if_geneve: Add Support for Geneve (RFC8926)

geneve creates a generic network virtualization tunnel interface
for Tentant Systems over an L3 (IP/UDP) underlay network that provides
a Layer 2 (ethernet) or Layer 3 service using the geneve protocol.
This implementation is based on RFC8926.

Reviewed by:	glebius, adrian
Discussed with:	zlei, kp
Relnotes:	yes
Differential Revision: https://reviews.freebsd.org/D54172
This commit is contained in:
Pouria Mousavizadeh Tehrani
2026-04-11 17:42:01 +03:30
parent eb5165bb49
commit e44d2e941e
13 changed files with 4115 additions and 7 deletions
+4
View File
@@ -880,6 +880,10 @@ device vlan
# frames in UDP packets according to RFC7348.
device vxlan
# The `geneve' device implements the GENEVE encapsulation of virtual
# overlays according to RFC8926.
device geneve
# The `wlan' device provides generic code to support 802.11
# drivers, including host AP mode; it is MANDATORY for the wi,
# and ath drivers and will eventually be required by all 802.11 drivers.
+1
View File
@@ -4238,6 +4238,7 @@ net/if_stf.c optional stf inet inet6
net/if_tuntap.c optional tuntap
net/if_vlan.c optional vlan
net/if_vxlan.c optional vxlan inet | vxlan inet6
net/if_geneve.c optional geneve inet | geneve inet6
net/ifdi_if.m optional ether pci iflib
net/iflib.c optional ether pci iflib
net/mp_ring.c optional ether iflib
+1
View File
@@ -4385,6 +4385,7 @@ prison_priv_check(struct ucred *cred, int priv)
case PRIV_NET_SETIFVNET:
case PRIV_NET_SETIFFIB:
case PRIV_NET_OVPN:
case PRIV_NET_GENEVE:
case PRIV_NET_ME:
case PRIV_NET_WG:
+1
View File
@@ -169,6 +169,7 @@ SUBDIR= \
if_tuntap \
if_vlan \
if_vxlan \
if_geneve \
${_if_wg} \
iflib \
${_igc} \
+7
View File
@@ -0,0 +1,7 @@
.PATH: ${SRCTOP}/sys/net
KMOD= if_geneve
SRCS= if_geneve.c
SRCS+= opt_inet.h opt_inet6.h
.include <bsd.kmod.mk>
+2
View File
@@ -2273,6 +2273,8 @@ const struct ifcap_nv_bit_name ifcap2_nv_bit_names[] = {
CAP2NV(RXTLS4),
CAP2NV(RXTLS6),
CAP2NV(IPSEC_OFFLOAD),
CAP2NV(GENEVE_HWCSUM),
CAP2NV(GENEVE_HWTSO),
{0, NULL}
};
#undef CAPNV
+5 -1
View File
@@ -255,7 +255,9 @@ struct if_data {
#define IFCAP_B_RXTLS4 32 /* can do TLS receive for TCP */
#define IFCAP_B_RXTLS6 33 /* can do TLS receive for TCP6 */
#define IFCAP_B_IPSEC_OFFLOAD 34 /* inline IPSEC offload */
#define __IFCAP_B_SIZE 35
#define IFCAP_B_GENEVE_HWCSUM 35 /* can do IFCAN_HWCSUM on GENEVE */
#define IFCAP_B_GENEVE_HWTSO 36 /* can do IFCAP_TSO on GENEVE */
#define __IFCAP_B_SIZE 37
#define IFCAP_B_MAX (__IFCAP_B_MAX - 1)
#define IFCAP_B_SIZE (__IFCAP_B_SIZE)
@@ -299,6 +301,8 @@ struct if_data {
#define IFCAP2_RXTLS4 (IFCAP_B_RXTLS4 - 32)
#define IFCAP2_RXTLS6 (IFCAP_B_RXTLS6 - 32)
