net: Implement Any-IP support for IPv6.

Message ID	1285582022-30787-1-git-send-email-zenczykowski@gmail.com
State	Accepted, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:cc:subject:date:message-id:x-mailer:mime-version :content-type:content-transfer-encoding; b=xEVsjZFcc4ca3yCblw4WXTCoULUL0EbSRCqwiWQS6Z4cexnYmYEw99pJokTem2q8ie RJyXKvYx1NTv1dm/ki1KMvfiZhb04GZVSt1VP4Gna5E4O5eaFUtD2bHz/kYAa+Qo9oFe HZpQVdZvy+3Mq79j94omRZLpkyxrrZEQCtKdM= From: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= <zenczykowski@gmail.com> To: David Miller <davem@davemloft.net>, netdev@vger.kernel.org Cc: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= <maze@google.com> Subject: [PATCH] net: Implement Any-IP support for IPv6. Date: Mon, 27 Sep 2010 03:07:02 -0700 Message-Id: <1285582022-30787-1-git-send-email-zenczykowski@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

1285582022-30787-1-git-send-email-zenczykowski@gmail.com

State

Accepted, archived

Delegated to:

David Miller

Headers

DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=from:to:cc:subject:date:message-id:x-mailer:mime-version
	:content-type:content-transfer-encoding;
	b=xEVsjZFcc4ca3yCblw4WXTCoULUL0EbSRCqwiWQS6Z4cexnYmYEw99pJokTem2q8ie
	RJyXKvYx1NTv1dm/ki1KMvfiZhb04GZVSt1VP4Gna5E4O5eaFUtD2bHz/kYAa+Qo9oFe
	HZpQVdZvy+3Mq79j94omRZLpkyxrrZEQCtKdM=
From: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= <zenczykowski@gmail.com>
To: David Miller <davem@davemloft.net>, netdev@vger.kernel.org
Cc: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= <maze@google.com>
Subject: [PATCH] net: Implement Any-IP support for IPv6.
Date: Mon, 27 Sep 2010 03:07:02 -0700
Message-Id: <1285582022-30787-1-git-send-email-zenczykowski@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Maciej Żenczykowski Sept. 27, 2010, 10:07 a.m. UTC

From: Maciej Żenczykowski <maze@google.com>

AnyIP is the capability to receive packets and establish incoming
connections on IPs we have not explicitly configured on the machine.

An example use case is to configure a machine to accept all incoming
traffic on eth0, and leave the policy of whether traffic for a given IP
should be delivered to the machine up to the load balancer.

Can be setup as follows:
  ip -6 rule from all iif eth0 lookup 200
  ip -6 route add local default dev lo table 200
(in this case for all IPv6 addresses)

Signed-off-by: Maciej Żenczykowski <maze@google.com>
---
 net/ipv6/route.c |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

Comments

David Miller Sept. 28, 2010, 8:59 p.m. UTC | #1

From: Maciej Żenczykowski <zenczykowski@gmail.com>
Date: Mon, 27 Sep 2010 03:07:02 -0700

> From: Maciej Żenczykowski <maze@google.com>
> 
> AnyIP is the capability to receive packets and establish incoming
> connections on IPs we have not explicitly configured on the machine.
> 
> An example use case is to configure a machine to accept all incoming
> traffic on eth0, and leave the policy of whether traffic for a given IP
> should be delivered to the machine up to the load balancer.
> 
> Can be setup as follows:
>   ip -6 rule from all iif eth0 lookup 200
>   ip -6 route add local default dev lo table 200
> (in this case for all IPv6 addresses)
> 
> Signed-off-by: Maciej Żenczykowski <maze@google.com>

Does this already work on the ipv4 side?

