| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Jul 2012 15:26:57 +0300 From: Timo Teras <timo.teras@....fi> To: Kozlov Dmitry <xeb@...l.ru> Cc: netdev@...r.kernel.org Subject: Re: [net-next,v3] GRE over IPv6 On Mon, 30 Jul 2012 15:52:46 +0400 Kozlov Dmitry <xeb@...l.ru> wrote: > On Monday 30 July 2012 14:38:06 Timo Teras wrote: > > On Sat, 28 Jul 2012 22:12:42 -0000 xeb@...l.ru wrote: > > > GRE over IPv6 implementation. > > > > > > Signed-off-by: Dmitry Kozlov <xeb@...l.ru> > > > > > > --- > > > Changes: > > > Initialize nt->dev before calling ip6gre_tnl_link_config in > > > ip6gre_newlink. > > > Add missing ip6gre.c > > > > > > include/linux/if_arp.h | 1 + > > > include/linux/if_tunnel.h | 3 + > > > include/linux/ip6_tunnel.h | 18 + > > > include/net/ip6_tunnel.h | 40 +- > > > include/net/ipv6.h | 1 + > > > net/ipv6/Kconfig | 16 + > > > net/ipv6/Makefile | 1 + > > > net/ipv6/ip6_gre.c | 1817 > > > > > > ++++++++++++++++++++++++++++++++++++++++++++ > > > net/ipv6/ip6_tunnel.c | 86 ++- 9 files changed, 1958 > > > insertions(+), 25 deletions(-) > > > > Would it be possible and/or feasible to instead modify ip_gre to > > support also ipv6 as outer protocol? > > > > It already has ipv6 stuff in it for the inner protocol support. And > > it would avoid duplicating most of the code. > > > > And I would especially love that approach, since I could then on > > per-target basis say if it should be contacted with IPv4 or IPv6. > > As in: > > > > ip addr add 10.0.0.1/24 dev gre1 > > ip neigh add 10.0.0.2 lladdr 192.168.x.x dev gre1 nud permanent > > ip neigh add 10.0.0.3 lladdr fe80::xxxx:xxxx:xxxx:xxxx/64 dev > > gre1 nud permanent > > Sounds good, but it involves too many if/else because there are much > ipv4 and ipv6 specifics and code will be unreadable. I see only > shared part is tunnel initialization and managing code. Tunnel > lookup, receive and transmit parts are mostly different. Hmm... And thinking more, it looks like various other places need lot of tuning; e.g. tunnel might need multiple local address bindings which is not nice. And now that I checked, seems Cisco also needs separate tunnel interfaces for "over IPv4" and "over IPv6" targets. That's rather inconvenient, but seems to be how things are. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists