diff options
| author | Mahesh Bandewar | 2016-09-16 21:59:19 +0200 |
|---|---|---|
| committer | David S. Miller | 2016-09-19 07:25:22 +0200 |
| commit | 4fbae7d83c98c30efcf0a2a2ac55fbb75ef5a1a5 (patch) | |
| tree | 3ea819d38ad4fbbae8d4db166f58451c2a78ee20 /include/uapi/linux/if_link.h | |
| parent | net: Add _nf_(un)register_hooks symbols (diff) | |
| download | kernel-qcow2-linux-4fbae7d83c98c30efcf0a2a2ac55fbb75ef5a1a5.tar.gz kernel-qcow2-linux-4fbae7d83c98c30efcf0a2a2ac55fbb75ef5a1a5.tar.xz kernel-qcow2-linux-4fbae7d83c98c30efcf0a2a2ac55fbb75ef5a1a5.zip | |
ipvlan: Introduce l3s mode
In a typical IPvlan L3 setup where master is in default-ns and
each slave is into different (slave) ns. In this setup egress
packet processing for traffic originating from slave-ns will
hit all NF_HOOKs in slave-ns as well as default-ns. However same
is not true for ingress processing. All these NF_HOOKs are
hit only in the slave-ns skipping them in the default-ns.
IPvlan in L3 mode is restrictive and if admins want to deploy
iptables rules in default-ns, this asymmetric data path makes it
impossible to do so.
This patch makes use of the l3_rcv() (added as part of l3mdev
enhancements) to perform input route lookup on RX packets without
changing the skb->dev and then uses nf_hook at NF_INET_LOCAL_IN
to change the skb->dev just before handing over skb to L4.
Signed-off-by: Mahesh Bandewar <maheshb@google.com>
CC: David Ahern <dsa@cumulusnetworks.com>
Reviewed-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/uapi/linux/if_link.h')
| -rw-r--r-- | include/uapi/linux/if_link.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h index 2351776a724f..7ec9e99d5491 100644 --- a/include/uapi/linux/if_link.h +++ b/include/uapi/linux/if_link.h @@ -464,6 +464,7 @@ enum { enum ipvlan_mode { IPVLAN_MODE_L2 = 0, IPVLAN_MODE_L3, + IPVLAN_MODE_L3S, IPVLAN_MODE_MAX }; |