| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Apr 2013 19:16:34 +0900
From: Atzm Watanabe <atzm@...atosphere.co.jp>
To: netdev@...r.kernel.org
Cc: "David S. Miller" <davem@...emloft.net>,
Stephen Hemminger <stephen@...workplumber.org>,
Cong Wang <xiyou.wangcong@...il.com>
Subject: [PATCH v2] vxlan: Allow setting destination to unicast address.
This patch allows setting VXLAN destination to unicast address.
It allows that VXLAN can be used as peer-to-peer tunnel without
multicast.
v2: use a new attribute REMOTE instead of GROUP based by
Cong Wang's comments.
Signed-off-by: Atzm Watanabe <atzm@...atosphere.co.jp>
---
drivers/net/vxlan.c | 45 ++++++++++++++++++++++++++++++++++----------
include/uapi/linux/if_link.h | 1 +
2 files changed, 36 insertions(+), 10 deletions(-)
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index 9a64715..ae589a3 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -106,7 +106,7 @@ struct vxlan_dev {
struct hlist_node hlist;
struct net_device *dev;
__u32 vni; /* virtual network id */
- __be32 gaddr; /* multicast group */
+ __be32 daddr; /* destination address */
__be32 saddr; /* source address */
unsigned int link; /* link to multicast over */
__u16 port_min; /* source port range */
@@ -591,7 +591,7 @@ static bool vxlan_group_used(struct vxlan_net *vn,
if (!netif_running(vxlan->dev))
continue;
- if (vxlan->gaddr == this->gaddr)
+ if (vxlan->daddr == this->daddr)
return true;
}
@@ -605,7 +605,7 @@ static int vxlan_join_group(struct net_device *dev)
struct vxlan_net *vn = net_generic(dev_net(dev), vxlan_net_id);
struct sock *sk = vn->sock->sk;
struct ip_mreqn mreq = {
- .imr_multiaddr.s_addr = vxlan->gaddr,
+ .imr_multiaddr.s_addr = vxlan->daddr,
.imr_ifindex = vxlan->link,
};
int err;
@@ -633,7 +633,7 @@ static int vxlan_leave_group(struct net_device *dev)
int err = 0;
struct sock *sk = vn->sock->sk;
struct ip_mreqn mreq = {
- .imr_multiaddr.s_addr = vxlan->gaddr,
+ .imr_multiaddr.s_addr = vxlan->daddr,
.imr_ifindex = vxlan->link,
};
@@ -1106,7 +1106,7 @@ static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev)
did_rsc = false;
group.remote_port = vxlan_port;
group.remote_vni = vxlan->vni;
- group.remote_ip = vxlan->gaddr;
+ group.remote_ip = vxlan->daddr;
group.remote_ifindex = vxlan->link;
group.remote_next = 0;
rdst0 = &group;
@@ -1189,7 +1189,7 @@ static int vxlan_open(struct net_device *dev)
struct vxlan_dev *vxlan = netdev_priv(dev);
int err;
- if (vxlan->gaddr) {
+ if (IN_MULTICAST(ntohl(vxlan->daddr))) {
err = vxlan_join_group(dev);
if (err)
return err;
@@ -1223,7 +1223,7 @@ static int vxlan_stop(struct net_device *dev)
{
struct vxlan_dev *vxlan = netdev_priv(dev);
- if (vxlan->gaddr)
+ if (IN_MULTICAST(ntohl(vxlan->daddr)))
vxlan_leave_group(dev);
del_timer_sync(&vxlan->age_timer);
@@ -1312,6 +1312,7 @@ static const struct nla_policy vxlan_policy[IFLA_VXLAN_MAX + 1] = {
[IFLA_VXLAN_GROUP] = { .len = FIELD_SIZEOF(struct iphdr, daddr) },
