From a9a4b30c0091b507dfe0f7c59c80355693836f04 Mon Sep 17 00:00:00 2001 From: Jesse Gross Date: Thu, 18 Feb 2010 11:42:36 -0500 Subject: [PATCH 1/1] gre: Always set TTL on outer packet to 64. Currently the TTL is copied from the inner packet of the tunnel to the outer packet if the inner packet is IP. This is good if your GRE packets might make it into the input of your device but bad if you want to be fully transparent. This also resolves an inconsistency between tunnels set up using the ioctl and using Netlink. The ioctl version would force PMTUD on if a fixed TTL is set as a backup way to prevent loops but it never made it over to the newer Netlink code so obviously no one cares too much about it. This removes it to provide consistency and transparency. Basically, don't create loops and you will be happy. --- datapath/linux-2.6/compat-2.6/ip_gre.c | 9 +++++---- lib/netdev-linux.c | 3 ++- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/datapath/linux-2.6/compat-2.6/ip_gre.c b/datapath/linux-2.6/compat-2.6/ip_gre.c index da43f4535..2f46e05ae 100644 --- a/datapath/linux-2.6/compat-2.6/ip_gre.c +++ b/datapath/linux-2.6/compat-2.6/ip_gre.c @@ -124,7 +124,11 @@ fatal route to network, even if it were you who configured fatal static route: you are innocent. :-) - + XXX: Forcing the DF flag on was done only when setting up tunnels via the + ioctl interface and not Netlink. Since it prevents some operations + and isn't very transparent I removed it. It seems nobody really + cared about it anyways. + Moral: don't create loops. 3. Really, ipv4/ipip.c, ipv4/ip_gre.c and ipv6/sit.c contain practically identical code. It would be good to glue them @@ -1101,9 +1105,6 @@ ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd) add_tunnel = (cmd == SIOCADDTUNNEL || cmd == SIOCADDGRETAP); gretap = (cmd == SIOCADDGRETAP || cmd == SIOCCHGGRETAP); - if (p.iph.ttl) - p.iph.frag_off |= htons(IP_DF); - if (!(p.i_flags&GRE_KEY)) p.i_key = 0; if (!(p.o_flags&GRE_KEY)) diff --git a/lib/netdev-linux.c b/lib/netdev-linux.c index 5341ed06f..daf00a480 100644 --- a/lib/netdev-linux.c +++ b/lib/netdev-linux.c @@ -316,7 +316,7 @@ setup_gre_netlink(const char *name OVS_UNUSED, nl_msg_put_u32(&request, IFLA_GRE_LOCAL, config->local_ip); nl_msg_put_u32(&request, IFLA_GRE_REMOTE, config->remote_ip); nl_msg_put_u8(&request, IFLA_GRE_PMTUDISC, pmtudisc); - nl_msg_put_u8(&request, IFLA_GRE_TTL, 0); + nl_msg_put_u8(&request, IFLA_GRE_TTL, IPDEFTTL); nl_msg_put_u8(&request, IFLA_GRE_TOS, 0); info_data_hdr->nla_len = (char *)ofpbuf_tail(&request) @@ -356,6 +356,7 @@ setup_gre_ioctl(const char *name, struct gre_config *config, bool create) p.iph.protocol = IPPROTO_GRE; p.iph.saddr = config->local_ip; p.iph.daddr = config->remote_ip; + p.iph.ttl = IPDEFTTL; if (config->have_in_key) { p.i_flags |= GRE_KEY; -- 2.43.0