|
|
36cfb7 |
From 0152070641c58eccf6c6d9981a33f17ada23996f Mon Sep 17 00:00:00 2001
|
|
|
36cfb7 |
From: Andrea Claudi <aclaudi@redhat.com>
|
|
|
36cfb7 |
Date: Wed, 5 Jun 2019 13:12:49 +0200
|
|
|
36cfb7 |
Subject: [PATCH] tc: m_tunnel_key: add csum/nocsum option
|
|
|
36cfb7 |
|
|
|
36cfb7 |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1714660
|
|
|
36cfb7 |
Upstream Status: iproute2.git commit 59eb271d1d259
|
|
|
36cfb7 |
Conflicts: context change due to out-of-order cherry-pick of
|
|
|
36cfb7 |
commit 9f89b0cc0eda2 ("tc/act_tunnel_key: Enable
|
|
|
36cfb7 |
setup of tos and ttl")
|
|
|
36cfb7 |
|
|
|
36cfb7 |
commit 59eb271d1d259da21372d222a2d995e57ef648a9
|
|
|
36cfb7 |
Author: Jiri Benc <jbenc@redhat.com>
|
|
|
36cfb7 |
Date: Wed Jun 14 21:30:18 2017 +0200
|
|
|
36cfb7 |
|
|
|
36cfb7 |
tc: m_tunnel_key: add csum/nocsum option
|
|
|
36cfb7 |
|
|
|
36cfb7 |
Allows control of UDP zero checksum.
|
|
|
36cfb7 |
|
|
|
36cfb7 |
Signed-off-by: Jiri Benc <jbenc@redhat.com>
|
|
|
36cfb7 |
---
|
|
|
36cfb7 |
man/man8/tc-tunnel_key.8 | 18 ++++++++++++++++++
|
|
|
36cfb7 |
tc/m_tunnel_key.c | 21 ++++++++++++++++++++-
|
|
|
36cfb7 |
2 files changed, 38 insertions(+), 1 deletion(-)
|
|
|
36cfb7 |
|
|
|
36cfb7 |
diff --git a/man/man8/tc-tunnel_key.8 b/man/man8/tc-tunnel_key.8
|
|
|
36cfb7 |
index 5e93c59d49465..0cd792a66d185 100644
|
|
|
36cfb7 |
--- a/man/man8/tc-tunnel_key.8
|
|
|
36cfb7 |
+++ b/man/man8/tc-tunnel_key.8
|
|
|
36cfb7 |
@@ -18,6 +18,7 @@ tunnel_key - Tunnel metadata manipulation
|
|
|
36cfb7 |
.BI dst_port " UDP_PORT"
|
|
|
36cfb7 |
.BI tos " TOS"
|
|
|
36cfb7 |
.BI ttl " TTL"
|
|
|
36cfb7 |
+.RB "[ " csum " | " nocsum " ]"
|
|
|
36cfb7 |
|
|
|
36cfb7 |
.SH DESCRIPTION
|
|
|
36cfb7 |
The
|
|
|
36cfb7 |
@@ -85,6 +86,23 @@ Outer header TOS
|
|
|
36cfb7 |
.TP
|
|
|
36cfb7 |
.B ttl
|
|
|
36cfb7 |
Outer header TTL
|
|
|
36cfb7 |
+.TP
|
|
|
36cfb7 |
+.RB [ no ] csum
|
|
|
36cfb7 |
+Controlls outer UDP checksum. When set to
|
|
|
36cfb7 |
+.B csum
|
|
|
36cfb7 |
+(which is default), the outer UDP checksum is calculated and included in the
|
|
|
36cfb7 |
+packets. When set to
|
|
|
36cfb7 |
+.BR nocsum ,
|
|
|
36cfb7 |
+outer UDP checksum is zero. Note that when using zero UDP checksums with
|
|
|
36cfb7 |
+IPv6, the other tunnel endpoint must be configured to accept such packets.
|
|
|
36cfb7 |
+In Linux, this would be the
|
|
|
36cfb7 |
+.B udp6zerocsumrx
|
|
|
36cfb7 |
+option for the VXLAN tunnel interface.
|
|
|
36cfb7 |
+.IP
|
|
|
36cfb7 |
+If using
|
|
|
36cfb7 |
+.B nocsum
|
|
|
36cfb7 |
+with IPv6, be sure you know what you are doing. Zero UDP checksums provide
|
|
|
36cfb7 |
+weaker protection against corrupted packets. See RFC6935 for details.
