lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 27 Mar 2020 18:00:17 -0400
From:   Alexander Aring <alex.aring@...il.com>
To:     davem@...emloft.net
Cc:     kuznet@....inr.ac.ru, yoshfuji@...ux-ipv6.org, kuba@...nel.org,
        dav.lebrun@...il.com, mcr@...delman.ca, stefan@...enfreihafen.org,
        kai.beckmann@...rm.de, martin.gergeleit@...rm.de,
        robert.kaiser@...rm.de, netdev@...r.kernel.org,
        Alexander Aring <alex.aring@...il.com>
Subject: [PATCHv3 net-next 0/5] net: ipv6: add rpl source routing

Hi netdev,

This patch series will add handling for RPL source routing handling
and insertion (implement as lwtunnel)! I did an example prototype
implementation in rpld for using this implementation in non-storing mode:

https://github.com/linux-wpan/rpld/tree/nonstoring_mode

I will also present a talk at netdev about it:

https://netdevconf.info/0x14/session.html?talk-extend-segment-routing-for-RPL

In receive handling I add handling for IPIP encapsulation as RFC6554
describes it as possible. For reasons I didn't implemented it yet for
generating such packets because I am not really sure how/when this
should happen. So far I understand there exists a draft yet which
describes the cases (inclusive a Hop-by-Hop option which we also not
support yet).

https://tools.ietf.org/html/draft-ietf-roll-useofrplinfo-35

This is just the beginning to start implementation everything for yet,
step by step. It works for my use cases yet to have it running on a
6LOWPAN _only_ network.

I have some patches for iproute2 as well.

A sidenote: I check on local addresses if they are part of segment
routes, this is just to avoid stupid settings. A use can add addresses
afterwards what I cannot control anymore but then it's users fault to
make such thing. The receive handling checks for this as well which is
required by RFC6554, so the next hops or when it comes back should drop
it anyway.

To make this possible I added functionality to pass the net structure to
the build_state of lwtunnel (I hope I caught all lwtunnels).

Another sidenote: I set the headroom value to 0 as I figured out it will
break on interfaces with IPv6 min mtu if set to non zero for tunnels on
L3.

- Alex

changes since v3:
 - use parse_nested which isn't deprecated - Thanks David Ahern
 - change to return -1 instead errno in exthdr handling to unify
   error code
 - change function name from ipv6_rpl_srh_decompress_size to
   ipv6_rpl_srh_size

changes since v2:
 - add additional segdata length in lwtunnel build_state
 - fix build_state patch by not catching one inline noop function
   if LWTUNNEL is disabled

Alexander Aring (5):
  include: uapi: linux: add rpl sr header definition
  addrconf: add functionality to check on rpl requirements
  net: ipv6: add support for rpl sr exthdr
  net: add net available in build_state
  net: ipv6: add rpl sr tunnel

 include/linux/ipv6.h              |   1 +
 include/net/addrconf.h            |   3 +
 include/net/ip_fib.h              |   5 +-
 include/net/lwtunnel.h            |   6 +-
 include/net/rpl.h                 |  46 ++++
 include/uapi/linux/ipv6.h         |   2 +
 include/uapi/linux/lwtunnel.h     |   1 +
 include/uapi/linux/rpl.h          |  48 ++++
 include/uapi/linux/rpl_iptunnel.h |  21 ++
 net/core/lwt_bpf.c                |   2 +-
 net/core/lwtunnel.c               |   6 +-
 net/ipv4/fib_lookup.h             |   2 +-
 net/ipv4/fib_semantics.c          |  22 +-
 net/ipv4/fib_trie.c               |   2 +-
 net/ipv4/ip_tunnel_core.c         |   4 +-
 net/ipv6/Kconfig                  |  10 +
 net/ipv6/Makefile                 |   3 +-
 net/ipv6/addrconf.c               |  63 +++++
 net/ipv6/af_inet6.c               |   7 +
 net/ipv6/exthdrs.c                | 201 +++++++++++++++-
 net/ipv6/ila/ila_lwt.c            |   2 +-
 net/ipv6/route.c                  |   2 +-
 net/ipv6/rpl.c                    | 123 ++++++++++
 net/ipv6/rpl_iptunnel.c           | 380 ++++++++++++++++++++++++++++++
 net/ipv6/seg6_iptunnel.c          |   2 +-
 net/ipv6/seg6_local.c             |   5 +-
 net/mpls/mpls_iptunnel.c          |   2 +-
 27 files changed, 940 insertions(+), 31 deletions(-)
 create mode 100644 include/net/rpl.h
 create mode 100644 include/uapi/linux/rpl.h
 create mode 100644 include/uapi/linux/rpl_iptunnel.h
 create mode 100644 net/ipv6/rpl.c
 create mode 100644 net/ipv6/rpl_iptunnel.c

-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