| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Feb 2018 12:18:37 +0100
From: Petr Machata <petrm@...lanox.com>
To: <netdev@...r.kernel.org>
Subject: [PATCH iproute2-next v3] ip: link_gre6.c: Support
IP6_TNL_F_ALLOW_LOCAL_REMOTE flag
For IP-in-IP tunnels, one can specify the [no]allow-localremote command
when configuring a device. Under the hood, this flips the
IP6_TNL_F_ALLOW_LOCAL_REMOTE flag on the netdevice. However, ip6gretap
and ip6erspan devices, where the flag is also relevant, are not IP-in-IP
tunnels, and thus there's no way to configure the flag on these
netdevices. Therefore introduce the command to link_gre6 as well.
The original support was introduced in commit 21440d19d957
("ip: link_ip6tnl.c/ip6tunnel.c: Support IP6_TNL_F_ALLOW_LOCAL_REMOTE flag")
Signed-off-by: Petr Machata <petrm@...lanox.com>
---
Notes:
Changes from v1 to v2:
- Rebase to iproute2-next
Changes from v2 to v3:
- Reformat the commit reference to resolve checkpatch error. There's
still one warning about line length on the commit reference line,
but that line can't be shortened without checkpatch complaining
about commit reference formatting again.
ip/link_gre6.c | 11 +++++++++++
man/man8/ip-link.8.in | 14 ++++++++++++++
2 files changed, 25 insertions(+)
diff --git a/ip/link_gre6.c b/ip/link_gre6.c
index 6c77038..e0746bc 100644
--- a/ip/link_gre6.c
+++ b/ip/link_gre6.c
@@ -48,6 +48,7 @@ static void gre_print_help(struct link_util *lu, int argc, char **argv, FILE *f)
" [ dscp inherit ]\n"
" [ dev PHYS_DEV ]\n"
" [ fwmark MARK ]\n"
+ " [ [no]allow-localremote ]\n"
" [ external ]\n"
" [ noencap ]\n"
" [ encap { fou | gue | none } ]\n"
@@ -346,6 +347,10 @@ get_failed:
invarg("invalid fwmark\n", *argv);
flags &= ~IP6_TNL_F_USE_ORIG_FWMARK;
}
+ } else if (strcmp(*argv, "allow-localremote") == 0) {
+ flags |= IP6_TNL_F_ALLOW_LOCAL_REMOTE;
+ } else if (strcmp(*argv, "noallow-localremote") == 0) {
+ flags &= ~IP6_TNL_F_ALLOW_LOCAL_REMOTE;
} else if (strcmp(*argv, "encaplimit") == 0) {
NEXT_ARG();
if (strcmp(*argv, "none") == 0) {
@@ -534,6 +539,12 @@ static void gre_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
if (oflags & GRE_CSUM)
print_bool(PRINT_ANY, "ocsum", "ocsum ", true);
+ if (flags & IP6_TNL_F_ALLOW_LOCAL_REMOTE)
+ print_bool(PRINT_ANY,
+ "ip6_tnl_f_allow_local_remote",
+ "allow-localremote ",
+ true);
+
if (flags & IP6_TNL_F_USE_ORIG_FWMARK) {
print_bool(PRINT_ANY,
"ip6_tnl_f_use_orig_fwmark",
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index 481589e..5dee9fc 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -793,6 +793,8 @@ the following additional arguments are supported:
] [
.BI "dscp inherit"
] [
+.BI "[no]allow-localremote"
+] [
.BI dev " PHYS_DEV "
] [
.RB external
@@ -857,6 +859,11 @@ flag is equivalent to the combination
- specifies a fixed flowlabel.
.sp
+.BI [no]allow-localremote
+- specifies whether to allow remote endpoint to have an address configured on
+local host.
+
+.sp
.BI tclass " TCLASS"
- specifies the traffic class field on
tunneled packets, which can be specified as either a two-digit
@@ -927,6 +934,8 @@ the following additional arguments are supported:
] [
.BR erspan_hwid " \fIhwid "
] [
+.BI "[no]allow-localremote"
+] [
.RB external
]
@@ -965,6 +974,11 @@ traffic's source port and direction.
is a 6-bit value for users to configure.
.sp
+.BI [no]allow-localremote
+- specifies whether to allow remote endpoint to have an address configured on
+local host.
+
+.sp
.BR external
- make this tunnel externally controlled (or not, which is the default).
In the kernel, this is referred to as collect metadata mode. This flag is
--
2.4.11
Powered by blists - more mailing lists