lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <277df688-0a71-bd3f-eb67-c706113bebd2@gmail.com>
Date:   Mon, 4 Dec 2017 09:26:42 -0800
From:   Gregory Rose <gvrose8192@...il.com>
To:     William Tu <u9012063@...il.com>, netdev@...r.kernel.org
Subject: Re: [PATCH iproute2 net-next] gre6: add collect metadata support

On 12/1/2017 3:03 PM, William Tu wrote:
> The patch adds 'external' option to support collect metadata
> gre6 tunnel. Example of L3 and L2 gre device:
> bash:~# ip link add dev ip6gre123 type ip6gre external
> bash:~# ip link add dev ip6gretap123 type ip6gretap external

Hi William,

one question.  Is there ever actually going to be a situation in which 
an ipv6 gre tunnel will go from
external to not external?  I'm wondering if the "no external" option is 
really needed since default is
no and I'm not sure under what circumstances a tunnel would go from 
external to not external.

Thanks,

- Greg

>
> Signed-off-by: William Tu <u9012063@...il.com>
> ---
>   ip/link_gre6.c        | 55 ++++++++++++++++++++++++++++++++-------------------
>   man/man8/ip-link.8.in |  6 ++++++
>   2 files changed, 41 insertions(+), 20 deletions(-)
>
> diff --git a/ip/link_gre6.c b/ip/link_gre6.c
> index 0a82eaecf2cd..2cb46ca116d0 100644
> --- a/ip/link_gre6.c
> +++ b/ip/link_gre6.c
> @@ -105,6 +105,7 @@ static int gre_parse_opt(struct link_util *lu, int argc, char **argv,
>   	__u16 encapflags = TUNNEL_ENCAP_FLAG_CSUM6;
>   	__u16 encapsport = 0;
>   	__u16 encapdport = 0;
> +	__u8 metadata = 0;
>   	int len;
>   	__u32 fwmark = 0;
>   	__u32 erspan_idx = 0;
> @@ -178,6 +179,9 @@ get_failed:
>   		if (greinfo[IFLA_GRE_ENCAP_SPORT])
>   			encapsport = rta_getattr_u16(greinfo[IFLA_GRE_ENCAP_SPORT]);
>   
> +		if (greinfo[IFLA_GRE_COLLECT_METADATA])
> +			metadata = 1;
> +
>   		if (greinfo[IFLA_GRE_ENCAP_DPORT])
>   			encapdport = rta_getattr_u16(greinfo[IFLA_GRE_ENCAP_DPORT]);
>   
> @@ -355,6 +359,8 @@ get_failed:
>   			encapflags |= TUNNEL_ENCAP_FLAG_REMCSUM;
>   		} else if (strcmp(*argv, "noencap-remcsum") == 0) {
>   			encapflags &= ~TUNNEL_ENCAP_FLAG_REMCSUM;
> +		} else if (strcmp(*argv, "external") == 0) {
> +			metadata = 1;
>   		} else if (strcmp(*argv, "fwmark") == 0) {
>   			NEXT_ARG();
>   			if (strcmp(*argv, "inherit") == 0) {
> @@ -388,26 +394,30 @@ get_failed:
>   		argc--; argv++;
>   	}
>   
> -	addattr32(n, 1024, IFLA_GRE_IKEY, ikey);
> -	addattr32(n, 1024, IFLA_GRE_OKEY, okey);
> -	addattr_l(n, 1024, IFLA_GRE_IFLAGS, &iflags, 2);
> -	addattr_l(n, 1024, IFLA_GRE_OFLAGS, &oflags, 2);
> -	addattr_l(n, 1024, IFLA_GRE_LOCAL, &laddr, sizeof(laddr));
> -	addattr_l(n, 1024, IFLA_GRE_REMOTE, &raddr, sizeof(raddr));
> -	if (link)
> -		addattr32(n, 1024, IFLA_GRE_LINK, link);
