documentation/networking: update l2tp docs
l2tp no longer uses sk_user_data in tunnel sockets and now manages tunnel/session lifetimes slightly differently. Update docs to cover this. CC: linux-doc@vger.kernel.org CC: corbet@lwn.net Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: Tom Parkin <tparkin@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
James Chapman
David S. Miller
parent
bbfeba2603
commit
e2b1762cf3
@ -638,9 +638,8 @@ Tunnels are identified by a unique tunnel id. The id is 16-bit for
|
|||||||
L2TPv2 and 32-bit for L2TPv3. Internally, the id is stored as a 32-bit
|
L2TPv2 and 32-bit for L2TPv3. Internally, the id is stored as a 32-bit
|
||||||
value.
|
value.
|
||||||
|
|
||||||
Tunnels are kept in a per-net list, indexed by tunnel id. The tunnel
|
Tunnels are kept in a per-net list, indexed by tunnel id. The
|
||||||
id namespace is shared by L2TPv2 and L2TPv3. The tunnel context can be
|
tunnel id namespace is shared by L2TPv2 and L2TPv3.
|
||||||
derived from the socket's sk_user_data.
|
|
||||||
|
|
||||||
Handling tunnel socket close is perhaps the most tricky part of the
|
Handling tunnel socket close is perhaps the most tricky part of the
|
||||||
L2TP implementation. If userspace closes a tunnel socket, the L2TP
|
L2TP implementation. If userspace closes a tunnel socket, the L2TP
|
||||||
@ -652,9 +651,7 @@ socket's encap_destroy handler is invoked, which L2TP uses to initiate
|
|||||||
its tunnel close actions. For L2TPIP sockets, the socket's close
|
its tunnel close actions. For L2TPIP sockets, the socket's close
|
||||||
handler initiates the same tunnel close actions. All sessions are
|
handler initiates the same tunnel close actions. All sessions are
|
||||||
first closed. Each session drops its tunnel ref. When the tunnel ref
|
first closed. Each session drops its tunnel ref. When the tunnel ref
|
||||||
reaches zero, the tunnel puts its socket ref. When the socket is
|
reaches zero, the tunnel drops its socket ref.
|
||||||
eventually destroyed, its sk_destruct finally frees the L2TP tunnel
|
|
||||||
context.
|
|
||||||
|
|
||||||
Sessions
|
Sessions
|
||||||
--------
|
--------
|
||||||
@ -667,10 +664,7 @@ pseudowire) or other data types such as PPP, ATM, HDLC or Frame
|
|||||||
Relay. Linux currently implements only Ethernet and PPP session types.
|
Relay. Linux currently implements only Ethernet and PPP session types.
|
||||||
|
|
||||||
Some L2TP session types also have a socket (PPP pseudowires) while
|
Some L2TP session types also have a socket (PPP pseudowires) while
|
||||||
others do not (Ethernet pseudowires). We can't therefore use the
|
others do not (Ethernet pseudowires).
|
||||||
socket reference count as the reference count for session
|
|
||||||
contexts. The L2TP implementation therefore has its own internal
|
|
||||||
reference counts on the session contexts.
|
|
||||||
|
|
||||||
Like tunnels, L2TP sessions are identified by a unique
|
Like tunnels, L2TP sessions are identified by a unique
|
||||||
session id. Just as with tunnel ids, the session id is 16-bit for
|
session id. Just as with tunnel ids, the session id is 16-bit for
|
||||||
@ -680,21 +674,19 @@ value.
|
|||||||
Sessions hold a ref on their parent tunnel to ensure that the tunnel
|
Sessions hold a ref on their parent tunnel to ensure that the tunnel
|
||||||
stays extant while one or more sessions references it.
|
stays extant while one or more sessions references it.
