lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAF2d9jhZkA1YP_gRFAauNWHuGHuM2y171d0e56qj+dNw7gzGGw@mail.gmail.com>
Date:   Fri, 6 Jan 2017 15:46:49 -0800
From:   Mahesh Bandewar (महेश बंडेवार) 
        <maheshb@...gle.com>
To:     Sainath Grandhi <sainath.grandhi@...el.com>
Cc:     linux-netdev <netdev@...r.kernel.org>,
        David Miller <davem@...emloft.net>, mahesh@...dewar.net,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCHv1 7/7] IPVTAP: IP-VLAN based tap driver

few superficial comments inline.

On Fri, Jan 6, 2017 at 2:33 PM, Sainath Grandhi
<sainath.grandhi@...el.com> wrote:
> This patch adds a tap character device driver that is based on the
> IP-VLAN network interface, called ipvtap. An ipvtap device can be created
> in the same way as an ipvlan device, using 'type ipvtap', and then accessed
> using the tap user space interface.
>
> Signed-off-by: Sainath Grandhi <sainath.grandhi@...el.com>
> Tested-by: Sainath Grandhi <sainath.grandhi@...el.com>
> ---
>  drivers/net/Kconfig              |  12 ++
>  drivers/net/Makefile             |   1 +
>  drivers/net/ipvlan/Makefile      |   1 +
>  drivers/net/ipvlan/ipvlan.h      |   7 ++
>  drivers/net/ipvlan/ipvlan_core.c |   5 +-
>  drivers/net/ipvlan/ipvlan_main.c |  37 +++---
>  drivers/net/ipvlan/ipvtap.c      | 238 +++++++++++++++++++++++++++++++++++++++
>  7 files changed, 282 insertions(+), 19 deletions(-)
>  create mode 100644 drivers/net/ipvlan/ipvtap.c
>
> diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig
> index 280380d..ddfb30a 100644
> --- a/drivers/net/Kconfig
> +++ b/drivers/net/Kconfig
> @@ -165,6 +165,18 @@ config IPVLAN
>        To compile this driver as a module, choose M here: the module
>        will be called ipvlan.
>
> +config IPVTAP
> +        tristate "IP-VLAN based tap driver"
> +        depends on IPVLAN
> +        depends on INET
> +        help
> +          This adds a specialized tap character device driver that is based
> +          on the IP-VLAN network interface, called ipvtap. An ipvtap device
> +          can be added in the same way as a ipvlan device, using 'type
> +          ipvtap', and then be accessed through the tap user space interface.
> +
> +          To compile this driver as a module, choose M here: the module
> +          will be called macvtap.
>
>  config VXLAN
>         tristate "Virtual eXtensible Local Area Network (VXLAN)"
> diff --git a/drivers/net/Makefile b/drivers/net/Makefile
> index 7dd86ca..98ed4d9 100644
> --- a/drivers/net/Makefile
> +++ b/drivers/net/Makefile
> @@ -7,6 +7,7 @@
>  #
>  obj-$(CONFIG_BONDING) += bonding/
>  obj-$(CONFIG_IPVLAN) += ipvlan/
> +obj-$(CONFIG_IPVTAP) += ipvlan/
>  obj-$(CONFIG_DUMMY) += dummy.o
>  obj-$(CONFIG_EQUALIZER) += eql.o
>  obj-$(CONFIG_IFB) += ifb.o
> diff --git a/drivers/net/ipvlan/Makefile b/drivers/net/ipvlan/Makefile
> index df79910..8a2c64d 100644
> --- a/drivers/net/ipvlan/Makefile
> +++ b/drivers/net/ipvlan/Makefile
> @@ -3,5 +3,6 @@
>  #
>
>  obj-$(CONFIG_IPVLAN) += ipvlan.o
> +obj-$(CONFIG_IPVTAP) += ipvtap.o
>
>  ipvlan-objs := ipvlan_core.o ipvlan_main.o
