[iproute2] fix ip tunnel for vti tunnels with ikey

Message ID	20140607003349.d8b0fd526cb6403437c88c33@qrator.net
State	Accepted, archived
Delegated to:	stephen hemminger
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Date: Sat, 7 Jun 2014 00:33:49 +0400 From: Dmitry Popov <ixaphire@qrator.net> To: ixaphire@qrator.net Cc: netdev@vger.kernel.org Subject: [PATCH iproute2] fix ip tunnel for vti tunnels with ikey Message-Id: <20140607003349.d8b0fd526cb6403437c88c33@qrator.net> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

20140607003349.d8b0fd526cb6403437c88c33@qrator.net

State

Accepted, archived

Delegated to:

stephen hemminger

Headers

Date: Sat, 7 Jun 2014 00:33:49 +0400
From: Dmitry Popov <ixaphire@qrator.net>
To: ixaphire@qrator.net
Cc: netdev@vger.kernel.org
Subject: [PATCH iproute2] fix ip tunnel for vti tunnels with ikey
Message-Id: <20140607003349.d8b0fd526cb6403437c88c33@qrator.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Dmitry Popov June 6, 2014, 8:33 p.m. UTC

Consider the following command:

ip tunnel add mode vti remote 12.0.0.1 local 12.0.0.3 ikey 15

i_flags will be GRE_KEY|VTI_ISVTI. So, in order to distinguish between ipip and
vti we have to check just VTI_ISVTI bit, not the equality of i_flags and 
VTI_ISVTI.

Signed-off-by: Dmitry Popov <ixaphire@qrator.net>
---
 ip/iptunnel.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Dmitry Popov June 16, 2014, 5:43 p.m. UTC | #1

On Sat, 7 Jun 2014 00:33:49 +0400
Dmitry Popov <ixaphire@qrator.net> wrote:

> Consider the following command:
> 
> ip tunnel add mode vti remote 12.0.0.1 local 12.0.0.3 ikey 15
> 
> ...

I re-read commit message and found that the issue described may be not that
obvious. So I decided to show the commands to reproduce the bug:

* Note, that there also was a bug in ip_tunnel/ip_vti, see
commit 7c8e6b9c281(ip_vti: Fix 'ip tunnel add' with 'key' parameters),
https://lkml.org/lkml/2014/6/7/125.
Even patched iproute could be unable to create vti tunnels with non-zero keys.

1) Unpatched iproute2:
[root@vm ~]# ip tunnel show
[root@vm ~]# lsmod | egrep '(ipip|vti)'
[root@vm ~]# ip tunnel add mode vti ikey 1
[root@vm ~]# lsmod | egrep '(ipip|vti)'
ipip                    4197  0 
tunnel4                 1659  1 ipip
ip_tunnel               9295  1 ipip
[root@vm ~]# ip tunnel show
tunl0: ip/ip  remote any  local any  ttl inherit
[root@vm ~]# ip tunnel add mode vti remote 1.2.3.4 ikey 2
[root@vm ~]# ip tunnel show
ipip0: ip/ip  remote 1.2.3.4  local any  ttl inherit 
tunl0: ip/ip  remote any  local any  ttl inherit 
[root@vm ~]# lsmod | egrep '(ipip|vti)'
ipip                    4197  0 
tunnel4                 1659  1 ipip
ip_tunnel               9295  1 ipip

# ipip tunnels are created instead of vti

2) Patched iproute2:
[root@vm ~]# ip tunnel show
[root@vm ~]# lsmod | egrep '(ipip|vti)'
[root@vm ~]# ip tunnel add mode vti ikey 1
[root@vm ~]# lsmod | egrep '(ipip|vti)'
ip_vti                  5258  0 
ip_tunnel               9295  1 ip_vti
[root@vm ~]# ip tunnel show
vti0: ip/ip  remote any  local any  ttl inherit  ikey 1  okey 0 
ip_vti0: ip/ip  remote any  local any  ttl inherit  nopmtudisc key 0
[root@vm ~]# ip tunnel add mode vti remote 1.2.3.4 ikey 2
[root@vm ~]# ip tunnel show
vti0: ip/ip  remote any  local any  ttl inherit  ikey 1  okey 0
vti1: ip/ip  remote 1.2.3.4  local any  ttl inherit  ikey 2  okey 0 
ip_vti0: ip/ip  remote any  local any  ttl inherit  nopmtudisc key 0

# Vti tunnels are created as expected
# * If you have unpatched kernel your vti tunnels will have ikey == okey == 0

Same story exists with ip tunnel show/del with non-zero [io]key: requests are 
routed to tunl0 instead of ip_vti0.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/ip/iptunnel.c b/ip/iptunnel.c
index 9ae8847..4d0fc21 100644
--- a/ip/iptunnel.c
+++ b/ip/iptunnel.c
@@ -287,10 +287,10 @@  static int do_add(int cmd, int argc, char **argv)
 
 	switch (p.iph.protocol) {
 	case IPPROTO_IPIP:
-		if (p.i_flags != VTI_ISVTI)
-			return tnl_add_ioctl(cmd, "tunl0", p.name, &p);
-		else
+		if (p.i_flags & VTI_ISVTI)
 			return tnl_add_ioctl(cmd, "ip_vti0", p.name, &p);
+		else
+			return tnl_add_ioctl(cmd, "tunl0", p.name, &p);
 	case IPPROTO_GRE:
 		return tnl_add_ioctl(cmd, "gre0", p.name, &p);
 	case IPPROTO_IPV6:
@@ -311,10 +311,10 @@  static int do_del(int argc, char **argv)
 
 	switch (p.iph.protocol) {
 	case IPPROTO_IPIP:
-		if (p.i_flags != VTI_ISVTI)
-			return tnl_del_ioctl("tunl0", p.name, &p);
-		else
+		if (p.i_flags & VTI_ISVTI)
 			return tnl_del_ioctl("ip_vti0", p.name, &p);
+		else
+			return tnl_del_ioctl("tunl0", p.name, &p);
 	case IPPROTO_GRE:
 		return tnl_del_ioctl("gre0", p.name, &p);
 	case IPPROTO_IPV6:
@@ -503,10 +503,10 @@  static int do_show(int argc, char **argv)
 
 	switch (p.iph.protocol) {
 	case IPPROTO_IPIP:
-		if (p.i_flags != VTI_ISVTI)
-			err = tnl_get_ioctl(p.name[0] ? p.name : "tunl0", &p);
-		else
+		if (p.i_flags & VTI_ISVTI)
 			err = tnl_get_ioctl(p.name[0] ? p.name : "ip_vti0", &p);
+		else
+			err = tnl_get_ioctl(p.name[0] ? p.name : "tunl0", &p);
 		break;
 	case IPPROTO_GRE:
 		err = tnl_get_ioctl(p.name[0] ? p.name : "gre0", &p);