diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2010-11-03 00:41:38 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2010-11-15 13:44:04 -0500 |
| commit | cc9ff19da9bf76a2f70bcb80225a1c587c162e52 (patch) | |
| tree | 181efcd617a42a48fa94c51cfe9dc0e77b3b5775 /net/ipv4 | |
| parent | e1f2d8c2cc61d2b9472efe44e8a2b098336914b4 (diff) | |
xfrm: use gre key as flow upper protocol info
The GRE Key field is intended to be used for identifying an individual
traffic flow within a tunnel. It is useful to be able to have XFRM
policy selector matches to have different policies for different
GRE tunnels.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/ip_gre.c | 12 | ||||
| -rw-r--r-- | net/ipv4/xfrm4_policy.c | 15 |
2 files changed, 22 insertions, 5 deletions
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index cab2057d5430..aace653710f6 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c | |||
| @@ -779,9 +779,9 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev | |||
| 779 | .tos = RT_TOS(tos) | 779 | .tos = RT_TOS(tos) |
| 780 | } | 780 | } |
| 781 | }, | 781 | }, |
| 782 | .proto = IPPROTO_GRE | 782 | .proto = IPPROTO_GRE, |
| 783 | } | 783 | .fl_gre_key = tunnel->parms.o_key |
| 784 | ; | 784 | }; |
| 785 | if (ip_route_output_key(dev_net(dev), &rt, &fl)) { | 785 | if (ip_route_output_key(dev_net(dev), &rt, &fl)) { |
| 786 | dev->stats.tx_carrier_errors++; | 786 | dev->stats.tx_carrier_errors++; |
| 787 | goto tx_error; | 787 | goto tx_error; |
| @@ -958,7 +958,8 @@ static int ipgre_tunnel_bind_dev(struct net_device *dev) | |||
| 958 | .tos = RT_TOS(iph->tos) | 958 | .tos = RT_TOS(iph->tos) |
| 959 | } | 959 | } |
| 960 | }, | 960 | }, |
| 961 | .proto = IPPROTO_GRE | 961 | .proto = IPPROTO_GRE, |
| 962 | .fl_gre_key = tunnel->parms.o_key | ||
| 962 | }; | 963 | }; |
| 963 | struct rtable *rt; | 964 | struct rtable *rt; |
| 964 | 965 | ||
| @@ -1223,7 +1224,8 @@ static int ipgre_open(struct net_device *dev) | |||
| 1223 | .tos = RT_TOS(t->parms.iph.tos) | 1224 | .tos = RT_TOS(t->parms.iph.tos) |
| 1224 | } | 1225 | } |
| 1225 | }, | 1226 | }, |
| 1226 | .proto = IPPROTO_GRE | 1227 | .proto = IPPROTO_GRE, |
| 1228 | .fl_gre_key = t->parms.o_key | ||
| 1227 | }; | 1229 | }; |
| 1228 | struct rtable *rt; | 1230 | struct rtable *rt; |
| 1229 | 1231 | ||
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index dd1fd8c473fc..4a8c5335770c 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4/xfrm4_policy.c | |||
| @@ -11,6 +11,7 @@ | |||
| 11 | #include <linux/err.h> | 11 | #include <linux/err.h> |
| 12 | #include <linux/kernel.h> | 12 | #include <linux/kernel.h> |
| 13 | #include <linux/inetdevice.h> | 13 | #include <linux/inetdevice.h> |
| 14 | #include <linux/if_tunnel.h> | ||
| 14 | #include <net/dst.h> | 15 | #include <net/dst.h> |
| 15 | #include <net/xfrm.h> | 16 | #include <net/xfrm.h> |
| 16 | #include <net/ip.h> | 17 | #include <net/ip.h> |
| @@ -154,6 +155,20 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse) | |||
| 154 | fl->fl_ipsec_spi = htonl(ntohs(ipcomp_hdr[1])); | 155 | fl->fl_ipsec_spi = htonl(ntohs(ipcomp_hdr[1])); |
| 155 | } | 156 | } |
| 156 | break; | 157 | break; |
| 158 | |||
| 159 | case IPPROTO_GRE: | ||
| 160 | if (pskb_may_pull(skb, xprth + 12 - skb->data)) { | ||
| 161 | __be16 *greflags = (__be16 *)xprth; | ||
| 162 | __be32 *gre_hdr = (__be32 *)xprth; | ||
| 163 | |||
| 164 | if (greflags[0] & GRE_KEY) { | ||
| 165 | if (greflags[0] & GRE_CSUM) | ||
| 166 | gre_hdr++; | ||
| 167 | fl->fl_gre_key = gre_hdr[1]; | ||
| 168 | } | ||
| 169 | } | ||
| 170 | break; | ||
| 171 | |||
| 157 | default: | 172 | default: |
| 158 | fl->fl_ipsec_spi = 0; | 173 | fl->fl_ipsec_spi = 0; |
| 159 | break; | 174 | break; |