penguin/monok8s
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Got cmm working

Browse Source
This commit is contained in:
斟酌 鵬兄
2026-05-11 07:01:39 +08:00
parent 35f2edc0b5
commit 7411e1994b
23 changed files with 213 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
patches/ask/upstream/kernel/0112-net__ipv6__ip6_output.c.patch Normal file
View File

@@ -0,0 +1,73 @@
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index f904739..e26e743 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -80,6 +80,13 @@ static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff *
hdr = ipv6_hdr(skb);
daddr = &hdr->daddr;
+#if defined(CONFIG_INET6_IPSEC_OFFLOAD)
+ /* For IPv4 over IPv6 IPsec tunnel cases, just send the packet out
+ * since the packet is IPv4
+ */
+ if((skb->ipsec_offload) && (hdr->version == 4))
+ goto sendout;
+#endif /* endif for CONFIG_INET6_IPSEC_OFFLOAD */
if (ipv6_addr_is_multicast(daddr)) {
if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(sk) &&
((mroute6_is_socket(net, skb) &&
@@ -111,6 +118,9 @@ static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff *
}
}
+#if defined(CONFIG_INET6_IPSEC_OFFLOAD)
+sendout:
+#endif /* endif for CONFIG_INET6_IPSEC_OFFLOAD */
if (lwtunnel_xmit_redirect(dst->lwtstate)) {
int res = lwtunnel_xmit(skb);
@@ -202,8 +212,15 @@ static int __ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff
if (skb_is_gso(skb))
return ip6_finish_output_gso(net, sk, skb, mtu);
- if (skb->len > mtu ||
- (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size))
+ if (
+#if defined(CONFIG_INET6_IPSEC_OFFLOAD)
+ /* If ipsec offload is there, do not do fragment. So, when IPSec
+ * offload is enabled it directly calls ip6_finish_output2
+ */
+ (skb->ipsec_offload == 0) &&
+#endif
+ ((skb->len > mtu) ||
+ (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size)))
return ip6_fragment(net, sk, skb, ip6_finish_output2);
return ip6_finish_output2(net, sk, skb);
@@ -244,6 +261,16 @@ int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
return 0;
}
+#if defined(CONFIG_INET6_IPSEC_OFFLOAD)
+ /* Bypass invoking post routing hooks since the tunnel header and ESP
+ * processing is not done in slow path for IPSec offloaded cases
+ */
+ if (skb->ipsec_offload) {
+ ret = ip6_finish_output(net, sk, skb);
+ rcu_read_unlock();
+ return ret;
+ }
+#endif
ret = NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING,
net, sk, skb, indev, dev,
ip6_finish_output,
@@ -697,6 +724,9 @@ static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
skb_dst_set(to, dst_clone(skb_dst(from)));
to->dev = from->dev;
to->mark = from->mark;
+#if defined(CONFIG_CPE_FAST_PATH)
+ to->qosmark = from->qosmark;
+#endif
skb_copy_hash(to, from);