> diff --git a/drivers/net/ipvlan/ipvlan.h b/drivers/net/ipvlan/ipvlan.h
> index dbfbb33..4362d88 100644
> --- a/drivers/net/ipvlan/ipvlan.h
> +++ b/drivers/net/ipvlan/ipvlan.h
> @@ -133,4 +133,11 @@ struct sk_buff *ipvlan_l3_rcv(struct net_device *dev, struct sk_buff *skb,
>                               u16 proto);
>  unsigned int ipvlan_nf_input(void *priv, struct sk_buff *skb,
>                              const struct nf_hook_state *state);
> +void ipvlan_count_rx(const struct ipvl_dev *ipvlan,
> +                    unsigned int len, bool success, bool mcast);
> +int ipvlan_link_new(struct net *src_net, struct net_device *dev,
> +                   struct nlattr *tb[], struct nlattr *data[]);
> +void ipvlan_link_delete(struct net_device *dev, struct list_head *head);
> +void ipvlan_link_setup(struct net_device *dev);
> +int ipvlan_link_register(struct rtnl_link_ops *ops);
>  #endif /* __IPVLAN_H */
> diff --git a/drivers/net/ipvlan/ipvlan_core.c b/drivers/net/ipvlan/ipvlan_core.c
> index 83ce74a..9af16ab 100644
> --- a/drivers/net/ipvlan/ipvlan_core.c
> +++ b/drivers/net/ipvlan/ipvlan_core.c
> @@ -16,8 +16,8 @@ void ipvlan_init_secret(void)
>         net_get_random_once(&ipvlan_jhash_secret, sizeof(ipvlan_jhash_secret));
>  }
>
> -static void ipvlan_count_rx(const struct ipvl_dev *ipvlan,
> -                           unsigned int len, bool success, bool mcast)
> +void ipvlan_count_rx(const struct ipvl_dev *ipvlan,
> +                    unsigned int len, bool success, bool mcast)
>  {
>         if (!ipvlan)
>                 return;
> @@ -36,6 +36,7 @@ static void ipvlan_count_rx(const struct ipvl_dev *ipvlan,
>                 this_cpu_inc(ipvlan->pcpu_stats->rx_errs);
>         }
>  }
> +EXPORT_SYMBOL_GPL(ipvlan_count_rx);
Why export, isn't just removing 'static' enough?
>
>  static u8 ipvlan_get_v6_hash(const void *iaddr)
>  {
> diff --git a/drivers/net/ipvlan/ipvlan_main.c b/drivers/net/ipvlan/ipvlan_main.c
> index 8b0f993..666a05d 100644
> --- a/drivers/net/ipvlan/ipvlan_main.c
> +++ b/drivers/net/ipvlan/ipvlan_main.c
> @@ -13,14 +13,14 @@ static u32 ipvl_nf_hook_refcnt = 0;
>
>  static struct nf_hook_ops ipvl_nfops[] __read_mostly = {
>         {
> -               .hook     = ipvlan_nf_input,
> -               .pf       = NFPROTO_IPV4,
> +               .hook     = ipvlan_nf_input,
> +               .pf       = NFPROTO_IPV4,
spurious?
>                 .hooknum  = NF_INET_LOCAL_IN,
>                 .priority = INT_MAX,
>         },
>         {
> -               .hook     = ipvlan_nf_input,
> -               .pf       = NFPROTO_IPV6,
> +               .hook     = ipvlan_nf_input,
> +               .pf       = NFPROTO_IPV6,
spurious??
>                 .hooknum  = NF_INET_LOCAL_IN,
>                 .priority = INT_MAX,
>         },
> @@ -398,7 +398,7 @@ static int ipvlan_hard_header(struct sk_buff *skb, struct net_device *dev,
>  }
>
>  static const struct header_ops ipvlan_header_ops = {
> -       .create         = ipvlan_hard_header,
> +       .create         = ipvlan_hard_header,
spurious???