[IFLA_VXLAN_LINK] = { .type = NLA_U32 },
[IFLA_VXLAN_LOCAL] = { .len = FIELD_SIZEOF(struct iphdr, saddr) },
+ [IFLA_VXLAN_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) },
[IFLA_VXLAN_TOS] = { .type = NLA_U8 },
[IFLA_VXLAN_TTL] = { .type = NLA_U8 },
[IFLA_VXLAN_LEARNING] = { .type = NLA_U8 },
@@ -1347,6 +1348,9 @@ static int vxlan_validate(struct nlattr *tb[], struct nlattr *data[])
return -ERANGE;
}
+ if (data[IFLA_VXLAN_GROUP] && data[IFLA_VXLAN_REMOTE])
+ return -EINVAL;
+
if (data[IFLA_VXLAN_GROUP]) {
__be32 gaddr = nla_get_be32(data[IFLA_VXLAN_GROUP]);
if (!IN_MULTICAST(ntohl(gaddr))) {
@@ -1355,6 +1359,14 @@ static int vxlan_validate(struct nlattr *tb[], struct nlattr *data[])
}
}
+ if (data[IFLA_VXLAN_REMOTE]) {
+ __be32 daddr = nla_get_be32(data[IFLA_VXLAN_REMOTE]);
+ if (IN_MULTICAST(ntohl(daddr))) {
+ pr_debug("remote address is not IPv4 unicast\n");
+ return -EADDRNOTAVAIL;
+ }
+ }
+
if (data[IFLA_VXLAN_PORT_RANGE]) {
const struct ifla_vxlan_port_range *p
= nla_data(data[IFLA_VXLAN_PORT_RANGE]);
@@ -1399,7 +1411,10 @@ static int vxlan_newlink(struct net *net, struct net_device *dev,
vxlan->vni = vni;
if (data[IFLA_VXLAN_GROUP])
- vxlan->gaddr = nla_get_be32(data[IFLA_VXLAN_GROUP]);
+ vxlan->daddr = nla_get_be32(data[IFLA_VXLAN_GROUP]);
+
+ if (data[IFLA_VXLAN_REMOTE])
+ vxlan->daddr = nla_get_be32(data[IFLA_VXLAN_REMOTE]);
if (data[IFLA_VXLAN_LOCAL])
vxlan->saddr = nla_get_be32(data[IFLA_VXLAN_LOCAL]);
@@ -1483,6 +1498,7 @@ static size_t vxlan_get_size(const struct net_device *dev)
nla_total_size(sizeof(__be32)) +/* IFLA_VXLAN_GROUP */
nla_total_size(sizeof(__u32)) + /* IFLA_VXLAN_LINK */
nla_total_size(sizeof(__be32))+ /* IFLA_VXLAN_LOCAL */
+ nla_total_size(sizeof(__be32))+ /* IFLA_VXLAN_REMOTE */
nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_TTL */
nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_TOS */
nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_LEARNING */
@@ -1507,8 +1523,17 @@ static int vxlan_fill_info(struct sk_buff *skb, const struct net_device *dev)
if (nla_put_u32(skb, IFLA_VXLAN_ID, vxlan->vni))
goto nla_put_failure;
- if (vxlan->gaddr && nla_put_be32(skb, IFLA_VXLAN_GROUP, vxlan->gaddr))
- goto nla_put_failure;
+ if (vxlan->daddr) {
+ int err;
+
+ if (IN_MULTICAST(ntohl(vxlan->daddr)))
+ err = nla_put_be32(skb, IFLA_VXLAN_GROUP, vxlan->daddr);
+ else
+ err = nla_put_be32(skb, IFLA_VXLAN_REMOTE, vxlan->daddr);
+
+ if (err)
+ goto nla_put_failure;
+ }
if (vxlan->link && nla_put_u32(skb, IFLA_VXLAN_LINK, vxlan->link))
goto nla_put_failure;
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index 6b35c42..3b9dab9b 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -299,6 +299,7 @@ enum {
IFLA_VXLAN_GROUP,
IFLA_VXLAN_LINK,
IFLA_VXLAN_LOCAL,
+ IFLA_VXLAN_REMOTE,
IFLA_VXLAN_TTL,
IFLA_VXLAN_TOS,
IFLA_VXLAN_LEARNING,
--
1.8.1.5
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists