diff options
author | Mahesh Bandewar <maheshb@google.com> | 2016-09-16 22:59:19 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2016-09-19 08:25:22 +0300 |
commit | 4fbae7d83c98c30efcf0a2a2ac55fbb75ef5a1a5 (patch) | |
tree | 3ea819d38ad4fbbae8d4db166f58451c2a78ee20 /drivers/net/ipvlan/ipvlan.h | |
parent | e8bffe0cf964f0330595bb376b74921cccdaac88 (diff) | |
download | linux-4fbae7d83c98c30efcf0a2a2ac55fbb75ef5a1a5.tar.xz |
ipvlan: Introduce l3s mode
In a typical IPvlan L3 setup where master is in default-ns and
each slave is into different (slave) ns. In this setup egress
packet processing for traffic originating from slave-ns will
hit all NF_HOOKs in slave-ns as well as default-ns. However same
is not true for ingress processing. All these NF_HOOKs are
hit only in the slave-ns skipping them in the default-ns.
IPvlan in L3 mode is restrictive and if admins want to deploy
iptables rules in default-ns, this asymmetric data path makes it
impossible to do so.
This patch makes use of the l3_rcv() (added as part of l3mdev
enhancements) to perform input route lookup on RX packets without
changing the skb->dev and then uses nf_hook at NF_INET_LOCAL_IN
to change the skb->dev just before handing over skb to L4.
Signed-off-by: Mahesh Bandewar <maheshb@google.com>
CC: David Ahern <dsa@cumulusnetworks.com>
Reviewed-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/ipvlan/ipvlan.h')
-rw-r--r-- | drivers/net/ipvlan/ipvlan.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/net/ipvlan/ipvlan.h b/drivers/net/ipvlan/ipvlan.h index 695a5dc9ace3..7e0732f5ea07 100644 --- a/drivers/net/ipvlan/ipvlan.h +++ b/drivers/net/ipvlan/ipvlan.h @@ -23,11 +23,13 @@ #include <linux/if_vlan.h> #include <linux/ip.h> #include <linux/inetdevice.h> +#include <linux/netfilter.h> #include <net/ip.h> #include <net/ip6_route.h> #include <net/rtnetlink.h> #include <net/route.h> #include <net/addrconf.h> +#include <net/l3mdev.h> #define IPVLAN_DRV "ipvlan" #define IPV_DRV_VER "0.1" @@ -124,4 +126,8 @@ struct ipvl_addr *ipvlan_find_addr(const struct ipvl_dev *ipvlan, const void *iaddr, bool is_v6); bool ipvlan_addr_busy(struct ipvl_port *port, void *iaddr, bool is_v6); void ipvlan_ht_addr_del(struct ipvl_addr *addr); +struct sk_buff *ipvlan_l3_rcv(struct net_device *dev, struct sk_buff *skb, + u16 proto); +unsigned int ipvlan_nf_input(void *priv, struct sk_buff *skb, + const struct nf_hook_state *state); #endif /* __IPVLAN_H */ |