lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cover.1590495493.git.gnault@redhat.com>
Date:   Tue, 26 May 2020 14:28:57 +0200
From:   Guillaume Nault <gnault@...hat.com>
To:     David Miller <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>
Cc:     netdev@...r.kernel.org, Jamal Hadi Salim <jhs@...atatu.com>,
        Cong Wang <xiyou.wangcong@...il.com>,
        Jiri Pirko <jiri@...lanox.com>,
        Tom Herbert <tom@...bertland.com>,
        Pablo Neira Ayuso <pablo@...filter.org>,
        Eli Cohen <eli@...lanox.com>,
        Liel Shoshan <liels@...lanox.com>,
        Rony Efraim <ronye@...lanox.com>
Subject: [PATCH net-next v3 0/2] flow_dissector, cls_flower: Add support for
 multiple MPLS Label Stack Entries

Currently, the flow dissector and the Flower classifier can only handle
the first entry of an MPLS label stack. This patch series generalises
the code to allow parsing and matching the Label Stack Entries that
follow.

Patch 1 extends the flow dissector to parse MPLS LSEs until the Bottom
Of Stack bit is reached. The number of parsed LSEs is capped at
FLOW_DIS_MPLS_MAX (arbitrarily set to 7). Flower and the NFP driver
are updated to take into account the new layout of struct
flow_dissector_key_mpls.

Patch 2 extends Flower. It defines new netlink attributes, which are
independent from the previous MPLS ones. Mixing the old and the new
attributes in a same filter is not allowed. For backward compatibility,
the old attributes are used when dumping filters that don't require the
new ones.

Changes since v2:
  * Fix compilation with the new MLX5 bareudp tunnel code.

Changes since v1:
  * Fix compilation of NFP driver (kbuild test robot).
  * Fix sparse warning with entropy label (kbuild test robot).

Guillaume Nault (2):
  flow_dissector: Parse multiple MPLS Label Stack Entries
  cls_flower: Support filtering on multiple MPLS Label Stack Entries

 .../mellanox/mlx5/core/en/tc_tun_mplsoudp.c   |  27 +-
 .../net/ethernet/netronome/nfp/flower/match.c |  42 ++-
 include/net/flow_dissector.h                  |  14 +-
 include/uapi/linux/pkt_cls.h                  |  23 ++
 net/core/flow_dissector.c                     |  49 ++-
 net/sched/cls_flower.c                        | 295 +++++++++++++++++-
 6 files changed, 397 insertions(+), 53 deletions(-)

-- 
2.21.1

Notes:
  * The NFP and MLX5 udpates have been compile-tested only, as I don't
    don't have the required hardware. Reviews from Netronome and
    Mellanox warmly welcome.
  * Compiles with allmodconfig on latest net-next tree, I swear :)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