Wei Yongjun wrote:
>> What about the PMTU problem?
>>
>> I've understand that this solution will not work:
>>
>> You wrote:
>> "This would work for transmit SCTP packet under IPSEC, the
>> problem is that we can not get the correct PMTU for the
>> transport.Under IPv4, both transmit and the PMTU is correct."
>>
>
> Yeah, sorry for that, the PMTU problem maybe because I did the wrong
> thing in the past when I do the same thing. And now when I try to solution
> it, but works :-( . I do not know whether this implementation has other
> problem.
>
> Maybe we should do strict route select in sctp_v6_get_dst(), use the address
> from the asoc or the dev address, do the same thing as IPv4.
Yes. This is what should be done. Folks from windriver at looking at fixing that
because IPv6 sourced based policy routing is currently broken.
-vlad
>
>
>> Regards,
>> Nicolas
>>
>> Wei Yongjun wrote:
>>
>>> IPSec rules are ineffective with IPv6 transmit currently, so
>>> this patch make them effective with IPv6.
>>> Idea from Nicolas Dichtel <nicolas.dichtel@xxxxxxxxxxxxx>
>>>
>>> Signed-off-by: Wei Yongjun <yjwei@xxxxxxxxxxxxxx>
>>> ---
>>> include/net/sctp/structs.h | 3 +++
>>> net/sctp/ipv6.c | 23 +++++++++++++++++++++++
>>> net/sctp/transport.c | 3 +++
>>> 3 files changed, 29 insertions(+), 0 deletions(-)
>>>
>>> diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
>>> index ff30177..5fe4df4 100644
>>> --- a/include/net/sctp/structs.h
>>> +++ b/include/net/sctp/structs.h
>>> @@ -569,6 +569,9 @@ struct sctp_af {
>>> struct dst_entry *(*get_dst) (struct sctp_association *asoc,
>>> union sctp_addr *daddr,
>>> union sctp_addr *saddr);
>>> + struct dst_entry *(*get_xfrm_dst)(struct dst_entry **dst_p,
>>> + union sctp_addr *daddr,
>>> + union sctp_addr *saddr);
>>> void (*get_saddr) (struct sctp_sock *sk,
>>> struct sctp_association *asoc,
>>> struct dst_entry *dst,
>>> diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
>>> index 9fb5d37..09a4c9c 100644
>>> --- a/net/sctp/ipv6.c
>>> +++ b/net/sctp/ipv6.c
>>> @@ -271,6 +271,28 @@ static struct dst_entry *sctp_v6_get_dst(struct sctp_association *asoc,
>>> return NULL;
>>> }
>>>
>>> +static struct dst_entry *sctp_v6_get_xfrm_dst(struct dst_entry **dst_p,
>>> + union sctp_addr *daddr,
>>> + union sctp_addr *saddr)
>>> +{
>>> + struct flowi fl;
>>> +
>>> + SCTP_DEBUG_PRINTK("%s: daddr:%pI6 saddr:%pI6",
>>> + __func__, &daddr->v6.sin6_addr, &saddr->v6.sin6_addr);
>>> +
>>> + memset(&fl, 0, sizeof(fl));
>>> + fl.proto = IPPROTO_SCTP;
>>> + fl.fl_ip_dport = daddr->v6.sin6_port;
>>> + fl.fl_ip_sport = saddr->v6.sin6_port;
>>> + ipv6_addr_copy(&fl.fl6_dst, &daddr->v6.sin6_addr);
>>> + ipv6_addr_copy(&fl.fl6_src, &saddr->v6.sin6_addr);
>>> +
>>> + if (xfrm_lookup(&init_net, dst_p, &fl, NULL, 0) < 0)
>>> + return NULL;
>>> + else
>>> + return *dst_p;
>>> +}
>>> +
>>> /* Returns the number of consecutive initial bits that match in the 2 ipv6
>>> * addresses.
>>> */
>>> @@ -962,6 +984,7 @@ static struct sctp_af sctp_af_inet6 = {
>>> .setsockopt = ipv6_setsockopt,
>>> .getsockopt = ipv6_getsockopt,
>>> .get_dst = sctp_v6_get_dst,
>>> + .get_xfrm_dst = sctp_v6_get_xfrm_dst,
>>> .get_saddr = sctp_v6_get_saddr,
>>> .copy_addrlist = sctp_v6_copy_addrlist,
>>> .from_skb = sctp_v6_from_skb,
>>> diff --git a/net/sctp/transport.c b/net/sctp/transport.c
>>> index be4d63d..f89dd4d 100644
>>> --- a/net/sctp/transport.c
>>> +++ b/net/sctp/transport.c
>>> @@ -298,6 +298,9 @@ void sctp_transport_route(struct sctp_transport *transport,
>>> else
>>> af->get_saddr(opt, asoc, dst, daddr, &transport->saddr);
>>>
>>> + if (af->get_xfrm_dst)
>>> + dst = af->get_xfrm_dst(&dst, daddr, &transport->saddr);
>>> +
>>> transport->dst = dst;
>>> if ((transport->param_flags & SPP_PMTUD_DISABLE) && transport->pathmtu) {
>>> return;
>>>
>>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
