lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 26 Apr 2020 08:04:15 -0700
From:   William Tu <u9012063@...il.com>
To:     netdev@...r.kernel.org
Cc:     petrm@...lanox.com, lucien.xin@...il.com, guy@...m.mit.edu,
        Dmitriy Andreyevskiy <dandreye@...co.com>
Subject: [PATCH iproute2-next] erspan: Add type I version 0 support.

The Type I ERSPAN frame format is based on the barebones
IP + GRE(4-byte) encapsulation on top of the raw mirrored frame.
Both type I and II use 0x88BE as protocol type. Unlike type II
and III, no sequence number or key is required.

To creat a type I erspan tunnel device:
$ ip link add dev erspan11 type erspan \
	local 172.16.1.100 remote 172.16.1.200 \
	erspan_ver 0

CC: Dmitriy Andreyevskiy <dandreye@...co.com>
Signed-off-by: William Tu <u9012063@...il.com>
---
I didn't notice there is Type I when I did first erspan type II code
because it is not in the ietf draft 00 and 01. It's until recently I got
request for adding type I. Spec is below at draft 02:
https://tools.ietf.org/html/draft-foschiano-erspan-02#section-4.1

To verify with Wireshark, make sure you have:
commit ef76d65fc61d01c2ce5184140f4b1bba0019078b
Author: Guy Harris <guy@...m.mit.edu>
Date:   Mon Sep 30 16:35:35 2019 -0700

	Fix checks for "do we have an ERSPAN header?"
---
 ip/link_gre.c         | 4 ++--
 ip/link_gre6.c        | 6 +++---
 man/man8/ip-link.8.in | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/ip/link_gre.c b/ip/link_gre.c
index d616a970e9a2..0461e5d06ef3 100644
--- a/ip/link_gre.c
+++ b/ip/link_gre.c
@@ -354,8 +354,8 @@ get_failed:
 			NEXT_ARG();
 			if (get_u8(&erspan_ver, *argv, 0))
 				invarg("invalid erspan version\n", *argv);
-			if (erspan_ver != 1 && erspan_ver != 2)
-				invarg("erspan version must be 1 or 2\n", *argv);
+			if (erspan_ver > 2)
+				invarg("erspan version must be 0/1/2\n", *argv);
 		} else if (is_erspan && strcmp(*argv, "erspan_dir") == 0) {
 			NEXT_ARG();
 			if (matches(*argv, "ingress") == 0)
diff --git a/ip/link_gre6.c b/ip/link_gre6.c
index 94a4ee700431..9d270f4b4455 100644
--- a/ip/link_gre6.c
+++ b/ip/link_gre6.c
@@ -389,8 +389,8 @@ get_failed:
 			NEXT_ARG();
 			if (get_u8(&erspan_ver, *argv, 0))
 				invarg("invalid erspan version\n", *argv);
-			if (erspan_ver != 1 && erspan_ver != 2)
-				invarg("erspan version must be 1 or 2\n", *argv);
+			if (erspan_ver > 2)
+				invarg("erspan version must be 0/1/2\n", *argv);
 		} else if (strcmp(*argv, "erspan_dir") == 0) {
 			NEXT_ARG();
 			if (matches(*argv, "ingress") == 0)
@@ -430,7 +430,7 @@ get_failed:
 	addattr_l(n, 1024, IFLA_GRE_FLOWINFO, &flowinfo, 4);
 	addattr32(n, 1024, IFLA_GRE_FLAGS, flags);
 	addattr32(n, 1024, IFLA_GRE_FWMARK, fwmark);
-	if (erspan_ver) {
+	if (erspan_ver <= 2) {
 		addattr8(n, 1024, IFLA_GRE_ERSPAN_VER, erspan_ver);
 		if (erspan_ver == 1 && erspan_idx != 0) {
 			addattr32(n, 1024, IFLA_GRE_ERSPAN_INDEX, erspan_idx);
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index 939e2ad49f4e..e8a25451f7cd 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -1163,8 +1163,8 @@ It must be an address on another interface on this host.
 .BR erspan_ver " \fIversion "
 - specifies the ERSPAN version number.
 .IR version
-indicates the ERSPAN version to be created: 1 for version 1 (type II)
-or 2 for version 2 (type III).
+indicates the ERSPAN version to be created: 0 for version 0 type I,
+1 for version 1 (type II) or 2 for version 2 (type III).
 
 .sp
 .BR erspan " \fIIDX "
-- 
2.7.4

Powered by blists - more mailing lists