>         .parse          = eth_header_parse,
>         .cache          = eth_header_cache,
>         .cache_update   = eth_header_cache_update,
> @@ -494,8 +494,8 @@ static int ipvlan_nl_fillinfo(struct sk_buff *skb,
>         return ret;
>  }
>
> -static int ipvlan_link_new(struct net *src_net, struct net_device *dev,
> -                          struct nlattr *tb[], struct nlattr *data[])
> +int ipvlan_link_new(struct net *src_net, struct net_device *dev,
> +                   struct nlattr *tb[], struct nlattr *data[])
>  {
>         struct ipvl_dev *ipvlan = netdev_priv(dev);
>         struct ipvl_port *port;
> @@ -567,8 +567,9 @@ static int ipvlan_link_new(struct net *src_net, struct net_device *dev,
>                 ipvlan_port_destroy(phy_dev);
>         return err;
>  }
> +EXPORT_SYMBOL_GPL(ipvlan_link_new);
>
> -static void ipvlan_link_delete(struct net_device *dev, struct list_head *head)
> +void ipvlan_link_delete(struct net_device *dev, struct list_head *head)
>  {
>         struct ipvl_dev *ipvlan = netdev_priv(dev);
>         struct ipvl_addr *addr, *next;
> @@ -583,8 +584,9 @@ static void ipvlan_link_delete(struct net_device *dev, struct list_head *head)
>         unregister_netdevice_queue(dev, head);
>         netdev_upper_dev_unlink(ipvlan->phy_dev, dev);
>  }
> +EXPORT_SYMBOL_GPL(ipvlan_link_delete);
>
> -static void ipvlan_link_setup(struct net_device *dev)
> +void ipvlan_link_setup(struct net_device *dev)
>  {
>         ether_setup(dev);
>
> @@ -595,6 +597,7 @@ static void ipvlan_link_setup(struct net_device *dev)
>         dev->header_ops = &ipvlan_header_ops;
>         dev->ethtool_ops = &ipvlan_ethtool_ops;
>  }
> +EXPORT_SYMBOL_GPL(ipvlan_link_setup);
>
>  static const struct nla_policy ipvlan_nl_policy[IFLA_IPVLAN_MAX + 1] =
>  {
> @@ -605,22 +608,22 @@ static struct rtnl_link_ops ipvlan_link_ops = {
>         .kind           = "ipvlan",
>         .priv_size      = sizeof(struct ipvl_dev),
>
> -       .get_size       = ipvlan_nl_getsize,
> -       .policy         = ipvlan_nl_policy,
> -       .validate       = ipvlan_nl_validate,
> -       .fill_info      = ipvlan_nl_fillinfo,
> -       .changelink     = ipvlan_nl_changelink,
> -       .maxtype        = IFLA_IPVLAN_MAX,
> -
>         .setup          = ipvlan_link_setup,
>         .newlink        = ipvlan_link_new,
>         .dellink        = ipvlan_link_delete,
>  };
>
> -static int ipvlan_link_register(struct rtnl_link_ops *ops)
> +int ipvlan_link_register(struct rtnl_link_ops *ops)
>  {
> +       ops->get_size   = ipvlan_nl_getsize;
> +       ops->policy     = ipvlan_nl_policy;
> +       ops->validate   = ipvlan_nl_validate;
> +       ops->fill_info  = ipvlan_nl_fillinfo;
> +       ops->changelink = ipvlan_nl_changelink;
> +       ops->maxtype    = IFLA_IPVLAN_MAX;
>         return rtnl_link_register(ops);
>  }
> +EXPORT_SYMBOL_GPL(ipvlan_link_register);
>
>  static int ipvlan_device_event(struct notifier_block *unused,
>                                unsigned long event, void *ptr)
> diff --git a/drivers/net/ipvlan/ipvtap.c b/drivers/net/ipvlan/ipvtap.c
> new file mode 100644
> index 0000000..0422cdf
> --- /dev/null
> +++ b/drivers/net/ipvlan/ipvtap.c
> @@ -0,0 +1,238 @@
> +#include <linux/etherdevice.h>
> +#include "ipvlan.h"
> +#include <linux/if_vlan.h>
> +#include <linux/if_tap.h>
> +#include <linux/interrupt.h>
> +#include <linux/nsproxy.h>
> +#include <linux/compat.h>
> +#include <linux/if_tun.h>
> +#include <linux/module.h>
> +#include <linux/skbuff.h>
> +#include <linux/cache.h>
> +#include <linux/sched.h>
> +#include <linux/types.h>
> +#include <linux/slab.h>
> +#include <linux/wait.h>
> +#include <linux/cdev.h>
> +#include <linux/idr.h>
> +#include <linux/fs.h>
> +#include <linux/uio.h>
> +
> +#include <net/net_namespace.h>
> +#include <net/rtnetlink.h>
> +#include <net/sock.h>
> +#include <linux/virtio_net.h>
> +
> +#define TUN_OFFLOADS (NETIF_F_HW_CSUM | NETIF_F_TSO_ECN | NETIF_F_TSO | \
> +                     NETIF_F_TSO6 | NETIF_F_UFO)
> +
> +static dev_t ipvtap_major;
> +static struct cdev ipvtap_cdev;
> +