#define IFCAP2_IPSEC_OFFLOAD (IFCAP_B_IPSEC_OFFLOAD - 32)
#define IFCAP2_GENEVE_HWCSUM (IFCAP_B_GENEVE_HWCSUM - 32)
#define IFCAP2_GENEVE_HWTSO (IFCAP_B_GENEVE_HWTSO - 32)
#define IFCAP2_BIT(x) (1UL << (x))
+3967
View File
File diff suppressed because it is too large Load Diff
+70
View File
@@ -0,0 +1,70 @@
/*-
* SPDX-License-Identifier: BSD-2-Clause
*
* Copyright (c) 2025-2026 Pouria Mousavizadeh Tehrani <pouria@FreeBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef _NET_IF_GENEVE_H_
#define _NET_IF_GENEVE_H_
#include <sys/types.h>
#ifdef _KERNEL
struct genevehdr {
#if BYTE_ORDER == LITTLE_ENDIAN
uint8_t geneve_optlen:6, /* Opt Len */
geneve_ver:2; /* version */
uint8_t geneve_flags:6, /* GENEVE Flags */
geneve_critical:1, /* critical options present */
geneve_control:1; /* control packets */
#endif
#if BYTE_ORDER == BIG_ENDIAN
uint8_t geneve_ver:2, /* version */
geneve_optlen:6; /* Opt Len */
uint8_t geneve_control:1, /* control packets */
geneve_critical:1, /* critical options present */
geneve_flags:6; /* GENEVE Flags */
#endif
uint16_t geneve_proto; /* protocol type (follows Ethertypes) */
uint32_t geneve_vni; /* virtual network identifier */
} __packed;
struct geneveudphdr {
struct udphdr geneve_udp;
struct genevehdr geneve_hdr;
} __packed;
#endif /* _KERNEL */
struct geneve_params {
uint16_t ifla_proto;
};
#define GENEVE_VNI_MAX (1 << 24)
#define GENEVE_PROTO_ETHER 0x6558 /* Ethernet */
#define GENEVE_PROTO_INHERIT 0x0 /* inherit inner layer 3 headers */
#define GENEVE_UDPPORT 6081
#endif /* _NET_IF_GENEVE_H_ */
+9 -3
View File
@@ -61,10 +61,14 @@
#define IFCAP_RXTLS4_NAME "RXTLS4"
#define IFCAP_RXTLS6_NAME "RXTLS6"
#define IFCAP_IPSEC_OFFLOAD_NAME "IPSEC"
#define IFCAP_GENEVE_HWCSUM_NAME "GENEVE_HWCSUM"
#define IFCAP_GENEVE_HWTSO_NAME "GENEVE_HWTSO"
#define IFCAP2_RXTLS4_NAME IFCAP_RXTLS4_NAME
#define IFCAP2_RXTLS6_NAME IFCAP_RXTLS6_NAME
#define IFCAP2_IPSEC_OFFLOAD_NAME IFCAP_IPSEC_OFFLOAD_NAME
#define IFCAP2_RXTLS4_NAME IFCAP_RXTLS4_NAME
#define IFCAP2_RXTLS6_NAME IFCAP_RXTLS6_NAME
#define IFCAP2_IPSEC_OFFLOAD_NAME IFCAP_IPSEC_OFFLOAD_NAME
#define IFCAP2_GENEVE_HWCSUM_NAME IFCAP_GENEVE_HWCSUM_NAME
#define IFCAP2_GENEVE_HWTSO_NAME IFCAP_GENEVE_HWTSO_NAME
#ifdef _WANT_IFCAP_BIT_NAMES
static const char *ifcap_bit_names[] = {
@@ -103,6 +107,8 @@ static const char *ifcap_bit_names[] = {
IFCAP_RXTLS4_NAME,
IFCAP_RXTLS6_NAME,
IFCAP_IPSEC_OFFLOAD_NAME,
IFCAP_GENEVE_HWCSUM_NAME,
IFCAP_GENEVE_HWTSO_NAME,
};
#ifdef IFCAP_B_SIZE
+44
View File
@@ -286,4 +286,48 @@ enum {
#define IFLA_GRE_MAX (__IFLA_GRE_MAX - 1)
/* IFLA_INFO_DATA geneve attributes */
enum {
IFLA_GENEVE_UNSPEC,
IFLA_GENEVE_ID,
