| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cover.1547679599.git.petrm@mellanox.com>
Date: Wed, 16 Jan 2019 23:06:28 +0000
From: Petr Machata <petrm@...lanox.com>
To: "netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC: "ivecera@...hat.com" <ivecera@...hat.com>,
Jiri Pirko <jiri@...lanox.com>,
Ido Schimmel <idosch@...lanox.com>,
"davem@...emloft.net" <davem@...emloft.net>
Subject: [PATCH net-next 00/13] vxlan: Allow vetoing FDB operations
mlxsw does not implement handling of the more advanced types of VXLAN
FDB entries. In order to provide visibility to users, it is important to
be able to reject such FDB entries, ideally with an explanation passed
in extended ack. This patch set implements this.
In patches #1-#4, vxlan is gradually transformed to support vetoing of
FDB entries added (or modified) through vxlan_fdb_update(), and the
default FDB entry added in __vxlan_dev_create().
Patches #5-#7 deal with vxlan_changelink(). The existing code recognizes
that vxlan_fdb_update() may fail, but doesn't attempt to keep things
intact if it does. These patches change the function in several steps to
gracefully handle vetoes (or other failures).
Then in patches #8-#11, extack arguments are added, respectively, to
ndo_fdb_add(), mlxsw's mlxsw_sp_nve_ops.fdb_replay, the functions that
connect to the VXLAN vetoing code, and call_switchdev_notifiers(). Note
that call_switchdev_blocking_notifiers() already does support extack.
Finally in patch #12, mlxsw is extended to add extack messages to
rejected FDB entries. In patch #13, the functionality is tested.
Petr Machata (13):
vxlan: Move up vxlan_fdb_free(), vxlan_fdb_destroy()
vxlan: Split vxlan_fdb_update() in two
vxlan: Have vxlan_fdb_replace() save original rdst value
vxlan: Allow vetoing of FDB notifications
vxlan: changelink: Inline vxlan_dev_configure()
vxlan: changelink: Postpone vxlan_config_apply()
vxlan: changelink: Delete remote after update
net: Add extack argument to ndo_fdb_add()
mlxsw: Add extack to mlxsw_sp_nve_ops.fdb_replay
vxlan: Add extack to switchdev operations
switchdev: Add extack argument to call_switchdev_notifiers()
mlxsw: spectrum: Add extack messages to VXLAN FDB rejection
selftests: mlxsw: Test veto of unsupported VXLAN FDBs
Documentation/networking/switchdev.txt | 2 +-
drivers/net/ethernet/intel/i40e/i40e_main.c | 3 +-
drivers/net/ethernet/intel/ice/ice_main.c | 3 +-
drivers/net/ethernet/intel/igb/igb_main.c | 3 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 +-
drivers/net/ethernet/mellanox/mlxsw/spectrum_nve.c | 6 +-
drivers/net/ethernet/mellanox/mlxsw/spectrum_nve.h | 3 +-
.../ethernet/mellanox/mlxsw/spectrum_nve_vxlan.c | 6 +-
.../net/ethernet/mellanox/mlxsw/spectrum_router.c | 6 +-
.../ethernet/mellanox/mlxsw/spectrum_switchdev.c | 37 ++-
drivers/net/ethernet/mscc/ocelot.c | 3 +-
drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c | 3 +-
drivers/net/ethernet/rocker/rocker_main.c | 2 +-
drivers/net/ethernet/rocker/rocker_ofdpa.c | 4 +-
drivers/net/macvlan.c | 3 +-
drivers/net/vxlan.c | 352 +++++++++++++--------
include/linux/netdevice.h | 6 +-
include/net/switchdev.h | 6 +-
include/net/vxlan.h | 6 +-
net/bridge/br_fdb.c | 3 +-
net/bridge/br_private.h | 3 +-
net/bridge/br_switchdev.c | 2 +-
net/core/rtnetlink.c | 5 +-
net/dsa/dsa_priv.h | 3 +-
net/dsa/slave.c | 5 +-
net/switchdev/switchdev.c | 5 +-
.../selftests/drivers/net/mlxsw/vxlan_fdb_veto.sh | 126 ++++++++
27 files changed, 421 insertions(+), 188 deletions(-)
create mode 100755 tools/testing/selftests/drivers/net/mlxsw/vxlan_fdb_veto.sh
--
2.4.11
Powered by blists - more mailing lists