| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOrHB_CMGGMzrSUrfRxbTcmJhH+MtzpUHQDz8DaJB=cOAto4kg@mail.gmail.com>
Date: Thu, 25 Jan 2018 09:32:14 -0800
From: Pravin Shelar <pshelar@....org>
To: William Tu <u9012063@...il.com>
Cc: Linux Kernel Network Developers <netdev@...r.kernel.org>
Subject: Re: [PATCHv5 net-next 2/2] openvswitch: add erspan version I and II support
On Wed, Jan 24, 2018 at 11:06 AM, William Tu <u9012063@...il.com> wrote:
> The patch adds support for openvswitch to configure erspan
> v1 and v2. The OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS attr is added
> to uapi as a binary blob to support all ERSPAN v1 and v2's
> fields. Note that Previous commit "openvswitch: Add erspan tunnel
> support." was reverted since it does not design properly.
>
> Signed-off-by: William Tu <u9012063@...il.com>
> ---
> include/uapi/linux/openvswitch.h | 2 +-
> net/openvswitch/flow_netlink.c | 90 +++++++++++++++++++++++++++++++++++++++-
> 2 files changed, 90 insertions(+), 2 deletions(-)
>
> diff --git a/include/uapi/linux/openvswitch.h b/include/uapi/linux/openvswitch.h
> index dcfab5e3b55c..158c2e45c0a5 100644
> --- a/include/uapi/linux/openvswitch.h
> +++ b/include/uapi/linux/openvswitch.h
> @@ -273,7 +273,6 @@ enum {
>
> #define OVS_VXLAN_EXT_MAX (__OVS_VXLAN_EXT_MAX - 1)
>
> -
> /* OVS_VPORT_ATTR_OPTIONS attributes for tunnels.
> */
> enum {
> @@ -363,6 +362,7 @@ enum ovs_tunnel_key_attr {
> OVS_TUNNEL_KEY_ATTR_IPV6_SRC, /* struct in6_addr src IPv6 address. */
> OVS_TUNNEL_KEY_ATTR_IPV6_DST, /* struct in6_addr dst IPv6 address. */
> OVS_TUNNEL_KEY_ATTR_PAD,
> + OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS, /* struct erspan_metadata */
> __OVS_TUNNEL_KEY_ATTR_MAX
> };
>
Since this is uapi, we need to define the struct erspan_metadata in a
UAPI header file.
Also lets move field 'version' to the begining of the struct for easy
expansion later.
struct erspan_metadata {
int version;
union {
__be32 index; /* Version 1 (type II)*/
struct erspan_md2 md2; /* Version 2 (type III) */
} u;
};
> diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
> index f143908b651d..9d00c24b2836 100644
> --- a/net/openvswitch/flow_netlink.c
> +++ b/net/openvswitch/flow_netlink.c
> @@ -49,6 +49,7 @@
> #include <net/mpls.h>
> #include <net/vxlan.h>
> #include <net/tun_proto.h>
> +#include <net/erspan.h>
>
> #include "flow_netlink.h"
>
> @@ -329,7 +330,8 @@ size_t ovs_tun_key_attr_size(void)
> + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_CSUM */
> + nla_total_size(0) /* OVS_TUNNEL_KEY_ATTR_OAM */
> + nla_total_size(256) /* OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS */
> - /* OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS is mutually exclusive with
> + /* OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS and
> + * OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS is mutually exclusive with
> * OVS_TUNNEL_KEY_ATTR_GENEVE_OPTS and covered by it.
> */
> + nla_total_size(2) /* OVS_TUNNEL_KEY_ATTR_TP_SRC */
> @@ -400,6 +402,7 @@ static const struct ovs_len_tbl ovs_tunnel_key_lens[OVS_TUNNEL_KEY_ATTR_MAX + 1]
> .next = ovs_vxlan_ext_key_lens },
> [OVS_TUNNEL_KEY_ATTR_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
> [OVS_TUNNEL_KEY_ATTR_IPV6_DST] = { .len = sizeof(struct in6_addr) },
> + [OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS] = { .len = OVS_ATTR_VARIABLE },
> };
>
> static const struct ovs_len_tbl
> @@ -631,6 +634,33 @@ static int vxlan_tun_opt_from_nlattr(const struct nlattr *attr,
> return 0;
> }
>
> +static int erspan_tun_opt_from_nlattr(const struct nlattr *a,
> + struct sw_flow_match *match, bool is_mask,
> + bool log)
> +{
> + unsigned long opt_key_offset;
> +
> + BUILD_BUG_ON(sizeof(struct erspan_metadata) >
> + sizeof(match->key->tun_opts));
> +
> + if (nla_len(a) > sizeof(match->key->tun_opts)) {
> + OVS_NLERR(log, "ERSPAN option length err (len %d, max %zu).",
> + nla_len(a), sizeof(match->key->tun_opts));
> + return -EINVAL;
> + }
> +
> + if (!is_mask)
> + SW_FLOW_KEY_PUT(match, tun_opts_len,
> + sizeof(struct erspan_metadata), false);
> + else
> + SW_FLOW_KEY_PUT(match, tun_opts_len, 0xff, true);
> +
> + opt_key_offset = TUN_METADATA_OFFSET(nla_len(a));
> + SW_FLOW_KEY_MEMCPY_OFFSET(match, opt_key_offset, nla_data(a),
> + nla_len(a), is_mask);
> + return 0;
> +}
> +
...
> @@ -2461,6 +2509,41 @@ static int validate_geneve_opts(struct sw_flow_key *key)
> return 0;
> }
>
> +static int validate_erspan_opts(struct sw_flow_key *key, bool log)
> +{
I do not see any need to validate ERSPAN key values, except the total
len, which should be less than 255.
> +
> static int validate_and_copy_set_tun(const struct nlattr *attr,
> struct sw_flow_actions **sfa, bool log)
> {
> @@ -2486,6 +2569,11 @@ static int validate_and_copy_set_tun(const struct nlattr *attr,
> break;
> case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS:
> break;
> + case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS:
> + err = validate_erspan_opts(&key, log);
> + if (err < 0)
> + return err;
> + break;
> }
> };
>
> --
> 2.7.4
>
Powered by blists - more mailing lists