IFLA_GENEVE_PROTOCOL,
IFLA_GENEVE_LOCAL,
IFLA_GENEVE_REMOTE,
IFLA_GENEVE_LOCAL_PORT,
IFLA_GENEVE_PORT,
IFLA_GENEVE_PORT_RANGE,
IFLA_GENEVE_DF,
IFLA_GENEVE_TTL,
IFLA_GENEVE_TTL_INHERIT,
IFLA_GENEVE_DSCP_INHERIT,
IFLA_GENEVE_COLLECT_METADATA,
IFLA_GENEVE_FTABLE_LEARN,
IFLA_GENEVE_FTABLE_FLUSH,
IFLA_GENEVE_FTABLE_MAX,
IFLA_GENEVE_FTABLE_TIMEOUT,
IFLA_GENEVE_FTABLE_COUNT,
IFLA_GENEVE_FTABLE_NOSPACE_CNT,
IFLA_GENEVE_FTABLE_LOCK_UP_FAIL_CNT,
IFLA_GENEVE_MC_IFNAME,
IFLA_GENEVE_MC_IFINDEX,
IFLA_GENEVE_TXCSUM_CNT,
IFLA_GENEVE_TSO_CNT,
IFLA_GENEVE_RXCSUM_CNT,
__IFLA_GENEVE_MAX,
};
#define IFLA_GENEVE_MAX (__IFLA_GENEVE_MAX - 1)
enum ifla_geneve_df {
IFLA_GENEVE_DF_UNSET,
IFLA_GENEVE_DF_SET,
IFLA_GENEVE_DF_INHERIT,
__IFLA_GENEVE_DF_MAX,
};
#define IFLA_GENEVE_DF_MAX (__IFLA_GENEVE_DF_MAX - 1)
struct ifla_geneve_port_range {
uint16_t low;
uint16_t high;
};
#endif
+3 -3
View File
@@ -680,7 +680,7 @@ m_epg_pagelen(const struct mbuf *m, int pidx, int pgoff)
#define CSUM_INNER_IP_TSO 0x00020000
#define CSUM_ENCAP_VXLAN 0x00040000 /* VXLAN outer encapsulation */
#define CSUM_ENCAP_RSVD1 0x00080000
#define CSUM_ENCAP_GENEVE 0x00080000 /* GENEVE outer encapsulation */
/* Flags used to indicate that the checksum was verified by hardware. */
#define CSUM_INNER_L3_CALC 0x00100000
@@ -702,7 +702,7 @@ m_epg_pagelen(const struct mbuf *m, int pidx, int pgoff)
CSUM_INNER_IP6_TSO | CSUM_IP6_UDP | CSUM_IP6_TCP | CSUM_IP6_SCTP | \
CSUM_IP6_TSO | CSUM_IP6_ISCSI | CSUM_INNER_IP | CSUM_INNER_IP_UDP | \
CSUM_INNER_IP_TCP | CSUM_INNER_IP_TSO | CSUM_ENCAP_VXLAN | \
CSUM_ENCAP_RSVD1 | CSUM_SND_TAG)
CSUM_ENCAP_GENEVE | CSUM_SND_TAG)
#define CSUM_FLAGS_RX (CSUM_INNER_L3_CALC | CSUM_INNER_L3_VALID | \
CSUM_INNER_L4_CALC | CSUM_INNER_L4_VALID | CSUM_L3_CALC | CSUM_L3_VALID | \
@@ -718,7 +718,7 @@ m_epg_pagelen(const struct mbuf *m, int pidx, int pgoff)
"\11CSUM_INNER_IP6_TSO\12CSUM_IP6_UDP\13CSUM_IP6_TCP\14CSUM_IP6_SCTP" \
"\15CSUM_IP6_TSO\16CSUM_IP6_ISCSI\17CSUM_INNER_IP\20CSUM_INNER_IP_UDP" \
"\21CSUM_INNER_IP_TCP\22CSUM_INNER_IP_TSO\23CSUM_ENCAP_VXLAN" \
"\24CSUM_ENCAP_RSVD1\25CSUM_INNER_L3_CALC\26CSUM_INNER_L3_VALID" \
"\24CSUM_ENCAP_GENEVE\25CSUM_INNER_L3_CALC\26CSUM_INNER_L3_VALID" \
"\27CSUM_INNER_L4_CALC\30CSUM_INNER_L4_VALID\31CSUM_L3_CALC" \
"\32CSUM_L3_VALID\33CSUM_L4_CALC\34CSUM_L4_VALID\35CSUM_L5_CALC" \
"\36CSUM_L5_VALID\37CSUM_COALESCED\40CSUM_SND_TAG"
+1
View File
@@ -355,6 +355,7 @@
#define PRIV_NET_OVPN 422 /* Administer OpenVPN DCO. */
#define PRIV_NET_ME 423 /* Administer ME interface. */
#define PRIV_NET_WG 424 /* Administer WireGuard interface. */
#define PRIV_NET_GENEVE 425 /* Administer geneve. */
/*
* 802.11-related privileges.