lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 10 Dec 2019 13:45:28 +0530
From:   Martin Varghese <martinvarghesenokia@...il.com>
To:     netdev@...r.kernel.org, pshelar@....org, davem@...emloft.net,
        scott.drennan@...ia.com, jbenc@...hat.com,
        martin.varghese@...ia.com
Subject: [PATCH net-next 0/3] New openvswitch MPLS actions for layer 2 tunnelling

From: Martin Varghese <martin.varghese@...ia.com>

The existing PUSH MPLS & POP MPLS actions inserts & removes MPLS header
between ethernet header and the IP header. Though this behaviour is fine
for L3 VPN where an IP packet is encapsulated inside a MPLS tunnel, it
does not suffice the L2 VPN (l2 tunnelling) requirements. In L2 VPN
the MPLS header should encapsulate the ethernet packet.

The new mpls actions PTAP_PUSH_MPLS & PTAP_POP_MPLS inserts and removes
MPLS header from start of the packet respectively.

PTAP_PUSH_MPLS - Inserts MPLS header at the start of the packet.
@ethertype - Ethertype of MPLS header. 0x8847 for unicast,0x8848 for multicast.

PTAP_POP_MPLS - Removes MPLS header from the start of the packet.
@ethertype - Ethertype of next header following the popped MPLS header.
             Value 0 in ethertype indicates the tunnelled packet is
             ethernet.

OVS userspace changes -
---------------------
Encap & Decap ovs actions are extended to support MPLS packet type. The encap & decap
adds and removes MPLS header at the start of packet as depicted below.

Actions - encap(mpls(ether_type=0x8847)),encap(ethernet)

Incoming packet -> | ETH | IP | Payload |

1 Actions -  encap(mpls(ether_type=0x8847)) [Kernel action - ptap_push_mpls:0x8847]

        Outgoing packet -> | MPLS | ETH | Payload|

2 Actions - encap(ethernet) [ Kernel action - push_eth ]

        Outgoing packet -> | ETH | MPLS | ETH | Payload|

Decapsulation:

Incoming packet -> | ETH | MPLS | ETH | IP | Payload |

Actions - decap(),decap(packet_type(ns=0,type=0)

1 Actions -  decap() [Kernel action - pop_eth)

        Outgoing packet -> | MPLS | ETH | IP | Payload|

2 Actions - decap(packet_type(ns=0,type=0) [Kernel action - ptap_pop_mpls:0]

        Outgoing packet -> | ETH  | IP | Payload

Martin Varghese (3):
  net: skb_mpls_push() modified to allow MPLS header push at start of
    packet.
  net: Rephrased comments section of skb_mpls_pop()
  openvswitch: New MPLS actions for layer 2 tunnelling

 include/uapi/linux/openvswitch.h |  2 ++
 net/core/skbuff.c                |  9 ++++++---
 net/openvswitch/actions.c        | 40 ++++++++++++++++++++++++++++++++++++++++
 net/openvswitch/flow_netlink.c   | 21 +++++++++++++++++++++
 4 files changed, 69 insertions(+), 3 deletions(-)

-- 
1.8.3.1

Powered by blists - more mailing lists