+\n /**\n * vti6_tnl_lookup - fetch tunnel matching the end-point addresses and key\n * @net: network namespace\n@@ -280,7 +287,7 @@ static struct ip6_tnl *vti6_locate(struct net *net, struct __ip6_tnl_parm *p,\n \t tp = &t->next) {\n \t\tif (ipv6_addr_equal(local, &t->parms.laddr) &&\n \t\t ipv6_addr_equal(remote, &t->parms.raddr) &&\n-\t\t vti6_match_key(t, p->i_key, true)) {\n+\t\t vti6_match_tunnel(t, p)) {\n \t\t\tif (create)\n \t\t\t\treturn NULL;\n \n@@ -990,9 +997,21 @@ static int vti6_validate(struct nlattr *tb[], struct nlattr *data[],\n \treturn 0;\n }\n \n+static __be16 vti_flags_to_tnl_flags(__u16 i_flags)\n+{\n+\treturn VTI_ISVTI | ((i_flags & VTI_KEYED) ? TUNNEL_KEY : 0);\n+}\n+\n+static __u16 tnl_flags_to_vti_flags(__be16 i_flags)\n+{\n+\treturn (i_flags & TUNNEL_KEY) ? VTI_KEYED : 0;\n+}\n+\n static void vti6_netlink_parms(struct nlattr *data[],\n \t\t\t struct __ip6_tnl_parm *parms)\n {\n+\t__u16 flags = 0;\n+\n \tmemset(parms, 0, sizeof(*parms));\n \n \tif (!data)\n@@ -1015,6 +1034,11 @@ static void vti6_netlink_parms(struct nlattr *data[],\n \n \tif (data[IFLA_VTI_FWMARK])\n \t\tparms->fwmark = nla_get_u32(data[IFLA_VTI_FWMARK]);\n+\n+\tif (data[IFLA_VTI_FLAGS])\n+\t\tflags = nla_get_u16(data[IFLA_VTI_FLAGS]);\n+\n+\tparms->i_flags = vti_flags_to_tnl_flags(flags);\n }\n \n static int vti6_newlink(struct net *src_net, struct net_device *dev,\n@@ -1084,6 +1108,8 @@ static size_t vti6_get_size(const struct net_device *dev)\n \t\tnla_total_size(4) +\n \t\t/* IFLA_VTI_FWMARK */\n \t\tnla_total_size(4) +\n+\t\t/* IFLA_VTI_FLAGS */\n+\t\tnla_total_size(2) +\n \t\t0;\n }\n \n@@ -1097,7 +1123,9 @@ static int vti6_fill_info(struct sk_buff *skb, const struct net_device *dev)\n \t nla_put_in6_addr(skb, IFLA_VTI_REMOTE, &parm->raddr) ||\n \t nla_put_be32(skb, IFLA_VTI_IKEY, parm->i_key) ||\n \t nla_put_be32(skb, IFLA_VTI_OKEY, parm->o_key) ||\n-\t nla_put_u32(skb, IFLA_VTI_FWMARK, parm->fwmark))\n+\t nla_put_u32(skb, IFLA_VTI_FWMARK, parm->fwmark) ||\n+\t nla_put_u16(skb, IFLA_VTI_FLAGS,\n+\t\t\ttnl_flags_to_vti_flags(parm->i_flags)))\n \t\tgoto nla_put_failure;\n \treturn 0;\n \n@@ -1112,6 +1140,7 @@ static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = {\n \t[IFLA_VTI_IKEY]\t\t= { .type = NLA_U32 },\n \t[IFLA_VTI_OKEY]\t\t= { .type = NLA_U32 },\n \t[IFLA_VTI_FWMARK]\t= { .type = NLA_U32 },\n+\t[IFLA_VTI_FLAGS]\t= { .type = NLA_U16 },\n };\n \n static struct rtnl_link_ops vti6_link_ops __read_mostly = {\n", "prefixes": [ "ipsec-next", "6/7" ] }