1. 05 6月, 2008 1 次提交
  2. 16 4月, 2008 2 次提交
  3. 11 11月, 2007 2 次提交
  4. 14 2月, 2007 1 次提交
  5. 10 4月, 2006 1 次提交
    • H
      [INET]: Move no-tunnel ICMP error to tunnel4/tunnel6 · 50fba2aa
      Herbert Xu 提交于
      This patch moves the sending of ICMP messages when there are no IPv4/IPv6
      tunnels present to tunnel4/tunnel6 respectively.  Please note that for now
      if xfrm4_tunnel/xfrm6_tunnel is loaded then no ICMP messages will ever be
      sent.  This is similar to how we handle AH/ESP/IPCOMP.
      
      This move fixes the bug where we always send an ICMP message when there is
      no ip6_tunnel device present for a given packet even if it is later handled
      by IPsec.  It also causes ICMP messages to be sent when no IPIP tunnel is
      present.
      
      I've decided to use the "port unreachable" ICMP message over the current
      value of "address unreachable" (and "protocol unreachable" by GRE) because
      it is not ambiguous unlike the other ones which can be triggered by other
      conditions.  There seems to be no standard specifying what value must be
      used so this change should be OK.  In fact we should change GRE to use
      this value as well.
      
      Incidentally, this patch also fixes a fairly serious bug in xfrm6_tunnel
      where we don't check whether the embedded IPv6 header is present before
      dereferencing it for the inside source address.
      
      This patch is inspired by a previous patch by Hugo Santos <hsantos@av.it.pt>.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      50fba2aa
  6. 29 3月, 2006 1 次提交
    • H
      [INET]: Introduce tunnel4/tunnel6 · d2acc347
      Herbert Xu 提交于
      Basically this patch moves the generic tunnel protocol stuff out of
      xfrm4_tunnel/xfrm6_tunnel and moves it into the new files of tunnel4.c
      and tunnel6 respectively.
      
      The reason for this is that the problem that Hugo uncovered is only
      the tip of the iceberg.  The real problem is that when we removed the
      dependency of ipip on xfrm4_tunnel we didn't really consider the module
      case at all.
      
      For instance, as it is it's possible to build both ipip and xfrm4_tunnel
      as modules and if the latter is loaded then ipip simply won't load.
      
      After considering the alternatives I've decided that the best way out of
      this is to restore the dependency of ipip on the non-xfrm-specific part
      of xfrm4_tunnel.  This is acceptable IMHO because the intention of the
      removal was really to be able to use ipip without the xfrm subsystem.
      This is still preserved by this patch.
      
      So now both ipip/xfrm4_tunnel depend on the new tunnel4.c which handles
      the arbitration between the two.  The order of processing is determined
      by a simple integer which ensures that ipip gets processed before
      xfrm4_tunnel.
      
      The situation for ICMP handling is a little bit more complicated since
      we may not have enough information to determine who it's for.  It's not
      a big deal at the moment since the xfrm ICMP handlers are basically
      no-ops.  In future we can deal with this when we look at ICMP caching
      in general.
      
      The user-visible change to this is the removal of the TUNNEL Kconfig
      prompts.  This makes sense because it can only be used through IPCOMP
      as it stands.
      
      The addition of the new modules shouldn't introduce any problems since
      module dependency will cause them to be loaded.
      
      Oh and I also turned some unnecessary pskb's in IPv6 related to this
      patch to skb's.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d2acc347