| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Apr 2020 08:04:15 -0700
From: William Tu <u9012063@...il.com>
To: netdev@...r.kernel.org
Cc: petrm@...lanox.com, lucien.xin@...il.com, guy@...m.mit.edu,
Dmitriy Andreyevskiy <dandreye@...co.com>
Subject: [PATCH iproute2-next] erspan: Add type I version 0 support.
The Type I ERSPAN frame format is based on the barebones
IP + GRE(4-byte) encapsulation on top of the raw mirrored frame.
Both type I and II use 0x88BE as protocol type. Unlike type II
and III, no sequence number or key is required.
To creat a type I erspan tunnel device:
$ ip link add dev erspan11 type erspan \
local 172.16.1.100 remote 172.16.1.200 \
erspan_ver 0
CC: Dmitriy Andreyevskiy <dandreye@...co.com>
Signed-off-by: William Tu <u9012063@...il.com>
---
I didn't notice there is Type I when I did first erspan type II code
because it is not in the ietf draft 00 and 01. It's until recently I got
request for adding type I. Spec is below at draft 02:
https://tools.ietf.org/html/draft-foschiano-erspan-02#section-4.1
To verify with Wireshark, make sure you have:
commit ef76d65fc61d01c2ce5184140f4b1bba0019078b
Author: Guy Harris <guy@...m.mit.edu>
Date: Mon Sep 30 16:35:35 2019 -0700
Fix checks for "do we have an ERSPAN header?"
---
ip/link_gre.c | 4 ++--
ip/link_gre6.c | 6 +++---
man/man8/ip-link.8.in | 4 ++--
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/ip/link_gre.c b/ip/link_gre.c
index d616a970e9a2..0461e5d06ef3 100644
--- a/ip/link_gre.c
+++ b/ip/link_gre.c
@@ -354,8 +354,8 @@ get_failed:
NEXT_ARG();
if (get_u8(&erspan_ver, *argv, 0))
invarg("invalid erspan version\n", *argv);
- if (erspan_ver != 1 && erspan_ver != 2)
- invarg("erspan version must be 1 or 2\n", *argv);
+ if (erspan_ver > 2)
+ invarg("erspan version must be 0/1/2\n", *argv);
} else if (is_erspan && strcmp(*argv, "erspan_dir") == 0) {
NEXT_ARG();
if (matches(*argv, "ingress") == 0)
diff --git a/ip/link_gre6.c b/ip/link_gre6.c
index 94a4ee700431..9d270f4b4455 100644
--- a/ip/link_gre6.c
+++ b/ip/link_gre6.c
@@ -389,8 +389,8 @@ get_failed:
NEXT_ARG();
if (get_u8(&erspan_ver, *argv, 0))
invarg("invalid erspan version\n", *argv);
- if (erspan_ver != 1 && erspan_ver != 2)
- invarg("erspan version must be 1 or 2\n", *argv);
+ if (erspan_ver > 2)
+ invarg("erspan version must be 0/1/2\n", *argv);
} else if (strcmp(*argv, "erspan_dir") == 0) {
NEXT_ARG();
if (matches(*argv, "ingress") == 0)
@@ -430,7 +430,7 @@ get_failed:
addattr_l(n, 1024, IFLA_GRE_FLOWINFO, &flowinfo, 4);
addattr32(n, 1024, IFLA_GRE_FLAGS, flags);
addattr32(n, 1024, IFLA_GRE_FWMARK, fwmark);
- if (erspan_ver) {
+ if (erspan_ver <= 2) {
addattr8(n, 1024, IFLA_GRE_ERSPAN_VER, erspan_ver);
if (erspan_ver == 1 && erspan_idx != 0) {
addattr32(n, 1024, IFLA_GRE_ERSPAN_INDEX, erspan_idx);
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index 939e2ad49f4e..e8a25451f7cd 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -1163,8 +1163,8 @@ It must be an address on another interface on this host.
.BR erspan_ver " \fIversion "
- specifies the ERSPAN version number.
.IR version
-indicates the ERSPAN version to be created: 1 for version 1 (type II)
-or 2 for version 2 (type III).
+indicates the ERSPAN version to be created: 0 for version 0 type I,
+1 for version 1 (type II) or 2 for version 2 (type III).
.sp
.BR erspan " \fIIDX "
--
2.7.4
Powered by blists - more mailing lists