> +static const void *ipvtap_net_namespace(struct device *d)
> +{
> +       struct net_device *dev = to_net_dev(d->parent);
> +       return dev_net(dev);
> +}
> +
> +static struct class ipvtap_class = {
> +        .name = "ipvtap",
> +        .owner = THIS_MODULE,
> +        .ns_type = &net_ns_type_operations,
> +        .namespace = ipvtap_net_namespace,
> +};
> +
> +struct ipvtap_dev {
> +       struct ipvl_dev vlan;
> +       struct tap_dev    tap;
> +};
> +
> +static void ipvtap_count_tx_dropped(struct tap_dev *tap)
> +{
> +       struct ipvl_dev *vlan = (struct ipvl_dev *)container_of(tap, struct ipvtap_dev, tap);
> +
> +       this_cpu_inc(vlan->pcpu_stats->tx_drps);
> +}
> +
> +static void ipvtap_count_rx_dropped(struct tap_dev *tap)
> +{
> +       struct ipvl_dev *vlan = (struct ipvl_dev *)container_of(tap, struct ipvtap_dev, tap);
> +
> +       ipvlan_count_rx(vlan, 0, 0, 0);
> +}
> +
> +static void ipvtap_update_features(struct tap_dev *tap,
> +                                  netdev_features_t features)
> +{
> +       struct ipvl_dev *vlan = (struct ipvl_dev *)container_of(tap, struct ipvtap_dev, tap);
> +
> +       vlan->sfeatures = features;
> +       netdev_update_features(vlan->dev);
> +}
> +
> +static int ipvtap_newlink(struct net *src_net,
> +                         struct net_device *dev,
> +                         struct nlattr *tb[],
> +                         struct nlattr *data[])
> +{
> +       struct ipvtap_dev *vlantap = netdev_priv(dev);
> +       int err;
> +
> +       INIT_LIST_HEAD(&vlantap->tap.queue_list);
> +
> +       /* Since macvlan supports all offloads by default, make
> +        * tap support all offloads also.
> +        */
> +       vlantap->tap.tap_features = TUN_OFFLOADS;
> +       vlantap->tap.count_tx_dropped = ipvtap_count_tx_dropped;
> +       vlantap->tap.update_features =  ipvtap_update_features;
> +       vlantap->tap.count_rx_dropped = ipvtap_count_rx_dropped;
> +
> +       err = netdev_rx_handler_register(dev, tap_handle_frame, &vlantap->tap);
> +       if (err)
> +               return err;
> +
> +       /* Don't put anything that may fail after macvlan_common_newlink
> +        * because we can't undo what it does.
> +        */
> +       err =  ipvlan_link_new(src_net, dev, tb, data);
> +       if (err) {
> +               netdev_rx_handler_unregister(dev);
> +               return err;
> +       }
> +
> +       vlantap->tap.dev = vlantap->vlan.dev;
> +
> +       return err;
> +}
> +
> +static void ipvtap_dellink(struct net_device *dev,
> +                          struct list_head *head)
> +{
> +       struct ipvtap_dev *vlan = netdev_priv(dev);
> +
> +       netdev_rx_handler_unregister(dev);
> +       tap_del_queues(&vlan->tap);
> +       ipvlan_link_delete(dev, head);
> +}
> +
> +static void ipvtap_setup(struct net_device *dev)
> +{
> +       ipvlan_link_setup(dev);
> +       dev->tx_queue_len = TUN_READQ_SIZE;
> +       dev->priv_flags &= ~IFF_NO_QUEUE;
> +}
> +
> +static struct rtnl_link_ops ipvtap_link_ops __read_mostly = {
> +       .kind           = "ipvtap",
> +       .setup          = ipvtap_setup,
> +       .newlink        = ipvtap_newlink,
> +       .dellink        = ipvtap_dellink,
> +       .priv_size      = sizeof(struct ipvtap_dev),
> +};
> +
> +static int ipvtap_device_event(struct notifier_block *unused,
> +                              unsigned long event, void *ptr)
> +{
> +       struct net_device *dev = netdev_notifier_info_to_dev(ptr);
> +       struct ipvtap_dev *vlantap;
> +       struct device *classdev;
> +       dev_t devt;
> +       int err;
> +       char tap_name[IFNAMSIZ];
> +
> +       if (dev->rtnl_link_ops != &ipvtap_link_ops)
> +               return NOTIFY_DONE;
> +
> +       snprintf(tap_name, IFNAMSIZ, "tap%d", dev->ifindex);
> +       vlantap = netdev_priv(dev);
> +
> +       switch (event) {
> +       case NETDEV_REGISTER:
> +               /* Create the device node here after the network device has
> +                * been registered but before register_netdevice has
> +                * finished running.
