From 0152070641c58eccf6c6d9981a33f17ada23996f Mon Sep 17 00:00:00 2001 From: Andrea Claudi Date: Wed, 5 Jun 2019 13:12:49 +0200 Subject: [PATCH] tc: m_tunnel_key: add csum/nocsum option Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1714660 Upstream Status: iproute2.git commit 59eb271d1d259 Conflicts: context change due to out-of-order cherry-pick of commit 9f89b0cc0eda2 ("tc/act_tunnel_key: Enable setup of tos and ttl") commit 59eb271d1d259da21372d222a2d995e57ef648a9 Author: Jiri Benc Date: Wed Jun 14 21:30:18 2017 +0200 tc: m_tunnel_key: add csum/nocsum option Allows control of UDP zero checksum. Signed-off-by: Jiri Benc --- man/man8/tc-tunnel_key.8 | 18 ++++++++++++++++++ tc/m_tunnel_key.c | 21 ++++++++++++++++++++- 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/man/man8/tc-tunnel_key.8 b/man/man8/tc-tunnel_key.8 index 5e93c59d49465..0cd792a66d185 100644 --- a/man/man8/tc-tunnel_key.8 +++ b/man/man8/tc-tunnel_key.8 @@ -18,6 +18,7 @@ tunnel_key - Tunnel metadata manipulation .BI dst_port " UDP_PORT" .BI tos " TOS" .BI ttl " TTL" +.RB "[ " csum " | " nocsum " ]" .SH DESCRIPTION The @@ -85,6 +86,23 @@ Outer header TOS .TP .B ttl Outer header TTL +.TP +.RB [ no ] csum +Controlls outer UDP checksum. When set to +.B csum +(which is default), the outer UDP checksum is calculated and included in the +packets. When set to +.BR nocsum , +outer UDP checksum is zero. Note that when using zero UDP checksums with +IPv6, the other tunnel endpoint must be configured to accept such packets. +In Linux, this would be the +.B udp6zerocsumrx +option for the VXLAN tunnel interface. +.IP +If using +.B nocsum +with IPv6, be sure you know what you are doing. Zero UDP checksums provide +weaker protection against corrupted packets. See RFC6935 for details. .RE .SH EXAMPLES The following example encapsulates incoming ICMP packets on eth0 into a vxlan diff --git a/tc/m_tunnel_key.c b/tc/m_tunnel_key.c index cdde64a15b929..992adc51c28ab 100644 --- a/tc/m_tunnel_key.c +++ b/tc/m_tunnel_key.c @@ -28,7 +28,8 @@ static void explain(void) "id \n" "src_ip (mandatory)\n" "dst_ip (mandatory)\n" - "dst_port \n"); + "dst_port \n" + "csum | nocsum (default is \"csum\")\n"); } static void usage(void) @@ -107,6 +108,7 @@ static int parse_tunnel_key(struct action_util *a, int *argc_p, char ***argv_p, int ret; int has_src_ip = 0; int has_dst_ip = 0; + int csum = 1; if (matches(*argv, "tunnel_key") != 0) return -1; @@ -186,6 +188,10 @@ static int parse_tunnel_key(struct action_util *a, int *argc_p, char ***argv_p, fprintf(stderr, "Illegal \"ttl\"\n"); return -1; } + } else if (matches(*argv, "csum") == 0) { + csum = 1; + } else if (matches(*argv, "nocsum") == 0) { + csum = 0; } else if (matches(*argv, "help") == 0) { usage(); } else { @@ -194,6 +200,8 @@ static int parse_tunnel_key(struct action_util *a, int *argc_p, char ***argv_p, NEXT_ARG_FWD(); } + addattr8(n, MAX_MSG, TCA_TUNNEL_KEY_NO_CSUM, !csum); + parse_action_control_dflt(&argc, &argv, &parm.action, false, TC_ACT_PIPE); @@ -276,6 +284,15 @@ static void tunnel_key_print_tos_ttl(FILE *f, char *name, } } +static void tunnel_key_print_flag(FILE *f, const char *name_on, + const char *name_off, + struct rtattr *attr) +{ + if (!attr) + return; + fprintf(f, "\n\t%s", rta_getattr_u8(attr) ? name_on : name_off); +} + static int print_tunnel_key(struct action_util *au, FILE *f, struct rtattr *arg) { struct rtattr *tb[TCA_TUNNEL_KEY_MAX + 1]; @@ -312,6 +329,8 @@ static int print_tunnel_key(struct action_util *au, FILE *f, struct rtattr *arg) tb[TCA_TUNNEL_KEY_ENC_KEY_ID]); tunnel_key_print_dst_port(f, "dst_port", tb[TCA_TUNNEL_KEY_ENC_DST_PORT]); + tunnel_key_print_flag(f, "nocsum", "csum", + tb[TCA_TUNNEL_KEY_NO_CSUM]); tunnel_key_print_tos_ttl(f, "tos", tb[TCA_TUNNEL_KEY_ENC_TOS]); tunnel_key_print_tos_ttl(f, "ttl", -- 2.21.0