Age | Commit message (Collapse) | Author |
|
ok jsg@
|
|
according to small bits of cisco doco, multicast can be implemented
on mgre using head-end replication. that isnt implemented, but the
flags do allow ipv6 addresses to be added to the interface.
|
|
|
|
this relies on ifconfig tunneladdr
|
|
ok mpi@
|
|
suggested by mpi@
|
|
in practice this means NET_ASSERT_LOCKED() near the lists and trees
holding the different types of gre interfaces.
suggested by mpi@
|
|
mgre is different to gre in that the tunnel only needs configuration
for a local address, and the address inside the tunnel is configured
on it is a subnet. other addresses on that subnet get mapped to a
tunnel endpoint and send there.
at the moment that mechanism is the routing table, using non-gateway
host routes with the tunnel endpoint as the gateway address.
the tunnel address configuration is ugly and confusing atm, but
should improve soon.
ok mpi@ who has some suggestions i can do in the tree.
|
|
|
|
|
|
|
|
|
|
NVGRE is short for Network Virtualization Using Generic Routing
Encapsulation.
it provides an overlay ethernet network with multiple ip peers,
rather than a tunnel to a single peer like egre(4) provides. unlike
egre the vnetid is mandantory and always 24 bits. it offers similar
functionality to vxlan(4).
|
|
|
|
|
|
internet control, so we can too.
|
|
when enabled, the 32bit key on gre a packet is split into a 24bit
key and an 8 bit flow id. this allows better use of multipath links
if the intermediate routers feed the gre key into their hashing
algorithms. because gre can encapsulate pretty much anything, it
can be non-trivial for a router to reach into a payload to harvest
entropy for feeding into a hashing algorithm. having the endpoints
do it and feed it into the gre header is a lot simpler.
this allows interoperationg with cisco gre tunnels with key entropy
enabled. this was tested against a csr1000v.
also, this arrangement coincides with how nvgre works, so it paves
the way for supporting that protocol.
right now the driver relies on the flowid in mbufs to populate the
packet field. this generally means that pf should be enabled to
provide the flowid.
|
|
|
|
makes the code a bit more straightforward
|
|
it's new so there's no existing configs to be compat with.
|
|
this also changes the wccp handling to peek into it's payload to
determine whether it is wccp 1 or 2. wccp1 says the gre header is
followed by ipv4, while wccp2 says there's a small header before
the ipv4 packet. the wccp2 header cannot have 4 in the first nibble,
while ipv4 must have 4 in the first nibble. the code now looks at
the nibble to determine whether it should strip the wccp2 header
or not.
|
|
this lets us look up the gre(4) interface before looking at the
protocols it might be carrying.
|
|
this is a port of the change made to if_etherip.c r1.35 to allow
addresses to be configured before the tunnel is configured.
this rollback is particularly annoying on gre with keepalives.
keepalives rely on the interface rdomain and tunnel rdomain to be
the same, which the rolled back semantics checked. now it is possible
to create an invalid configuration and not get any feedback about
it.
|
|
|
|
|
|
|
|
if the ttl is set to copy, gre will copy the ttl in and out of the
encapsulated packet. it's probably a good idea to set this the same
on both ends of a tunnel.
egre doesn't support tunnelttl copy.
|
|
|
|
there's three main chunks in this: transmit, receive, and factoring out
common gre code.
ethernet over gre unfortunately doesnt pad ethernet frames, so their
payload on rx and their headers on tx will be misaligned. egre copes
with this in the rx path by copying the payload with m_dup_pkt if
it detects misalignment. in the tx path, it unconditionally allocates
a new mbuf for the headers, that can be aligned separately to the
existing payload.
most of the common gre code is in the ioctl paths, so this diff
adds gre_tunnel_ioctl, which is in the spirit of ether_ioctl.
ok claudio@
|
|
|
|
there's a couple of bug fixes in here too. this properly initializes
the ttl on the tunnel, and it clears the ip_off header.
requested by claudio@
|
|
the main new feature is gre keys, supported by the vnetid ioctls.
this also adds support for gre over ipv6, the use of hfsc, and
allows tx mitigation in the future.
this diff removes keepalive support, but i promised claudio@ and
patrick@ i would put it back after this goes in.
ok claudio@
|
|
|
|
memory shortage. As it is invoked from a system call, it should
not fail and wait instead.
OK visa@ mpi@
|
|
SIOCGIF{HARD,}MTU are handled by ifioctl() and not passed down to
drivers.
ok visa@
|
|
Tested by Hrvoje Popovski, ok bluhm@
|
|
OK mpi@
|
|
ok bluhm@
|
|
rectification.
|
|
only once per packet.
Fix a regression introduced when if_input() started to be called by
every pseudo-driver.
ok claudio@, dlg@
|
|
ok bluhm@
|
|
|
|
Like vlan/svlan and tun/tap, it remains a single driver that decides
on the mode based on the interface name. This removes the need for
removing the default link0 flag to turn gre into Mobile IP mode.
Using linkX / IFF_LINK{0,1,2} for interface modes is a deprecated style.
OK millert@ dlg@ many
Not much consensus on the name but mobileip is also used for the sysctls, so
OK henning@
|
|
GREGADDRD, GRESPROTO, and GREGPROTO. They have been replaced by
generic ioctls some time ago (eg. the "ifconfig gre0 tunnel") and
there is no need to keep the old ones around. They are neither used
in base nor in ports.
OK sthen@
|
|
IF_DROP increments the drop counter on the send queue, it exists
to indicate a drop on the send queue. if there was an error sending
a packet be content incrementing if_oerrors.
ok mpi@ uebayasi@
|
|
bug found and fixed by Joonas Ruohonen, thanks
ok claudio@ phessler@
|
|
L2 resolution depends on the protocol (encoded in the route entry) and
an ``ifp''. Not having to care about an ``ifa'' makes our life easier
in our MP effort. Fewer dependencies between data structures implies
fewer headaches.
Discussed with bluhm@, ok claudio@
|
|
ok guenther@, henning@
|
|
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
|
long live the one true internet.
ok henning mikeb
|