If not, why only add it to ipv6?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Maciej Żenczykowski Sept. 28, 2010, 9:04 p.m. UTC | #2

AFAIK, Tom Herbert did post the ipv4 patch some time back.

http://patchwork.ozlabs.org/patch/53381/

I think the ipv6 code path (and hence the patch itself) is much cleaner.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

David Miller Sept. 28, 2010, 9:17 p.m. UTC | #3

From: Maciej Żenczykowski <zenczykowski@gmail.com>
Date: Tue, 28 Sep 2010 14:04:47 -0700

> AFAIK, Tom Herbert did post the ipv4 patch some time back.
> 
> http://patchwork.ozlabs.org/patch/53381/
> 
> I think the ipv6 code path (and hence the patch itself) is much cleaner.

Ok, I've moved that patch back to under-review state, maybe we
can get them both in at the same time.

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

David Miller Sept. 29, 2010, 8:02 a.m. UTC | #4

From: Maciej Żenczykowski <zenczykowski@gmail.com>
Date: Mon, 27 Sep 2010 03:07:02 -0700

> From: Maciej Żenczykowski <maze@google.com>
> 
> AnyIP is the capability to receive packets and establish incoming
> connections on IPs we have not explicitly configured on the machine.
> 
> An example use case is to configure a machine to accept all incoming
> traffic on eth0, and leave the policy of whether traffic for a given IP
> should be delivered to the machine up to the load balancer.
> 
> Can be setup as follows:
>   ip -6 rule from all iif eth0 lookup 200
>   ip -6 route add local default dev lo table 200
> (in this case for all IPv6 addresses)
> 
> Signed-off-by: Maciej Żenczykowski <maze@google.com>

Ok, I applied this and Tom's ipv4-side patch and pushed it all
out to net-next-2.6

Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index d126365..3a74f90 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1169,6 +1169,8 @@  int ip6_route_add(struct fib6_config *cfg)
 
 	if (addr_type & IPV6_ADDR_MULTICAST)
 		rt->dst.input = ip6_mc_input;
+	else if (cfg->fc_flags & RTF_LOCAL)
+		rt->dst.input = ip6_input;
 	else
 		rt->dst.input = ip6_forward;
 
@@ -1190,7 +1192,8 @@  int ip6_route_add(struct fib6_config *cfg)
 	   they would result in kernel looping; promote them to reject routes
 	 */
 	if ((cfg->fc_flags & RTF_REJECT) ||
-	    (dev && (dev->flags&IFF_LOOPBACK) && !(addr_type&IPV6_ADDR_LOOPBACK))) {
+	    (dev && (dev->flags&IFF_LOOPBACK) && !(addr_type&IPV6_ADDR_LOOPBACK)
+					      && !(cfg->fc_flags&RTF_LOCAL))) {
 		/* hold loopback dev/idev if we haven't done so. */
 		if (dev != net->loopback_dev) {
 			if (dev) {
@@ -2082,6 +2085,9 @@  static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh,
 	if (rtm->rtm_type == RTN_UNREACHABLE)
 		cfg->fc_flags |= RTF_REJECT;
 
+	if (rtm->rtm_type == RTN_LOCAL)
+		cfg->fc_flags |= RTF_LOCAL;
+
 	cfg->fc_nlinfo.pid = NETLINK_CB(skb).pid;
 	cfg->fc_nlinfo.nlh = nlh;
 	cfg->fc_nlinfo.nl_net = sock_net(skb->sk);
@@ -2202,6 +2208,8 @@  static int rt6_fill_node(struct net *net,
 	NLA_PUT_U32(skb, RTA_TABLE, table);
 	if (rt->rt6i_flags&RTF_REJECT)
 		rtm->rtm_type = RTN_UNREACHABLE;
+	else if (rt->rt6i_flags&RTF_LOCAL)
+		rtm->rtm_type = RTN_LOCAL;
 	else if (rt->rt6i_dev && (rt->rt6i_dev->flags&IFF_LOOPBACK))
 		rtm->rtm_type = RTN_LOCAL;
 	else

net: Implement Any-IP support for IPv6.

Commit Message

Comments

Patch