documentation/networking: update l2tp docs

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

l2tp no longer uses sk_user_data in tunnel sockets and now manages
tunnel/session lifetimes slightly differently. Update docs to cover
this.

CC: linux-doc@vger.kernel.org
CC: corbet@lwn.net
Signed-off-by: James Chapman <jchapman@katalix.com>
Signed-off-by: Tom Parkin <tparkin@katalix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

James Chapman and committed by

David S. Miller 2 years ago e2b1762c bbfeba26

+20 -34

1 changed file

expand all

Documentation

networking

l2tp.rst

+20 -34

Documentation/networking/l2tp.rst

··· 638 638 L2TPv2 and 32-bit for L2TPv3. Internally, the id is stored as a 32-bit 639 639 value. 640 640 641 - Tunnels are kept in a per-net list, indexed by tunnel id. The tunnel 642 - id namespace is shared by L2TPv2 and L2TPv3. The tunnel context can be 643 - derived from the socket's sk_user_data. 641 + Tunnels are kept in a per-net list, indexed by tunnel id. The 642 + tunnel id namespace is shared by L2TPv2 and L2TPv3. 644 643 645 644 Handling tunnel socket close is perhaps the most tricky part of the 646 645 L2TP implementation. If userspace closes a tunnel socket, the L2TP ··· 651 652 its tunnel close actions. For L2TPIP sockets, the socket's close 652 653 handler initiates the same tunnel close actions. All sessions are 653 654 first closed. Each session drops its tunnel ref. When the tunnel ref 654 - reaches zero, the tunnel puts its socket ref. When the socket is 655 - eventually destroyed, its sk_destruct finally frees the L2TP tunnel 656 - context. 655 + reaches zero, the tunnel drops its socket ref. 657 656 658 657 Sessions 659 658 -------- ··· 664 667 Relay. Linux currently implements only Ethernet and PPP session types. 665 668 666 669 Some L2TP session types also have a socket (PPP pseudowires) while 667 - others do not (Ethernet pseudowires). We can't therefore use the 668 - socket reference count as the reference count for session 669 - contexts. The L2TP implementation therefore has its own internal 670 - reference counts on the session contexts. 670 + others do not (Ethernet pseudowires). 671 671 672 672 Like tunnels, L2TP sessions are identified by a unique 673 673 session id. Just as with tunnel ids, the session id is 16-bit for ··· 674 680 Sessions hold a ref on their parent tunnel to ensure that the tunnel 675 681 stays extant while one or more sessions references it. 676 682 677 - Sessions are kept in a per-tunnel list, indexed by session id. L2TPv3 678 - sessions are also kept in a per-net list indexed by session id, 679 - because L2TPv3 session ids are unique across all tunnels and L2TPv3 680 - data packets do not contain a tunnel id in the header. This list is 681 - therefore needed to find the session context associated with a 682 - received data packet when the tunnel context cannot be derived from 683 - the tunnel socket. 683 + Sessions are kept in a per-net list. L2TPv2 sessions and L2TPv3 684 + sessions are stored in separate lists. L2TPv2 sessions are keyed 685 + by a 32-bit key made up of the 16-bit tunnel ID and 16-bit 686 + session ID. L2TPv3 sessions are keyed by the 32-bit session ID, since 687 + L2TPv3 session ids are unique across all tunnels. 684 688 685 689 Although the L2TPv3 RFC specifies that L2TPv3 session ids are not 686 - scoped by the tunnel, the kernel does not police this for L2TPv3 UDP 687 - tunnels and does not add sessions of L2TPv3 UDP tunnels into the 688 - per-net session list. In the UDP receive code, we must trust that the 689 - tunnel can be identified using the tunnel socket's sk_user_data and 690 - lookup the session in the tunnel's session list instead of the per-net 691 - session list. 690 + scoped by the tunnel, the Linux implementation has historically 691 + allowed this. Such session id collisions are supported using a per-net 692 + hash table keyed by sk and session ID. When looking up L2TPv3 693 + sessions, the list entry may link to multiple sessions with that 694 + session ID, in which case the session matching the given sk (tunnel) 695 + is used. 692 696 693 697 PPP 694 698 --- ··· 706 714 by closing its corresponding L2TP session. This is complicated because 707 715 it must consider racing with netlink session create/destroy requests 708 716 and pppol2tp_connect trying to reconnect with a session that is in the 709 - process of being closed. Unlike tunnels, PPP sessions do not hold a 710 - ref on their associated socket, so code must be careful to sock_hold 711 - the socket where necessary. For all the details, see commit 712 - 3d609342cc04129ff7568e19316ce3d7451a27e8. 717 + process of being closed. PPP sessions hold a ref on their associated 718 + socket in order that the socket remains extants while the session 719 + references it. 713 720 714 721 Ethernet 715 722 -------- ··· 752 761 753 762 The current implementation has a number of limitations: 754 763 755 - 1) Multiple UDP sockets with the same 5-tuple address cannot be 756 - used. The kernel's tunnel context is identified using private 757 - data associated with the socket so it is important that each 758 - socket is uniquely identified by its address. 759 - 760 - 2) Interfacing with openvswitch is not yet implemented. It may be 764 + 1) Interfacing with openvswitch is not yet implemented. It may be 761 765 useful to map OVS Ethernet and VLAN ports into L2TPv3 tunnels. 762 766 763 - 3) VLAN pseudowires are implemented using an ``l2tpethN`` interface 767 + 2) VLAN pseudowires are implemented using an ``l2tpethN`` interface 764 768 configured with a VLAN sub-interface. Since L2TPv3 VLAN 765 769 pseudowires carry one and only one VLAN, it may be better to use 766 770 a single netdevice rather than an ``l2tpethN`` and ``l2tpethN``:M