|
|
|
36cfb7 |
.RE
|
|
|
36cfb7 |
.SH EXAMPLES
|
|
|
36cfb7 |
The following example encapsulates incoming ICMP packets on eth0 into a vxlan
|
|
|
36cfb7 |
diff --git a/tc/m_tunnel_key.c b/tc/m_tunnel_key.c
|
|
|
36cfb7 |
index cdde64a15b929..992adc51c28ab 100644
|
|
|
36cfb7 |
--- a/tc/m_tunnel_key.c
|
|
|
36cfb7 |
+++ b/tc/m_tunnel_key.c
|
|
|
36cfb7 |
@@ -28,7 +28,8 @@ static void explain(void)
|
|
|
36cfb7 |
"id <TUNNELID>\n"
|
|
|
36cfb7 |
"src_ip <IP> (mandatory)\n"
|
|
|
36cfb7 |
"dst_ip <IP> (mandatory)\n"
|
|
|
36cfb7 |
- "dst_port <UDP_PORT>\n");
|
|
|
36cfb7 |
+ "dst_port <UDP_PORT>\n"
|
|
|
36cfb7 |
+ "csum | nocsum (default is \"csum\")\n");
|
|
|
36cfb7 |
}
|
|
|
36cfb7 |
|
|
|
36cfb7 |
static void usage(void)
|
|
|
36cfb7 |
@@ -107,6 +108,7 @@ static int parse_tunnel_key(struct action_util *a, int *argc_p, char ***argv_p,
|
|
|
36cfb7 |
int ret;
|
|
|
36cfb7 |
int has_src_ip = 0;
|
|
|
36cfb7 |
int has_dst_ip = 0;
|
|
|
36cfb7 |
+ int csum = 1;
|
|
|
36cfb7 |
|
|
|
36cfb7 |
if (matches(*argv, "tunnel_key") != 0)
|
|
|
36cfb7 |
return -1;
|
|
|
36cfb7 |
@@ -186,6 +188,10 @@ static int parse_tunnel_key(struct action_util *a, int *argc_p, char ***argv_p,
|
|
|
36cfb7 |
fprintf(stderr, "Illegal \"ttl\"\n");
|
|
|
36cfb7 |
return -1;
|
|
|
36cfb7 |
}
|
|
|
36cfb7 |
+ } else if (matches(*argv, "csum") == 0) {
|
|
|
36cfb7 |
+ csum = 1;
|
|
|
36cfb7 |
+ } else if (matches(*argv, "nocsum") == 0) {
|
|
|
36cfb7 |
+ csum = 0;
|
|
|
36cfb7 |
} else if (matches(*argv, "help") == 0) {
|
|
|
36cfb7 |
usage();
|
|
|
36cfb7 |
} else {
|
|
|
36cfb7 |
@@ -194,6 +200,8 @@ static int parse_tunnel_key(struct action_util *a, int *argc_p, char ***argv_p,
|
|
|
36cfb7 |
NEXT_ARG_FWD();
|
|
|
36cfb7 |
}
|
|
|
36cfb7 |
|
|
|
36cfb7 |
+ addattr8(n, MAX_MSG, TCA_TUNNEL_KEY_NO_CSUM, !csum);
|
|
|
36cfb7 |
+
|
|
|
36cfb7 |
parse_action_control_dflt(&argc, &argv, &parm.action,
|
|
|
36cfb7 |
false, TC_ACT_PIPE);
|
|
|
36cfb7 |
|
|
|
36cfb7 |
@@ -276,6 +284,15 @@ static void tunnel_key_print_tos_ttl(FILE *f, char *name,
|
|
|
36cfb7 |
}
|
|
|
36cfb7 |
}
|
|
|
36cfb7 |
|
|
|
36cfb7 |
+static void tunnel_key_print_flag(FILE *f, const char *name_on,
|
|
|
36cfb7 |
+ const char *name_off,
|
|
|
36cfb7 |
+ struct rtattr *attr)
|
|
|
36cfb7 |
+{
|
|
|
36cfb7 |
+ if (!attr)
|
|
|
36cfb7 |
+ return;
|
|
|
36cfb7 |
+ fprintf(f, "\n\t%s", rta_getattr_u8(attr) ? name_on : name_off);
|
|
|
36cfb7 |
+}
|
|
|
36cfb7 |
+
|
|
|
36cfb7 |
static int print_tunnel_key(struct action_util *au, FILE *f, struct rtattr *arg)
|
|
|
36cfb7 |
{
|
|
|
36cfb7 |
struct rtattr *tb[TCA_TUNNEL_KEY_MAX + 1];
|
|
|
36cfb7 |
@@ -312,6 +329,8 @@ static int print_tunnel_key(struct action_util *au, FILE *f, struct rtattr *arg)
|
|
|
36cfb7 |
tb[TCA_TUNNEL_KEY_ENC_KEY_ID]);
|
|
|
36cfb7 |
tunnel_key_print_dst_port(f, "dst_port",
|
|
|
36cfb7 |
tb[TCA_TUNNEL_KEY_ENC_DST_PORT]);
|
|
|
36cfb7 |
+ tunnel_key_print_flag(f, "nocsum", "csum",
|
|
|
36cfb7 |
+ tb[TCA_TUNNEL_KEY_NO_CSUM]);
|
|
|
36cfb7 |
tunnel_key_print_tos_ttl(f, "tos",
|
|
|
36cfb7 |
tb[TCA_TUNNEL_KEY_ENC_TOS]);
|
|
|
36cfb7 |
tunnel_key_print_tos_ttl(f, "ttl",
|
|
|
36cfb7 |
--
|
|
|
36cfb7 |
2.20.1
|
|
|
36cfb7 |
|