git.cascardo.info Git - cascardo/linux.git/commit

author	Mahesh Bandewar <maheshb@google.com>
	Fri, 16 Sep 2016 19:59:19 +0000 (12:59 -0700)
committer	David S. Miller <davem@davemloft.net>
	Mon, 19 Sep 2016 05:25:22 +0000 (01:25 -0400)
commit	4fbae7d83c98c30efcf0a2a2ac55fbb75ef5a1a5
tree	3ea819d38ad4fbbae8d4db166f58451c2a78ee20	tree \| snapshot
parent	e8bffe0cf964f0330595bb376b74921cccdaac88	commit \| diff

ipvlan: Introduce l3s mode

In a typical IPvlan L3 setup where master is in default-ns and
each slave is into different (slave) ns. In this setup egress
packet processing for traffic originating from slave-ns will
hit all NF_HOOKs in slave-ns as well as default-ns. However same
is not true for ingress processing. All these NF_HOOKs are
hit only in the slave-ns skipping them in the default-ns.
IPvlan in L3 mode is restrictive and if admins want to deploy
iptables rules in default-ns, this asymmetric data path makes it
impossible to do so.

This patch makes use of the l3_rcv() (added as part of l3mdev
enhancements) to perform input route lookup on RX packets without
changing the skb->dev and then uses nf_hook at NF_INET_LOCAL_IN
to change the skb->dev just before handing over skb to L4.

Signed-off-by: Mahesh Bandewar <maheshb@google.com>
CC: David Ahern <dsa@cumulusnetworks.com>
Reviewed-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Documentation/networking/ipvlan.txt		diff \| blob \| history
drivers/net/Kconfig		diff \| blob \| history
drivers/net/ipvlan/ipvlan.h		diff \| blob \| history
drivers/net/ipvlan/ipvlan_core.c		diff \| blob \| history
drivers/net/ipvlan/ipvlan_main.c		diff \| blob \| history
include/uapi/linux/if_link.h		diff \| blob \| history