30 May, 2020
1 commit
-
Steffen Klassert says:
====================
pull request (net-next): ipsec-next 2020-05-291) Add IPv6 encapsulation support for ESP over UDP and TCP.
From Sabrina Dubroca.2) Remove unneeded reference when initializing xfrm interfaces.
From Nicolas Dichtel.3) Remove some indirect calls from the state_afinfo.
From Florian Westphal.Please note that this pull request has two merge conflicts
between commit:
0c922a4850eb ("xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish")
from Linus' tree and commit:
2ab6096db2f1 ("xfrm: remove output_finish indirection from xfrm_state_afinfo")
from the ipsec-next tree.
and between commit:
3986912f6a9a ("ipv6: move SIOCADDRT and SIOCDELRT handling into ->compat_ioctl")
from the net-next tree and commit:
0146dca70b87 ("xfrm: add support for UDPv6 encapsulation of ESP")
from the ipsec-next tree.
Both conflicts can be resolved as done in linux-next.
====================Signed-off-by: David S. Miller
09 May, 2020
1 commit
-
The intent is to add an additional bind parameter in the next commit.
Instead of adding another argument, let's convert all existing
flag arguments into an extendable bit field.No functional changes.
Signed-off-by: Stanislav Fomichev
Signed-off-by: Daniel Borkmann
Acked-by: Andrey Ignatov
Acked-by: Martin KaFai Lau
Link: https://lore.kernel.org/bpf/20200508174611.228805-4-sdf@google.com
06 May, 2020
1 commit
-
We cannot call this function from the core kernel unless we would force
CONFIG_IPV6=y.Therefore expose this via ipv6_stubs so we can call it from net/xfrm
in the followup patch.Since the call is expected to be unlikely, no extra code for the IPV6=y
case is added and we will always eat the indirection cost.Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert
29 Apr, 2020
1 commit
-
Used in subsequent work to skip route delete
notifications on nexthop deletes.Suggested-by: David Ahern
Signed-off-by: Roopa Prabhu
Reviewed-by: David Ahern
Signed-off-by: David S. Miller
28 Apr, 2020
2 commits
-
This extends espintcp to support IPv6, building on the existing code
and the new UDPv6 encapsulation support. Most of the code is either
reused directly (stream parser, ULP) or very similar to the IPv4
variant (net/ipv6/esp6.c changes).The separation of config options for IPv4 and IPv6 espintcp requires a
bit of Kconfig gymnastics to enable the core code.Signed-off-by: Sabrina Dubroca
Signed-off-by: Steffen Klassert -
This patch adds support for encapsulation of ESP over UDPv6. The code
is very similar to the IPv4 encapsulation implementation, and allows
to easily add espintcp on IPv6 as a follow-up.Signed-off-by: Sabrina Dubroca
Signed-off-by: Steffen Klassert
05 Dec, 2019
1 commit
-
ipv6_stub uses the ip6_dst_lookup function to allow other modules to
perform IPv6 lookups. However, this function skips the XFRM layer
entirely.All users of ipv6_stub->ip6_dst_lookup use ip_route_output_flow (via the
ip_route_output_key and ip_route_output helpers) for their IPv4 lookups,
which calls xfrm_lookup_route(). This patch fixes this inconsistent
behavior by switching the stub to ip6_dst_lookup_flow, which also calls
xfrm_lookup_route().This requires some changes in all the callers, as these two functions
take different arguments and have different return types.Fixes: 5f81bd2e5d80 ("ipv6: export a stub for IPv6 symbols used by vxlan")
Reported-by: Xiumei Mu
Signed-off-by: Sabrina Dubroca
Signed-off-by: David S. Miller
23 May, 2019
3 commits
-
Add fib6_rt_update to send RTM_NEWROUTE with NLM_F_REPLACE set. This
helper will be used by the nexthop code to notify userspace of routes
that are impacted when a nexthop config is updated via replace.This notification is needed for legacy apps that do not understand
the new nexthop object. Apps that are nexthop aware can use the
RTA_NH_ID attribute in the route notification to just ignore it.In the future this should be wrapped in a sysctl to allow OS'es that
are fully updated to avoid the notificaton storm.Signed-off-by: David Ahern
Signed-off-by: David S. Miller -
Add hook to ipv6 stub to bump the sernum up to the root node for a
route. This is needed by the nexthop code when a nexthop config changes.Signed-off-by: David Ahern
Signed-off-by: David S. Miller -
Add ip6_del_rt to the IPv6 stub. The hook is needed by the nexthop
code to remove entries linked to a nexthop that is getting deleted.Signed-off-by: David Ahern
Signed-off-by: David S. Miller
18 Apr, 2019
3 commits
-
Change fib6_lookup and fib6_table_lookup to take a fib6_result and set
f6i and nh rather than returning a fib6_info. For now both always
return 0.A later patch set can make these more like the IPv4 counterparts and
return EINVAL, EACCESS, etc based on fib6_type.Signed-off-by: David Ahern
Signed-off-by: David S. Miller -
Change ip6_mtu_from_fib6 and fib6_mtu to take a fib6_result over a
fib6_info. Update both to use the fib6_nh from fib6_result.Since the signature of ip6_mtu_from_fib6 is already changing, add const
to daddr and saddr.Signed-off-by: David Ahern
Signed-off-by: David S. Miller -
Add 'struct fib6_result' to hold the fib entry and fib6_nh from a fib
lookup as separate entries, similar to what IPv4 now has with fib_result.Rename fib6_multipath_select to fib6_select_path, pass fib6_result to
it, and set f6i and nh in the result once a path selection is done.
Call fib6_select_path unconditionally for path selection which means
moving the sibling and oif check to fib6_select_path. To handle the two
different call paths (2 only call multipath_select if flowi6_oif == 0 and
the other always calls it), add a new have_oif_match that controls the
sibling walk if relevant.Update callers of fib6_multipath_select accordingly and have them use the
fib6_info and fib6_nh from the result.This is needed for multipath nexthop objects where a single f6i can
point to multiple fib6_nh (similar to IPv4).Signed-off-by: David Ahern
Signed-off-by: David S. Miller
09 Apr, 2019
1 commit
-
Add fib6_nh_init and fib6_nh_release to ipv6_stubs. If fib6_nh_init fails,
callers should not invoke fib6_nh_release, so there is no reason to have
a dummy stub for the IPv6 is not enabled case.Signed-off-by: David Ahern
Reviewed-by: Ido Schimmel
Signed-off-by: David S. Miller
30 Mar, 2019
1 commit
-
The number of stubs is growing and has nothing to do with addrconf.
Move the definition of the stubs to a separate header file and update
users. In the move, drop the vxlan specific comment before ipv6_stub.Code move only; no functional change intended.
Signed-off-by: David Ahern
Signed-off-by: David S. Miller