On Mon, Apr 6, 2015 at 10:17 AM, David Miller <davem@xxxxxxxxxxxxx> wrote:
> From: David Miller <davem@xxxxxxxxxxxxx>
> Date: Mon, 06 Apr 2015 12:41:14 -0400 (EDT)
>
>> Tom if you are saying that skb->sk should be reset to the tunnel
>> socket, that doesn't work and is completely broken.
>
> Thinking some more, I think what you are missing is that deeper in the
> ipv4/ipv6 transmit call chain we do things like sk_mc_loop() etc. on
> the socket and we cannot just do it on skb->sk.
>
> To make that work correctly we must pass the tunnel socket down
> through the ipv4/ipv6 packet output paths, via netfilter hooks
> if necessary.
>
> I am also really disappointed with the call signature of the udp
> tunnel send paths. You have to be honest with yourself and agree
> that something with 11 arguments is not a well designed interface.
>
> Now that hopefully you can see that the socket is actually required,
> can possibly use that to trim the function signature down for
> udp_tunnel{,6}_xmit_skb()?
>
To be honest, requiring an additional socket to transmit UDP
encapsulation seems really convoluted to me, especially considering
that this is just trying trying to solve AF_PACKET in nf which seems
like a narrow use case. Is there no way to test for AF_PACKET sockets
and take action at a lower function? Does every type encapsulation
need its own UDP socket, or can you just have one which set from the
udp_tunnel when family of skb->sk is AF_PACKET?
Thanks,
Tom
> Worst case, make a "struct udp_tunnel_state" just like I made a "struct
> nf_hook_state" for the netfilter hooks.
>
> Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