|
||||||
|
|
||||||
Sessions are kept in a per-tunnel list, indexed by session id. L2TPv3
|
Sessions are kept in a per-net list. L2TPv2 sessions and L2TPv3
|
||||||
sessions are also kept in a per-net list indexed by session id,
|
sessions are stored in separate lists. L2TPv2 sessions are keyed
|
||||||
because L2TPv3 session ids are unique across all tunnels and L2TPv3
|
by a 32-bit key made up of the 16-bit tunnel ID and 16-bit
|
||||||
data packets do not contain a tunnel id in the header. This list is
|
session ID. L2TPv3 sessions are keyed by the 32-bit session ID, since
|
||||||
therefore needed to find the session context associated with a
|
L2TPv3 session ids are unique across all tunnels.
|
||||||
received data packet when the tunnel context cannot be derived from
|
|
||||||
the tunnel socket.
|
|
||||||
|
|
||||||
Although the L2TPv3 RFC specifies that L2TPv3 session ids are not
|
Although the L2TPv3 RFC specifies that L2TPv3 session ids are not
|
||||||
scoped by the tunnel, the kernel does not police this for L2TPv3 UDP
|
scoped by the tunnel, the Linux implementation has historically
|
||||||
tunnels and does not add sessions of L2TPv3 UDP tunnels into the
|
allowed this. Such session id collisions are supported using a per-net
|
||||||
per-net session list. In the UDP receive code, we must trust that the
|
hash table keyed by sk and session ID. When looking up L2TPv3
|
||||||
tunnel can be identified using the tunnel socket's sk_user_data and
|
sessions, the list entry may link to multiple sessions with that
|
||||||
lookup the session in the tunnel's session list instead of the per-net
|
session ID, in which case the session matching the given sk (tunnel)
|
||||||
session list.
|
is used.
|
||||||
|
|
||||||
PPP
|
PPP
|
||||||
---
|
---
|
||||||
@ -714,10 +706,9 @@ The L2TP PPP implementation handles the closing of a PPPoL2TP socket
|
|||||||
by closing its corresponding L2TP session. This is complicated because
|
by closing its corresponding L2TP session. This is complicated because
|
||||||
it must consider racing with netlink session create/destroy requests
|
it must consider racing with netlink session create/destroy requests
|
||||||
and pppol2tp_connect trying to reconnect with a session that is in the
|
and pppol2tp_connect trying to reconnect with a session that is in the
|
||||||
process of being closed. Unlike tunnels, PPP sessions do not hold a
|
process of being closed. PPP sessions hold a ref on their associated
|
||||||
ref on their associated socket, so code must be careful to sock_hold
|
socket in order that the socket remains extants while the session
|
||||||
the socket where necessary. For all the details, see commit
|
references it.
|
||||||
3d609342cc04129ff7568e19316ce3d7451a27e8.
|
|
||||||
|
|
||||||
Ethernet
|
Ethernet
|
||||||
--------
|
--------
|
||||||
@ -761,15 +752,10 @@ Limitations
|
|||||||
|
|
||||||
The current implementation has a number of limitations:
|
The current implementation has a number of limitations:
|
||||||
|
|
||||||
1) Multiple UDP sockets with the same 5-tuple address cannot be
|
1) Interfacing with openvswitch is not yet implemented. It may be
|
||||||
used. The kernel's tunnel context is identified using private
|
|
||||||
data associated with the socket so it is important that each
|
|
||||||
socket is uniquely identified by its address.
|
|
||||||
|
|
||||||
2) Interfacing with openvswitch is not yet implemented. It may be
|
|
||||||
useful to map OVS Ethernet and VLAN ports into L2TPv3 tunnels.
|
useful to map OVS Ethernet and VLAN ports into L2TPv3 tunnels.
|
||||||
|
|
||||||
3) VLAN pseudowires are implemented using an ``l2tpethN`` interface
|
2) VLAN pseudowires are implemented using an ``l2tpethN`` interface
|
||||||
configured with a VLAN sub-interface. Since L2TPv3 VLAN
|
configured with a VLAN sub-interface. Since L2TPv3 VLAN
|
||||||
pseudowires carry one and only one VLAN, it may be better to use
|
pseudowires carry one and only one VLAN, it may be better to use
|
||||||
a single netdevice rather than an ``l2tpethN`` and ``l2tpethN``:M
|
a single netdevice rather than an ``l2tpethN`` and ``l2tpethN``:M
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user