| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 14 Jul 2018 11:39:50 +0300
From: Ido Schimmel <idosch@...lanox.com>
To: netdev@...r.kernel.org
Cc: davem@...emloft.net, jiri@...lanox.com, petrm@...lanox.com,
mlxsw@...lanox.com, Ido Schimmel <idosch@...lanox.com>
Subject: [PATCH net-next 0/4] mlxsw: Add VRRP support
When a router that is acting as the default gateway of a host stops
functioning, the host will encounter packet loss until the router starts
functioning again.
To increase the reliability of the default gateway without performing
reconfiguration on the host, a host can use a Virtual Router Redundancy
Protocol (VRRP) Router. This virtual router is composed from several
routers where only one is actually forwarding packets from the host (the
master router) while the other routers act as backup routers. The
election of the master router is determined by the VRRP protocol [1].
Packets addressed to the virtual router are always sent to the virtual
router MAC address (IPv4: 00-00-5E-00-01-XX, IPv6: 00-00-5E-00-02-XX).
Such packets can only be accepted by the master router and must be
discarded by the backup routers.
In Linux, VRRP is usually implemented by configuring a macvlan with the
virtual router MAC on top of the router interface that is connected to
the host / LAN. The macvlan on the master router is assigned the virtual
IP (VIP) that the host uses as its gateway.
In order to support VRRP in mlxsw, we first need to enable macvlan upper
devices on top of mlxsw netdevs and their uppers. This is done by the
first patch, which also takes care of sanitizing macvlan configurations
that are not currently supported by the driver.
The second patch directs packets with destination MAC addresses as the
macvlans to the router so that they will undergo an L3 lookup. This is
consistent with the kernel's behavior where the macvlan's Rx handler
will re-inject such packets to the Rx path so that they will be picked
up by the IPvX protocol handlers and undergo an L3 lookup. Note that the
driver prevents the macvlans from being enslaved to other devices, to
ensure the packets will be picked up by the protocol handler and not by
another Rx handler.
The third patch adds packet traps for VRRP control packets for both IPv4
and IPv6. Finally, the last patch optimizes the reception of VRRP MACs
by potentially skipping one L2 lookup for them.
Ido Schimmel (4):
mlxsw: spectrum: Enable macvlan upper devices
mlxsw: spectrum_router: Direct macvlans' MACs to router
mlxsw: spectrum: Add VRRP traps
mlxsw: spectrum_router: Optimize processing of VRRP MACs
drivers/net/ethernet/mellanox/mlxsw/reg.h | 14 ++
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 88 +++++++++-
drivers/net/ethernet/mellanox/mlxsw/spectrum.h | 2 +
.../net/ethernet/mellanox/mlxsw/spectrum_router.c | 190 ++++++++++++++++++++-
drivers/net/ethernet/mellanox/mlxsw/trap.h | 2 +
5 files changed, 292 insertions(+), 4 deletions(-)
--
2.14.4
Powered by blists - more mailing lists