xfrm: lwtunnel: add lwtunnel support for xfrm interfaces in collect_md mode
Allow specifying the xfrm interface if_id and link as part of a route metadata using the lwtunnel infrastructure. This allows for example using a single xfrm interface in collect_md mode as the target of multiple routes each specifying a different if_id. With the appropriate changes to iproute2, considering an xfrm device ipsec1 in collect_md mode one can for example add a route specifying an if_id like so: ip route add <SUBNET> dev ipsec1 encap xfrm if_id 1 In which case traffic routed to the device via this route would use if_id in the xfrm interface policy lookup. Or in the context of vrf, one can also specify the "link" property: ip route add <SUBNET> dev ipsec1 encap xfrm if_id 1 link_dev eth15 Note: LWT_XFRM_LINK uses NLA_U32 similar to IFLA_XFRM_LINK even though internally "link" is signed. This is consistent with other _LINK attributes in other devices as well as in bpf and should not have an effect as device indexes can't be negative. Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org> Signed-off-by: Eyal Birger <eyal.birger@gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
Eyal Birger
Steffen Klassert
parent
abc340b38b
commit
2c2493b9da
4 changed files with 107 additions and 0 deletions
|
|
@ -15,6 +15,7 @@ enum lwtunnel_encap_types {
|
|||
LWTUNNEL_ENCAP_SEG6_LOCAL,
|
||||
LWTUNNEL_ENCAP_RPL,
|
||||
LWTUNNEL_ENCAP_IOAM6,
|
||||
LWTUNNEL_ENCAP_XFRM,
|
||||
__LWTUNNEL_ENCAP_MAX,
|
||||
};
|
||||
|
||||
|
|
@ -111,4 +112,13 @@ enum {
|
|||
|
||||
#define LWT_BPF_MAX_HEADROOM 256
|
||||
|
||||
enum {
|
||||
LWT_XFRM_UNSPEC,
|
||||
LWT_XFRM_IF_ID,
|
||||
LWT_XFRM_LINK,
|
||||
__LWT_XFRM_MAX,
|
||||
};
|
||||
|
||||
#define LWT_XFRM_MAX (__LWT_XFRM_MAX - 1)
|
||||
|
||||
#endif /* _UAPI_LWTUNNEL_H_ */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue