ip6_tunnel: Allow policy-based routing through tunnels

This feature allows the administrator to set an fwmark for packets traversing a tunnel. This allows the use of independent routing tables for tunneled packets without the use of iptables. Signed-off-by: Craig Gallek <kraig@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Craig Gallek <kraig@google.com> 2017-04-19 12:30:53 -0400
committer: David S. Miller <davem@davemloft.net> 2017-04-21 13:21:30 -0400
commit: 0a473b82cb23e7a35c4be6e9765c8487a65e8f55 (patch)
tree: 5568a1f040800160b0d9a9722d39f59403273199 /net/ipv6/ip6_gre.c
parent: 8e6c1812e632ae3b54a1a9da759cad762f633e11 (diff)
1 files changed, 13 insertions, 1 deletions
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index 6fcb7cb49bb2..8d128ba79b66 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -544,6 +544,8 @@ static inline int ip6gre_xmit_ipv4(struct sk_buff *skb, struct net_device *dev)
                                          & IPV6_TCLASS_MASK;
        if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
                fl6.flowi6_mark = skb->mark;
+        else
+                fl6.flowi6_mark = t->parms.fwmark;
        fl6.flowi6_uid = sock_net_uid(dev_net(dev), NULL);
@@ -603,6 +605,8 @@ static inline int ip6gre_xmit_ipv6(struct sk_buff *skb, struct net_device *dev)
                fl6.flowlabel |= ip6_flowlabel(ipv6h);
        if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
                fl6.flowi6_mark = skb->mark;
+        else
+                fl6.flowi6_mark = t->parms.fwmark;
        fl6.flowi6_uid = sock_net_uid(dev_net(dev), NULL);
@@ -780,6 +784,7 @@ static int ip6gre_tnl_change(struct ip6_tnl *t,
        t->parms.o_key = p->o_key;
        t->parms.i_flags = p->i_flags;
        t->parms.o_flags = p->o_flags;
+        t->parms.fwmark = p->fwmark;
        dst_cache_reset(&t->dst_cache);
        ip6gre_tnl_link_config(t, set_mtu);
        return 0;
@@ -1249,6 +1254,9 @@ static void ip6gre_netlink_parms(struct nlattr *data[],
        if (data[IFLA_GRE_FLAGS])
                parms->flags = nla_get_u32(data[IFLA_GRE_FLAGS]);
+        if (data[IFLA_GRE_FWMARK])
+                parms->fwmark = nla_get_u32(data[IFLA_GRE_FWMARK]);
 }
 static int ip6gre_tap_init(struct net_device *dev)
@@ -1470,6 +1478,8 @@ static size_t ip6gre_get_size(const struct net_device *dev)
                nla_total_size(2) +
                /* IFLA_GRE_ENCAP_DPORT */
                nla_total_size(2) +
+                /* IFLA_GRE_FWMARK */
+                nla_total_size(4) +
                0;
 }
@@ -1490,7 +1500,8 @@ static int ip6gre_fill_info(struct sk_buff *skb, const struct net_device *dev)
            nla_put_u8(skb, IFLA_GRE_TTL, p->hop_limit) ||
            nla_put_u8(skb, IFLA_GRE_ENCAP_LIMIT, p->encap_limit) ||
            nla_put_be32(skb, IFLA_GRE_FLOWINFO, p->flowinfo) ||
-            nla_put_u32(skb, IFLA_GRE_FLAGS, p->flags))
+            nla_put_u32(skb, IFLA_GRE_FLAGS, p->flags) ||
+            nla_put_u32(skb, IFLA_GRE_FWMARK, p->fwmark))
                goto nla_put_failure;
        if (nla_put_u16(skb, IFLA_GRE_ENCAP_TYPE,
@@ -1525,6 +1536,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = {
        [IFLA_GRE_ENCAP_FLAGS]  = { .type = NLA_U16 },
        [IFLA_GRE_ENCAP_SPORT]  = { .type = NLA_U16 },
        [IFLA_GRE_ENCAP_DPORT]  = { .type = NLA_U16 },
+        [IFLA_GRE_FWMARK]       = { .type = NLA_U32 },
 };
 static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
author	Craig Gallek <kraig@google.com>	2017-04-19 12:30:53 -0400
committer	David S. Miller <davem@davemloft.net>	2017-04-21 13:21:30 -0400
commit	0a473b82cb23e7a35c4be6e9765c8487a65e8f55 (patch)
tree	5568a1f040800160b0d9a9722d39f59403273199 /net/ipv6/ip6_gre.c
parent	8e6c1812e632ae3b54a1a9da759cad762f633e11 (diff)