lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu,  4 Apr 2019 10:49:49 -0700
From:   David Ahern <dsahern@...nel.org>
To:     davem@...emloft.net, netdev@...r.kernel.org
Cc:     idosch@...lanox.com, jiri@...lanox.com,
        David Ahern <dsahern@...il.com>
Subject: [PATCH net-next 00/18] ipv4: Enable support for IPv6 gateway with IPv4 routes

From: David Ahern <dsahern@...il.com>

Last set of three with the end goal of enabling IPv6 gateways with IPv4
routes.

This set adds fib6_nh_init and release to the IPv6 stubs, and adds neighbor
helpers that IPv4 code invokes to resolve an IPv6 address. When using
an IPv6 neighbor entry the hh_cache is bypassed as it contains the wrong
ethernet header for an IPv4 packet.

The nh_common nhc_has_gw was a temporary field used to convert existing
code from fib{6}_nh to fib_nh_common. That field is now converted to
nhc_gw_family to differentiate the address family of the gateway entry
as opposed to the address family of the container of fib_nh_common.

Existing code for rtable and fib_config is refactored to prepare
for a v6 address and then support is added. From there various
miscellaneous functions are updated to handle a v6 gateway - from
validating the v6 address to lookups in bpf code to verifying the
nexthop state.

Offload drivers - mlxsw and rocker - are modified to detect the v6
gateway and reject the route as 'unsupported'. e.g.,

    $ ip ro add 172.16.101.0/24 via inet6 fe80::202:ff:fe00:b dev swp1s0
    Error: mlxsw_spectrum: IPv6 gateway with IPv4 route is not supported.

This can be removed in time once support is added to each.

With the infrastructure changes in place, patch 17 enables it by adding
support for RTA_VIA to IPv4. RTA_VIA can be used for IPv4 addresses as
well. Only one of RTA_VIA and RTA_GATEWAY can be passed in a request.

Patch 18 adds a few test cases to fib_tests.sh.

David Ahern (18):
  ipv6: Add fib6_nh_init and release to stubs
  ipv6: Add neighbor helpers that use the ipv6 stub
  net: Replace nhc_has_gw with nhc_gw_family
  ipv4: Prepare rtable for IPv6 gateway
  ipv4: Prepare fib_config for IPv6 gateway
  ipv4: Add support to rtable for ipv6 gateway
  ipv4: Add support to fib_config for IPv6 gateway
  ipv4: Refactor fib_check_nh
  ipv4: Add fib_check_nh_v6_gw
  neighbor: Add skip_cache argument to neigh_output
  ipv4: Add helpers for neigh lookup for nexthop
  bpf: Handle ipv6 gateway in bpf_ipv4_fib_lookup
  ipv4: Handle ipv6 gateway in ipv4_confirm_neigh
  ipv4: Handle ipv6 gateway in fib_detect_death
  ipv4: Handle ipv6 gateway in fib_good_nh
  ipv4: Flag fib_info with a fib_nh using IPv6 gateway
  ipv4: Allow ipv6 gateway with ipv4 routes
  selftests: fib_tests: Add tests for ipv6 gateway with ipv4 route

 drivers/infiniband/core/addr.c                     |   2 +-
 drivers/infiniband/hw/nes/nes_cm.c                 |   2 +-
 drivers/net/appletalk/ipddp.c                      |   6 +-
 .../net/ethernet/mellanox/mlx5/core/en/tc_tun.c    |   2 +-
 .../net/ethernet/mellanox/mlxsw/spectrum_router.c  |  12 +-
 .../net/ethernet/mellanox/mlxsw/spectrum_span.c    |   6 +-
 drivers/net/ethernet/rocker/rocker_main.c          |   9 +
 drivers/net/vrf.c                                  |  12 +-
 include/net/ip6_route.h                            |   2 +-
 include/net/ip_fib.h                               |  16 +-
 include/net/ipv6_stubs.h                           |   6 +
 include/net/ndisc.h                                |  40 ++
 include/net/neighbour.h                            |   5 +-
 include/net/route.h                                |  43 +-
 include/trace/events/fib.h                         |   4 +-
 net/atm/clip.c                                     |   4 +-
 net/core/filter.c                                  |  25 +-
 net/ipv4/fib_frontend.c                            |  68 +++-
 net/ipv4/fib_semantics.c                           | 432 ++++++++++++++-------
 net/ipv4/inet_connection_sock.c                    |   4 +-
 net/ipv4/ip_forward.c                              |   2 +-
 net/ipv4/ip_output.c                               |  13 +-
 net/ipv4/route.c                                   | 112 ++++--
 net/ipv4/xfrm4_policy.c                            |   7 +-
 net/ipv6/addrconf.c                                |   2 +-
 net/ipv6/addrconf_core.c                           |   9 +
 net/ipv6/af_inet6.c                                |   2 +
 net/ipv6/ip6_fib.c                                 |   2 +-
 net/ipv6/ip6_output.c                              |   2 +-
 net/ipv6/route.c                                   |  18 +-
 net/mpls/mpls_iptunnel.c                           |  12 +-
 tools/testing/selftests/net/fib_tests.sh           |  70 +++-
 32 files changed, 695 insertions(+), 256 deletions(-)

-- 
2.11.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