This patch adds the libgtpnl library. Harald mentioned that he wanted
that the specific code that is added is well encapsulated, so let's
start a small library to interact with the GTP kernel module via netlink
interface.
This was done a bit while in the rush, so the interfaces are not nice
at all and the tools need to be ported on top of this library.
This library will be used to integrate openggsn with the GTP kernel
module.
* Conditional check if we can pull the extensions (if any).
* Pull the GTPv1 header (8 bytes) and the extensions (if any).
Tested with emulated replayed pcap traffic, works for me.
Don't use the inner header frag_off, this breaks GTP with fragments.
Instead, inconditionally set the DF flag, this should force us to
fragment the GTP traffic and I think this should also help with wrong
network topologies that result in network loops (that may
encapsulated GTP traffic over and over again).
Other tunnel implementation allows you to configure this.
This patch converts GTP_CMD_CFG_* genetlink commands to rtnl to
configure the socket address and the hashtable. The trick is to
use a workqueue to configure the socket.
This simplifies the netlink interface, now we have two:
* One to bring up the interface and the socket via rtnl.
* Another to configure tunnels / GTP version.
Before the socket configuration was separated from the the device
setup, which was sloppy.
Don't get confused with big GSO packets, we should not send
icmp frag needed as the temporary internal mtu of the linux
stack is not bounded to the real device mtu.
Fix MTU handling by using the real device hardware address length
and substract the IP header + UDP header + GTPvX header.
While at it, remove flags that are not required to be reset.
This patch refactorizes the xmit path to consolidate the common
handling and move the specific IPv4/IPv6 handling to helper
functions. The IPv6 support is incomplete though.
This patch adds the struct gtp_pktinfo that contains the context
information for tunneling this packet. This should help to avoid
functions with lots of parameters.
Tested with IPv4, still working.
Harald's code was originally dropping malformed packets. Once this
code is ported to 3.14, we'll likely use iptunnel functions that
also mangle the checksum after stripping off the UDP header. Restoring
all that is expensive, so let's assume that malformed GTP packets are
unlikely to happen.
We cannot rely on the skb->len > sizeof(struct udphdr) checking that
happens just before the encapsulation since that doesn't guarantee
that the UDP header is linear. Calling __skb_pull may result in getting
us out of the skbuff head boundary. Let's use pskb_may_pull() instead
which internally calls __pskb_pull_tail() to linearize the UDP header
if needed.
This call is not required at all. In __udp4_lib_rcv, just before
the encapsulation routine is called, the skb_steal_sock() call
makes sure that skb->sk is always null.
The lists of the hashtable are already protected by rcu and
addition/removal of objects is protected via rtnl_lock and
genl_lock.
Remove the _bh from many rcu_read_{lock,unlock}(). I don't find a good
reason to disable bottom halves.
I think it's very hard to deploy any hashbomb attack since the
entries are created via netlink, but let's just avoid that someone
generates traffic to spend cycles on a busy hashtable chain.
We already use a hashtable, the size is still hardcoded but that
should be easy to fix. I think the hashtable is just fine, no
need to add a rb-tree here.
* gtp_nl.h now contains exported netlink attributes and commands to
userspace.
* gtp.h contains internal definition for the GTP protocol implementation.
Pablo Neira Ayuso