| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 1 Jul 2019 09:47:36 -0600
From: David Ahern <dsahern@...il.com>
To: John Hurley <john.hurley@...ronome.com>, netdev@...r.kernel.org
Cc: davem@...emloft.net, jiri@...lanox.com, xiyou.wangcong@...il.com,
simon.horman@...ronome.com, jakub.kicinski@...ronome.com,
oss-drivers@...ronome.com
Subject: Re: [PATCH net-next v4 4/5] net: sched: add mpls manipulation actions
to TC
On 7/1/19 6:30 AM, John Hurley wrote:
> Currently, TC offers the ability to match on the MPLS fields of a packet
> through the use of the flow_dissector_key_mpls struct. However, as yet, TC
> actions do not allow the modification or manipulation of such fields.
>
> Add a new module that registers TC action ops to allow manipulation of
> MPLS. This includes the ability to push and pop headers as well as modify
> the contents of new or existing headers. A further action to decrement the
> TTL field of an MPLS header is also provided.
Would be good to document an example here and how to handle a label
stack. The same example can be used with the iproute2 patch (I presume
this one ;-)).
> +static int valid_label(const struct nlattr *attr,
> + struct netlink_ext_ack *extack)
> +{
> + const u32 *label = nla_data(attr);
> +
> + if (!*label || *label & ~MPLS_LABEL_MASK) {
> + NL_SET_ERR_MSG_MOD(extack, "MPLS label out of range");
> + return -EINVAL;
> + }
core MPLS code (nla_get_labels) checks for MPLS_LABEL_IMPLNULL as well.
> +
> + return 0;
> +}
> +
> +static const struct nla_policy mpls_policy[TCA_MPLS_MAX + 1] = {
> + [TCA_MPLS_UNSPEC] = { .strict_start_type = TCA_MPLS_UNSPEC + 1 },
> + [TCA_MPLS_PARMS] = NLA_POLICY_EXACT_LEN(sizeof(struct tc_mpls)),
> + [TCA_MPLS_PROTO] = { .type = NLA_U16 },
> + [TCA_MPLS_LABEL] = NLA_POLICY_VALIDATE_FN(NLA_U32, valid_label),
> + [TCA_MPLS_TC] = NLA_POLICY_RANGE(NLA_U8, 0, 7),
> + [TCA_MPLS_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
> + [TCA_MPLS_BOS] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
> +};
> +
> +static int tcf_mpls_init(struct net *net, struct nlattr *nla,
> + struct nlattr *est, struct tc_action **a,
> + int ovr, int bind, bool rtnl_held,
> + struct tcf_proto *tp, struct netlink_ext_ack *extack)
> +{
> + struct tc_action_net *tn = net_generic(net, mpls_net_id);
> + struct nlattr *tb[TCA_MPLS_MAX + 1];
> + struct tcf_chain *goto_ch = NULL;
> + struct tcf_mpls_params *p;
> + struct tc_mpls *parm;
> + bool exists = false;
> + struct tcf_mpls *m;
> + int ret = 0, err;
> + u8 mpls_ttl = 0;
> +
> + if (!nla) {
> + NL_SET_ERR_MSG_MOD(extack, "Missing netlink attributes");
> + return -EINVAL;
> + }
> +
> + err = nla_parse_nested(tb, TCA_MPLS_MAX, nla, mpls_policy, extack);
> + if (err < 0)
> + return err;
> +
> + if (!tb[TCA_MPLS_PARMS]) {
> + NL_SET_ERR_MSG_MOD(extack, "No MPLS params");
> + return -EINVAL;
> + }
> + parm = nla_data(tb[TCA_MPLS_PARMS]);
> +
> + /* Verify parameters against action type. */
> + switch (parm->m_action) {
> + case TCA_MPLS_ACT_POP:
> + if (!tb[TCA_MPLS_PROTO] ||
> + !eth_proto_is_802_3(nla_get_be16(tb[TCA_MPLS_PROTO]))) {
> + NL_SET_ERR_MSG_MOD(extack, "Invalid protocol type for MPLS pop");
would be better to call out '!tb[TCA_MPLS_PROTO]' with its own 'Protocol
must be set given for pop' message.
Powered by blists - more mailing lists