Commit b621129f authored by Vadim Fedorenko's avatar Vadim Fedorenko Committed by Pablo Neira Ayuso

netfilter: ipvs: full-functionality option for ECN encapsulation in tunnel

IPVS tunnel mode works as simple tunnel (see RFC 3168) copying ECN field
to outer header. That's result in packet drops on egress tunnels in case
the egress tunnel operates as ECN-capable with Full-functionality option
(like ip_tunnel and ip6_tunnel kernel modules), according to RFC 3168
section 9.1.1 recommendation.

This patch implements ECN full-functionality option into ipvs xmit code.

Cc: netdev@vger.kernel.org
Cc: lvs-devel@vger.kernel.org
Signed-off-by: default avatarVadim Fedorenko <vfedorenko@yandex-team.ru>
Reviewed-by: default avatarKonstantin Khlebnikov <khlebnikov@yandex-team.ru>
Acked-by: default avatarJulian Anastasov <ja@ssi.bg>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent b4391db4
...@@ -921,6 +921,7 @@ ip_vs_prepare_tunneled_skb(struct sk_buff *skb, int skb_af, ...@@ -921,6 +921,7 @@ ip_vs_prepare_tunneled_skb(struct sk_buff *skb, int skb_af,
{ {
struct sk_buff *new_skb = NULL; struct sk_buff *new_skb = NULL;
struct iphdr *old_iph = NULL; struct iphdr *old_iph = NULL;
__u8 old_dsfield;
#ifdef CONFIG_IP_VS_IPV6 #ifdef CONFIG_IP_VS_IPV6
struct ipv6hdr *old_ipv6h = NULL; struct ipv6hdr *old_ipv6h = NULL;
#endif #endif
...@@ -945,7 +946,7 @@ ip_vs_prepare_tunneled_skb(struct sk_buff *skb, int skb_af, ...@@ -945,7 +946,7 @@ ip_vs_prepare_tunneled_skb(struct sk_buff *skb, int skb_af,
*payload_len = *payload_len =
ntohs(old_ipv6h->payload_len) + ntohs(old_ipv6h->payload_len) +
sizeof(*old_ipv6h); sizeof(*old_ipv6h);
*dsfield = ipv6_get_dsfield(old_ipv6h); old_dsfield = ipv6_get_dsfield(old_ipv6h);
*ttl = old_ipv6h->hop_limit; *ttl = old_ipv6h->hop_limit;
if (df) if (df)
*df = 0; *df = 0;
...@@ -960,12 +961,15 @@ ip_vs_prepare_tunneled_skb(struct sk_buff *skb, int skb_af, ...@@ -960,12 +961,15 @@ ip_vs_prepare_tunneled_skb(struct sk_buff *skb, int skb_af,
/* fix old IP header checksum */ /* fix old IP header checksum */
ip_send_check(old_iph); ip_send_check(old_iph);
*dsfield = ipv4_get_dsfield(old_iph); old_dsfield = ipv4_get_dsfield(old_iph);
*ttl = old_iph->ttl; *ttl = old_iph->ttl;
if (payload_len) if (payload_len)
*payload_len = ntohs(old_iph->tot_len); *payload_len = ntohs(old_iph->tot_len);
} }
/* Implement full-functionality option for ECN encapsulation */
*dsfield = INET_ECN_encapsulate(old_dsfield, old_dsfield);
return skb; return skb;
error: error:
kfree_skb(skb); kfree_skb(skb);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment