Add some instruction in the proper way that can be enabled on the
demand to debug problems. Let's make it quite verbose at this stage
to relax this later.
Make sure debugfs is mounted:
# mount -t debugfs nodev /sys/kernel/debug
To enable:
echo -n 'file gtp.c +p' > /sys/kernel/debug/dynamic_debug/control
To disable:
echo -n 'file gtp.c -p' > /sys/kernel/debug/dynamic_debug/control
More information here on how to use this: http://lwn.net/Articles/434856/
This function allows you to check if there is a MS address or TEID
that already exists in the gtp forwarding base in a very fast way,
without having to dump the entire forwarding base and doing a search
from userspace.
With this fix, osmo-sgsn doesn't ignore our tunneled packet
anymore. It was complaining about incorrect packet length
for received packets.
And osmo-ggsn is working in my testbed :-).
TS 29.060 expresses thing is a quite complicated way just to say
that if any of the optional fields is there, then all optional
fields become mandatory :-).
"This field shall be present if and only if any one or more of the S,
PN and E flags are set.".
So, if any flag is set, we *always* have 4 extra bytes.
We cannot strip the UDP header until we are sure that this is
a data packet, otherwise this passes a malformed packet to
userspace. The header stripping is now the very last operation
in the processing of GTP packets.
openggsn already sets up the UDP sockets that we need for the control
and user planes of GTP. Since we cannot bind two UDP sockets (one from
userspace and another from the kernel) to the same port, change the
current code to pass the socket descriptors that has been allocated
by openggsn (or whatever daemon which uses the GTP kernel
infrastructure).
Two new attributes are added to set up the tunnel device: IFLA_GTP_FD0
(for GTP0) and IFLA_GTP_FD1 (for GTP1u), which specify the UDP socket
created from userspace. Thus, the GTP kernel code only takes care of
enabling the kernel UDP encapsulation routine.
* Conditional check if we can pull the extensions (if any).
* Pull the GTPv1 header (8 bytes) and the extensions (if any).
Tested with emulated replayed pcap traffic, works for me.
Don't use the inner header frag_off, this breaks GTP with fragments.
Instead, inconditionally set the DF flag, this should force us to
fragment the GTP traffic and I think this should also help with wrong
network topologies that result in network loops (that may
encapsulated GTP traffic over and over again).
Other tunnel implementation allows you to configure this.
This patch converts GTP_CMD_CFG_* genetlink commands to rtnl to
configure the socket address and the hashtable. The trick is to
use a workqueue to configure the socket.
This simplifies the netlink interface, now we have two:
* One to bring up the interface and the socket via rtnl.
* Another to configure tunnels / GTP version.
Before the socket configuration was separated from the the device
setup, which was sloppy.
Don't get confused with big GSO packets, we should not send
icmp frag needed as the temporary internal mtu of the linux
stack is not bounded to the real device mtu.
Fix MTU handling by using the real device hardware address length
and substract the IP header + UDP header + GTPvX header.
While at it, remove flags that are not required to be reset.
This patch refactorizes the xmit path to consolidate the common
handling and move the specific IPv4/IPv6 handling to helper
functions. The IPv6 support is incomplete though.
This patch adds the struct gtp_pktinfo that contains the context
information for tunneling this packet. This should help to avoid
functions with lots of parameters.
Tested with IPv4, still working.
Harald's code was originally dropping malformed packets. Once this
code is ported to 3.14, we'll likely use iptunnel functions that
also mangle the checksum after stripping off the UDP header. Restoring
all that is expensive, so let's assume that malformed GTP packets are
unlikely to happen.
We cannot rely on the skb->len > sizeof(struct udphdr) checking that
happens just before the encapsulation since that doesn't guarantee
that the UDP header is linear. Calling __skb_pull may result in getting
us out of the skbuff head boundary. Let's use pskb_may_pull() instead
which internally calls __pskb_pull_tail() to linearize the UDP header
if needed.
This call is not required at all. In __udp4_lib_rcv, just before
the encapsulation routine is called, the skb_steal_sock() call
makes sure that skb->sk is always null.
The lists of the hashtable are already protected by rcu and
addition/removal of objects is protected via rtnl_lock and
genl_lock.
Remove the _bh from many rcu_read_{lock,unlock}(). I don't find a good
reason to disable bottom halves.
I think it's very hard to deploy any hashbomb attack since the
entries are created via netlink, but let's just avoid that someone
generates traffic to spend cycles on a busy hashtable chain.
We already use a hashtable, the size is still hardcoded but that
should be easy to fix. I think the hashtable is just fine, no
need to add a rb-tree here.
* gtp_nl.h now contains exported netlink attributes and commands to
userspace.
* gtp.h contains internal definition for the GTP protocol implementation.
Pablo Neira Ayuso