[PATCH] Implement full-functionality option for ECN encapsulation in tun

To:	Wensong Zhang <wensong@xxxxxxxxxxxx>, Simon Horman <horms@xxxxxxxxxxxx>, Julian Anastasov <ja@xxxxxx>, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>
Subject:	[PATCH] Implement full-functionality option for ECN encapsulation in tunnel
Cc:	Vadim Fedorenko <vfedorenko@xxxxxxxxxxxxxx>, netdev@xxxxxxxxxxxxxxx, lvs-devel@xxxxxxxxxxxxxxx
From:	Vadim Fedorenko <vfedorenko@xxxxxxxxxxxxxx>
Date:	Wed, 15 Feb 2017 16:33:56 +0300

IPVS tunnel mode works as simple tunnel (see RFC 3168) copying ECN field
to outer header. That's result in packet drops on egress tunnels in case
the egress tunnel operates as ECN-capable with Full-functionality option
(like ip_tunnel and ip6_tunnel kernel modules), according to RFC 3168
section 9.1.1 recommendation.

This patch implements ECN full-functionality option into ipvs xmit code.

Cc: netdev@xxxxxxxxxxxxxxx
Cc: lvs-devel@xxxxxxxxxxxxxxx
Signed-off-by: Vadim Fedorenko <vfedorenko@xxxxxxxxxxxxxx>
Reviewed-by: Konstantin Khlebnikov <khlebnikov@xxxxxxxxxxxxxx>
---
 net/netfilter/ipvs/ip_vs_xmit.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index 01d3d89..b3286f3 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -879,6 +879,7 @@ static inline int ip_vs_send_or_cont(int pf, struct sk_buff 
*skb,
 {
        struct sk_buff *new_skb = NULL;
        struct iphdr *old_iph = NULL;
+       __u8 old_dsfield;
 #ifdef CONFIG_IP_VS_IPV6
        struct ipv6hdr *old_ipv6h = NULL;
 #endif
@@ -903,7 +904,7 @@ static inline int ip_vs_send_or_cont(int pf, struct sk_buff 
*skb,
                        *payload_len =
                                ntohs(old_ipv6h->payload_len) +
                                sizeof(*old_ipv6h);
-               *dsfield = ipv6_get_dsfield(old_ipv6h);
+               old_dsfield = ipv6_get_dsfield(old_ipv6h);
                *ttl = old_ipv6h->hop_limit;
                if (df)
                        *df = 0;
@@ -918,12 +919,15 @@ static inline int ip_vs_send_or_cont(int pf, struct 
sk_buff *skb,
 
                /* fix old IP header checksum */
                ip_send_check(old_iph);
-               *dsfield = ipv4_get_dsfield(old_iph);
+               old_dsfield = ipv4_get_dsfield(old_iph);
                *ttl = old_iph->ttl;
                if (payload_len)
                        *payload_len = ntohs(old_iph->tot_len);
        }
 
+       /* Implement full-functionality option for ECN encapsulation */
+       *dsfield = INET_ECN_encapsulate(old_dsfield, old_dsfield);
+
        return skb;
 error:
        kfree_skb(skb);
-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] Implement full-functionality option for ECN encapsulation in tunnel, Vadim Fedorenko <= Re: [PATCH] Implement full-functionality option for ECN encapsulation in tunnel, Julian Anastasov

Next by Date:	Re: [PATCH] Implement full-functionality option for ECN encapsulation in tunnel, Julian Anastasov
Next by Thread:	Re: [PATCH] Implement full-functionality option for ECN encapsulation in tunnel, Julian Anastasov
Indexes:	[Date] [Thread] [Top] [All Lists]