> +                */
> +               err = tap_get_minor(ipvtap_major, &vlantap->tap);
> +               if (err)
> +                       return notifier_from_errno(err);
> +
> +               devt = MKDEV(MAJOR(ipvtap_major), vlantap->tap.minor);
> +               classdev = device_create(&ipvtap_class, &dev->dev, devt,
> +                                        dev, tap_name);
> +               if (IS_ERR(classdev)) {
> +                       tap_free_minor(ipvtap_major, &vlantap->tap);
> +                       return notifier_from_errno(PTR_ERR(classdev));
> +               }
> +               err = sysfs_create_link(&dev->dev.kobj, &classdev->kobj,
> +                                       tap_name);
> +               if (err)
> +                       return notifier_from_errno(err);
> +               break;
> +       case NETDEV_UNREGISTER:
> +               /* vlan->minor == 0 if NETDEV_REGISTER above failed */
> +               if (vlantap->tap.minor == 0)
> +                       break;
> +               sysfs_remove_link(&dev->dev.kobj, tap_name);
> +               devt = MKDEV(MAJOR(ipvtap_major), vlantap->tap.minor);
> +               device_destroy(&ipvtap_class, devt);
> +               tap_free_minor(ipvtap_major, &vlantap->tap);
> +               break;
> +       case NETDEV_CHANGE_TX_QUEUE_LEN:
> +               if (tap_queue_resize(&vlantap->tap))
> +                       return NOTIFY_BAD;
> +               break;
> +       }
> +
> +       return NOTIFY_DONE;
> +}
> +
> +static struct notifier_block ipvtap_notifier_block __read_mostly = {
> +       .notifier_call  = ipvtap_device_event,
> +};
> +
> +static int ipvtap_init(void)
> +{
> +       int err;
> +
> +       err = tap_create_cdev(&ipvtap_cdev, &ipvtap_major, "ipvtap");
> +
> +       if (err)
> +               goto out1;
> +
> +       err = class_register(&ipvtap_class);
> +       if (err)
> +               goto out2;
> +
> +       err = register_netdevice_notifier(&ipvtap_notifier_block);
> +       if (err)
> +               goto out3;
> +
> +       err = ipvlan_link_register(&ipvtap_link_ops);
> +       if (err)
> +               goto out4;
> +
> +       return 0;
> +
> +out4:
> +       unregister_netdevice_notifier(&ipvtap_notifier_block);
> +out3:
> +       class_unregister(&ipvtap_class);
> +out2:
> +       cdev_del(&ipvtap_cdev);
> +out1:
> +       return err;
> +}
> +module_init(ipvtap_init);
> +
> +static void ipvtap_exit(void)
> +{
> +       rtnl_link_unregister(&ipvtap_link_ops);
> +       unregister_netdevice_notifier(&ipvtap_notifier_block);
> +       class_unregister(&ipvtap_class);
> +       tap_destroy_cdev(ipvtap_major, &ipvtap_cdev);
> +}
> +module_exit(ipvtap_exit);
> +MODULE_ALIAS_RTNL_LINK("ipvtap");
> +MODULE_AUTHOR("Arnd Bergmann <arnd@...db.de>");
> +MODULE_LICENSE("GPL");
> --
> 2.7.4
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