diff options
author | Shmulik Ladkani <shmulik.ladkani@gmail.com> | 2017-10-20 23:25:15 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2017-10-25 03:33:27 +0200 |
commit | 908d140a87a794bf89717ceae54aba5ce86c52e4 (patch) | |
tree | 37abafa4f9ebc332c7e646d44e1cf69440171204 /include | |
parent | Merge branch 'mlxsw-Various-fixes' (diff) | |
download | linux-908d140a87a794bf89717ceae54aba5ce86c52e4.tar.xz linux-908d140a87a794bf89717ceae54aba5ce86c52e4.zip |
ip6_tunnel: Allow rcv/xmit even if remote address is a local address
Currently, ip6_tnl_xmit_ctl drops tunneled packets if the remote
address (outer v6 destination) is one of host's locally configured
addresses.
Same applies to ip6_tnl_rcv_ctl: it drops packets if the remote address
(outer v6 source) is a local address.
This prevents using ipxip6 (and ip6_gre) tunnels whose local/remote
endpoints are on same host; OTOH v4 tunnels (ipip or gre) allow such
configurations.
An example where this proves useful is a system where entities are
identified by their unique v6 addresses, and use tunnels to encapsulate
traffic between them. The limitation prevents placing several entities
on same host.
Introduce IP6_TNL_F_ALLOW_LOCAL_REMOTE which allows to bypass this
restriction.
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/uapi/linux/ip6_tunnel.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/uapi/linux/ip6_tunnel.h b/include/uapi/linux/ip6_tunnel.h index 425926c467d7..ffebbe365478 100644 --- a/include/uapi/linux/ip6_tunnel.h +++ b/include/uapi/linux/ip6_tunnel.h @@ -20,6 +20,8 @@ #define IP6_TNL_F_RCV_DSCP_COPY 0x10 /* copy fwmark from inner packet */ #define IP6_TNL_F_USE_ORIG_FWMARK 0x20 +/* allow remote endpoint on the local node */ +#define IP6_TNL_F_ALLOW_LOCAL_REMOTE 0x40 struct ip6_tnl_parm { char name[IFNAMSIZ]; /* name of tunnel device */ |