lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 30 May 2019 08:06:32 -0700
From:   Alexei Starovoitov <alexei.starovoitov@...il.com>
To:     David Ahern <dsahern@...nel.org>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Network Development <netdev@...r.kernel.org>,
        Ido Schimmel <idosch@...lanox.com>,
        Saeed Mahameed <saeedm@...lanox.com>,
        Martin KaFai Lau <kafai@...com>,
        Wei Wang <weiwan@...gle.com>, David Ahern <dsahern@...il.com>
Subject: Re: [PATCH net-next 0/7] net: add struct nexthop to fib{6}_info

On Wed, May 29, 2019 at 8:10 PM David Ahern <dsahern@...nel.org> wrote:
>
> From: David Ahern <dsahern@...il.com>
>
> This sets adds 'struct nexthop' to fib_info and fib6_info. IPv4
> already handles multiple fib_nh entries in a single fib_info, so
> the conversion to use a nexthop struct is fairly mechanical. IPv6
> using a nexthop struct with a fib6_info impacts a lot of core logic
> which is built around the assumption of a single, builtin fib6_nh
> per fib6_info. To make this easier to review, this set adds
> nexthop to fib6_info and adds checks in most places fib6_info is
> used. The next set finishes the IPv6 conversion, walking through
> the places that need to consider all fib6_nh within a nexthop struct.
>
> Offload drivers - mlx5, mlxsw and rocker - are changed to fail FIB
> entries using nexthop objects. That limitation can be removed once
> the drivers are updated to properly support separate nexthops.
>
> This set starts by adding accessors for fib_nh and fib_nhs in a
> fib_info. This makes it easier to extract the number of nexthops
> in the fib entry and a specific fib_nh once the entry references
> a struct nexthop. Patch 2 converts more of IPv4 code to use
> fib_nh_common allowing a struct nexthop to use a fib6_nh with an
> IPv4 entry.
>
> Patches 3 and 4 add 'struct nexthop' to fib{6}_info and update
> references to both take a different path when it is set. New
> exported functions are added to the nexthop code to validate a
> nexthop struct when configured for use with a fib entry. IPv4
> is allowed to use a nexthop with either v4 or v6 entries. IPv6
> is limited to v6 entries only. In both cases list_heads track
> the fib entries using a nexthop struct for fast correlation on
> events (e.g., device events or nexthop events like delete or
> replace).
>
> The last 3 patches add hooks to drivers listening for FIB
> notificationas. All 3 of them reject the routes as unsupported,
> returning an error message to the user via extack. For mlxsw
> at least this is a stop gap measure until the driver is updated for
> proper support.
>
> David Ahern (7):
>   ipv4: Use accessors for fib_info nexthop data
>   ipv4: Prepare for fib6_nh from a nexthop object
>   ipv4: Plumb support for nexthop object in a fib_info
>   ipv6: Plumb support for nexthop object in a fib6_info
>   mlxsw: Fail attempts to use routes with nexthop objects
>   mlx5: Fail attempts to use routes with nexthop objects
>   rocker: Fail attempts to use routes with nexthop objects
>
>  drivers/net/ethernet/mellanox/mlx5/core/lag_mp.c   |  33 ++-
>  .../net/ethernet/mellanox/mlxsw/spectrum_router.c  |  33 ++-
>  drivers/net/ethernet/rocker/rocker_main.c          |   4 +
>  drivers/net/ethernet/rocker/rocker_ofdpa.c         |  25 +-
>  include/net/ip6_fib.h                              |  11 +-
>  include/net/ip6_route.h                            |  13 +-
>  include/net/ip_fib.h                               |  25 +-
>  include/net/nexthop.h                              | 113 +++++++++
>  net/core/filter.c                                  |   3 +-
>  net/ipv4/fib_frontend.c                            |  15 +-
>  net/ipv4/fib_lookup.h                              |   1 +
>  net/ipv4/fib_rules.c                               |   8 +-
>  net/ipv4/fib_semantics.c                           | 257 ++++++++++++++-------
>  net/ipv4/fib_trie.c                                |  38 ++-
>  net/ipv4/nexthop.c                                 | 111 ++++++++-
>  net/ipv4/route.c                                   |   5 +-
>  net/ipv6/addrconf.c                                |   5 +
>  net/ipv6/ip6_fib.c                                 |  22 +-
>  net/ipv6/ndisc.c                                   |   3 +-
>  net/ipv6/route.c                                   | 156 +++++++++++--
>  20 files changed, 706 insertions(+), 175 deletions(-)

Huge number of core changes and zero tests.
Nacked-by: Alexei Starovoitov <ast@...nel.org>

Powered by blists - more mailing lists