> -	addattr_l(n, 1024, IFLA_GRE_TTL, &hop_limit, 1);
> -	addattr_l(n, 1024, IFLA_GRE_ENCAP_LIMIT, &encap_limit, 1);
> -	addattr_l(n, 1024, IFLA_GRE_FLOWINFO, &flowinfo, 4);
> -	addattr32(n, 1024, IFLA_GRE_FLAGS, flags);
> -	addattr32(n, 1024, IFLA_GRE_FWMARK, fwmark);
> -	if (erspan_idx != 0)
> -		addattr32(n, 1024, IFLA_GRE_ERSPAN_INDEX, erspan_idx);
> -
> -	addattr16(n, 1024, IFLA_GRE_ENCAP_TYPE, encaptype);
> -	addattr16(n, 1024, IFLA_GRE_ENCAP_FLAGS, encapflags);
> -	addattr16(n, 1024, IFLA_GRE_ENCAP_SPORT, htons(encapsport));
> -	addattr16(n, 1024, IFLA_GRE_ENCAP_DPORT, htons(encapdport));
> +	if (!metadata) {
> +		addattr32(n, 1024, IFLA_GRE_IKEY, ikey);
> +		addattr32(n, 1024, IFLA_GRE_OKEY, okey);
> +		addattr_l(n, 1024, IFLA_GRE_IFLAGS, &iflags, 2);
> +		addattr_l(n, 1024, IFLA_GRE_OFLAGS, &oflags, 2);
> +		addattr_l(n, 1024, IFLA_GRE_LOCAL, &laddr, sizeof(laddr));
> +		addattr_l(n, 1024, IFLA_GRE_REMOTE, &raddr, sizeof(raddr));
> +		if (link)
> +			addattr32(n, 1024, IFLA_GRE_LINK, link);
> +		addattr_l(n, 1024, IFLA_GRE_TTL, &hop_limit, 1);
> +		addattr_l(n, 1024, IFLA_GRE_ENCAP_LIMIT, &encap_limit, 1);
> +		addattr_l(n, 1024, IFLA_GRE_FLOWINFO, &flowinfo, 4);
> +		addattr32(n, 1024, IFLA_GRE_FLAGS, flags);
> +		addattr32(n, 1024, IFLA_GRE_FWMARK, fwmark);
> +		if (erspan_idx != 0)
> +			addattr32(n, 1024, IFLA_GRE_ERSPAN_INDEX, erspan_idx);
> +
> +		addattr16(n, 1024, IFLA_GRE_ENCAP_TYPE, encaptype);
> +		addattr16(n, 1024, IFLA_GRE_ENCAP_FLAGS, encapflags);
> +		addattr16(n, 1024, IFLA_GRE_ENCAP_SPORT, htons(encapsport));
> +		addattr16(n, 1024, IFLA_GRE_ENCAP_DPORT, htons(encapdport));
> +	} else {
> +		addattr_l(n, 1024, IFLA_GRE_COLLECT_METADATA, NULL, 0);
> +	}
>   
>   	return 0;
>   }
> @@ -426,6 +436,11 @@ static void gre_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
>   	if (!tb)
>   		return;
>   
> +	if (tb[IFLA_GRE_COLLECT_METADATA]) {
> +		print_bool(PRINT_ANY, "collect_metadata", "external", true);
> +		return;
> +	}
> +
>   	if (tb[IFLA_GRE_FLAGS])
>   		flags = rta_getattr_u32(tb[IFLA_GRE_FLAGS]);
>   
> diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
> index a6a10e577b1f..c9b9bb7b2a4e 100644
> --- a/man/man8/ip-link.8.in
> +++ b/man/man8/ip-link.8.in
> @@ -755,6 +755,8 @@ the following additional arguments are supported:
>   .BI "dscp inherit"
>   ] [
>   .BI dev " PHYS_DEV "
> +] [
> +.RB [ no ] external
>   ]
>   
>   .in +8
> @@ -833,6 +835,10 @@ or
>   .IR 00 ".." ff
>   when tunneling non-IP packets. The default value is 00.
>   
> +.sp
> +.RB [ no ] external
> +- make this tunnel externally controlled (or not, which is the default).
> +
>   .in -8
>   
>   .TP

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