lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <cover.1547679599.git.petrm@mellanox.com>
Date:   Wed, 16 Jan 2019 23:06:28 +0000
From:   Petr Machata <petrm@...lanox.com>
To:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC:     "ivecera@...hat.com" <ivecera@...hat.com>,
        Jiri Pirko <jiri@...lanox.com>,
        Ido Schimmel <idosch@...lanox.com>,
        "davem@...emloft.net" <davem@...emloft.net>
Subject: [PATCH net-next 00/13] vxlan: Allow vetoing FDB operations

mlxsw does not implement handling of the more advanced types of VXLAN
FDB entries. In order to provide visibility to users, it is important to
be able to reject such FDB entries, ideally with an explanation passed
in extended ack. This patch set implements this.

In patches #1-#4, vxlan is gradually transformed to support vetoing of
FDB entries added (or modified) through vxlan_fdb_update(), and the
default FDB entry added in __vxlan_dev_create().

Patches #5-#7 deal with vxlan_changelink(). The existing code recognizes
that vxlan_fdb_update() may fail, but doesn't attempt to keep things
intact if it does. These patches change the function in several steps to
gracefully handle vetoes (or other failures).

Then in patches #8-#11, extack arguments are added, respectively, to
ndo_fdb_add(), mlxsw's mlxsw_sp_nve_ops.fdb_replay, the functions that
connect to the VXLAN vetoing code, and call_switchdev_notifiers(). Note
that call_switchdev_blocking_notifiers() already does support extack.

Finally in patch #12, mlxsw is extended to add extack messages to
rejected FDB entries. In patch #13, the functionality is tested.

Petr Machata (13):
  vxlan: Move up vxlan_fdb_free(), vxlan_fdb_destroy()
  vxlan: Split vxlan_fdb_update() in two
  vxlan: Have vxlan_fdb_replace() save original rdst value
  vxlan: Allow vetoing of FDB notifications
  vxlan: changelink: Inline vxlan_dev_configure()
  vxlan: changelink: Postpone vxlan_config_apply()
  vxlan: changelink: Delete remote after update
  net: Add extack argument to ndo_fdb_add()
  mlxsw: Add extack to mlxsw_sp_nve_ops.fdb_replay
  vxlan: Add extack to switchdev operations
  switchdev: Add extack argument to call_switchdev_notifiers()
  mlxsw: spectrum: Add extack messages to VXLAN FDB rejection
  selftests: mlxsw: Test veto of unsupported VXLAN FDBs

 Documentation/networking/switchdev.txt             |   2 +-
 drivers/net/ethernet/intel/i40e/i40e_main.c        |   3 +-
 drivers/net/ethernet/intel/ice/ice_main.c          |   3 +-
 drivers/net/ethernet/intel/igb/igb_main.c          |   3 +-
 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c      |   3 +-
 drivers/net/ethernet/mellanox/mlxsw/spectrum_nve.c |   6 +-
 drivers/net/ethernet/mellanox/mlxsw/spectrum_nve.h |   3 +-
 .../ethernet/mellanox/mlxsw/spectrum_nve_vxlan.c   |   6 +-
 .../net/ethernet/mellanox/mlxsw/spectrum_router.c  |   6 +-
 .../ethernet/mellanox/mlxsw/spectrum_switchdev.c   |  37 ++-
 drivers/net/ethernet/mscc/ocelot.c                 |   3 +-
 drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c   |   3 +-
 drivers/net/ethernet/rocker/rocker_main.c          |   2 +-
 drivers/net/ethernet/rocker/rocker_ofdpa.c         |   4 +-
 drivers/net/macvlan.c                              |   3 +-
 drivers/net/vxlan.c                                | 352 +++++++++++++--------
 include/linux/netdevice.h                          |   6 +-
 include/net/switchdev.h                            |   6 +-
 include/net/vxlan.h                                |   6 +-
 net/bridge/br_fdb.c                                |   3 +-
 net/bridge/br_private.h                            |   3 +-
 net/bridge/br_switchdev.c                          |   2 +-
 net/core/rtnetlink.c                               |   5 +-
 net/dsa/dsa_priv.h                                 |   3 +-
 net/dsa/slave.c                                    |   5 +-
 net/switchdev/switchdev.c                          |   5 +-
 .../selftests/drivers/net/mlxsw/vxlan_fdb_veto.sh  | 126 ++++++++
 27 files changed, 421 insertions(+), 188 deletions(-)
 create mode 100755 tools/testing/selftests/drivers/net/mlxsw/vxlan_fdb_veto.sh

-- 
2.4.11

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