gre: Always set TTL on outer packet to 64.

Currently the TTL is copied from the inner packet of the tunnel to
the outer packet if the inner packet is IP.  This is good if your
GRE packets might make it into the input of your device but bad
if you want to be fully transparent.

This also resolves an inconsistency between tunnels set up using
the ioctl and using Netlink.  The ioctl version would force PMTUD
on if a fixed TTL is set as a backup way to prevent loops but it
never made it over to the newer Netlink code so obviously no one
cares too much about it.  This removes it to provide consistency
and transparency.

Basically, don't create loops and you will be happy.

diff --git a/datapath/linux-2.6/compat-2.6/ip_gre.c b/datapath/linux-2.6/compat-2.6/ip_gre.c
index da43f4535accebe86d7ab3b623f24c9a7186b245..2f46e05aef2dfdbcfc55092db908978142e41fd1 100644 (file)
--- a/datapath/linux-2.6/compat-2.6/ip_gre.c
+++ b/datapath/linux-2.6/compat-2.6/ip_gre.c
@@ -124,7 +124,11 @@
    fatal route to network, even if it were you who configured
    fatal static route: you are innocent. :-)
 
-
+   XXX: Forcing the DF flag on was done only when setting up tunnels via the
+       ioctl interface and not Netlink.  Since it prevents some operations
+       and isn't very transparent I removed it.  It seems nobody really
+       cared about it anyways.
+        Moral: don't create loops.
 
    3. Really, ipv4/ipip.c, ipv4/ip_gre.c and ipv6/sit.c contain
    practically identical code. It would be good to glue them
@@ -1101,9 +1105,6 @@ ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
                add_tunnel = (cmd == SIOCADDTUNNEL || cmd == SIOCADDGRETAP);
                gretap = (cmd == SIOCADDGRETAP || cmd == SIOCCHGGRETAP);
 
-               if (p.iph.ttl)
-                       p.iph.frag_off |= htons(IP_DF);
-
                if (!(p.i_flags&GRE_KEY))
                        p.i_key = 0;
                if (!(p.o_flags&GRE_KEY))

diff --git a/lib/netdev-linux.c b/lib/netdev-linux.c
index 5341ed06f0fa0eabfbf8ce9503a29a01c27aad9e..daf00a480ea6f925f5b091ae447a85f0482c9d5b 100644 (file)
--- a/lib/netdev-linux.c
+++ b/lib/netdev-linux.c
@@ -316,7 +316,7 @@ setup_gre_netlink(const char *name OVS_UNUSED,
     nl_msg_put_u32(&request, IFLA_GRE_LOCAL, config->local_ip);
     nl_msg_put_u32(&request, IFLA_GRE_REMOTE, config->remote_ip);
     nl_msg_put_u8(&request, IFLA_GRE_PMTUDISC, pmtudisc);
-    nl_msg_put_u8(&request, IFLA_GRE_TTL, 0);
+    nl_msg_put_u8(&request, IFLA_GRE_TTL, IPDEFTTL);
     nl_msg_put_u8(&request, IFLA_GRE_TOS, 0);
 
     info_data_hdr->nla_len = (char *)ofpbuf_tail(&request)
@@ -356,6 +356,7 @@ setup_gre_ioctl(const char *name, struct gre_config *config, bool create)
     p.iph.protocol = IPPROTO_GRE;
     p.iph.saddr = config->local_ip;
     p.iph.daddr = config->remote_ip;
+    p.iph.ttl = IPDEFTTL;
 
     if (config->have_in_key) {
         p.i_flags |= GRE_KEY;