lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1591835721-39497-2-git-send-email-roopa@cumulusnetworks.com>
Date:   Wed, 10 Jun 2020 17:35:20 -0700
From:   Roopa Prabhu <roopa@...ulusnetworks.com>
To:     dsahern@...il.com
Cc:     netdev@...r.kernel.org, stephen@...workplumber.org,
        nikolay@...ulusnetworks.com
Subject: [PATCH iproute2 net-next v2 1/2] ipnexthop: support for fdb nexthops

From: Roopa Prabhu <roopa@...ulusnetworks.com>

This patch adds support to add and delete
ecmp nexthops of type fdb. Such nexthops can
be linked to vxlan fdb entries.

$ip nexthop add id 12 via 172.16.1.2 fdb
$ip nexthop add id 13 via 172.16.1.3 fdb
$ip nexthop add id 102 group 12/13 fdb

$bridge fdb add 02:02:00:00:00:13 dev vx10 nhid 102 self

Signed-off-by: Roopa Prabhu <roopa@...ulusnetworks.com>
---
 ip/ipnexthop.c        | 16 +++++++++++++++-
 man/man8/ip-nexthop.8 | 30 +++++++++++++++++++++++++++---
 2 files changed, 42 insertions(+), 4 deletions(-)

diff --git a/ip/ipnexthop.c b/ip/ipnexthop.c
index 99f8963..421d4d0 100644
--- a/ip/ipnexthop.c
+++ b/ip/ipnexthop.c
@@ -20,6 +20,7 @@ static struct {
 	unsigned int ifindex;
 	unsigned int master;
 	unsigned int proto;
+	unsigned int fdb;
 } filter;
 
 enum {
@@ -39,7 +40,7 @@ static void usage(void)
 		"       ip nexthop { add | replace } id ID NH [ protocol ID ]\n"
 		"       ip nexthop { get| del } id ID\n"
 		"SELECTOR := [ id ID ] [ dev DEV ] [ vrf NAME ] [ master DEV ]\n"
-		"            [ groups ]\n"
+		"            [ groups ] [ fdb ]\n"
 		"NH := { blackhole | [ via ADDRESS ] [ dev DEV ] [ onlink ]\n"
 		"      [ encap ENCAPTYPE ENCAPHDR ] | group GROUP ] }\n"
 		"GROUP := [ id[,weight]>/<id[,weight]>/... ]\n"
@@ -70,6 +71,12 @@ static int nh_dump_filter(struct nlmsghdr *nlh, int reqlen)
 			return err;
 	}
 
+	if (filter.fdb) {
+		err = addattr_l(nlh, reqlen, NHA_FDB, NULL, 0);
+		if (err)
+			return err;
+	}
+
 	return 0;
 }
 
@@ -259,6 +266,9 @@ int print_nexthop(struct nlmsghdr *n, void *arg)
 	if (tb[NHA_OIF])
 		print_rt_flags(fp, nhm->nh_flags);
 
+	if (tb[NHA_FDB])
+		print_null(PRINT_ANY, "fdb", "fdb", NULL);
+
 	print_string(PRINT_FP, NULL, "%s", "\n");
 	close_json_object();
 	fflush(fp);
@@ -385,6 +395,8 @@ static int ipnh_modify(int cmd, unsigned int flags, int argc, char **argv)
 			addattr_l(&req.n, sizeof(req), NHA_BLACKHOLE, NULL, 0);
 			if (req.nhm.nh_family == AF_UNSPEC)
 				req.nhm.nh_family = AF_INET;
+		} else if (!strcmp(*argv, "fdb")) {
+			addattr_l(&req.n, sizeof(req), NHA_FDB, NULL, 0);
 		} else if (!strcmp(*argv, "onlink")) {
 			nh_flags |= RTNH_F_ONLINK;
 		} else if (!strcmp(*argv, "group")) {
@@ -487,6 +499,8 @@ static int ipnh_list_flush(int argc, char **argv, int action)
 			if (get_unsigned(&proto, *argv, 0))
 				invarg("invalid protocol value", *argv);
 			filter.proto = proto;
+		} else if (!matches(*argv, "fdb")) {
+			filter.fdb = 1;
 		} else if (matches(*argv, "help") == 0) {
 			usage();
 		} else {
diff --git a/man/man8/ip-nexthop.8 b/man/man8/ip-nexthop.8
index 68164f3..4d55f4d 100644
--- a/man/man8/ip-nexthop.8
+++ b/man/man8/ip-nexthop.8
@@ -38,7 +38,8 @@ ip-nexthop \- nexthop object management
 .IR NAME " ] [ "
 .B  master
 .IR DEV " ] [ "
-.BR  groups " ] "
+.BR  groups " ] [ "
+.BR  fdb " ]"
 
 .ti -8
 .IR NH " := { "
@@ -49,9 +50,11 @@ ip-nexthop \- nexthop object management
 .IR DEV " ] [ "
 .BR onlink " ] [ "
 .B encap
-.IR ENCAP " ] | "
+.IR ENCAP " ] [ "
+.BR fdb " ] | "
 .B  group
-.IR GROUP " } "
+.IR GROUP " [ "
+.BR fdb " ] } "
 
 .ti -8
 .IR ENCAP " := [ "
@@ -125,6 +128,13 @@ weight (id,weight) and a '/' as a separator between entries.
 .TP
 .B blackhole
 create a blackhole nexthop
+.TP
+.B fdb
+nexthop and nexthop groups for use with layer-2 fdb entries.
+A fdb nexthop group can only have fdb nexthops.
+Example: Used to represent a vxlan remote vtep ip. layer-2 vxlan
+fdb entry pointing to an ecmp nexthop group containing multiple
+remote vtep ips.
 .RE
 
 .TP
@@ -148,6 +158,9 @@ show the nexthops using devices enslaved to given master device
 .TP
 .BI groups
 show only nexthop groups
+.TP
+.BI fdb
+show only fdb nexthops and nexthop groups
 .RE
 .TP
 ip nexthop flush
@@ -186,6 +199,17 @@ ip nexthop add id 4 group 1,5/2,11
 Adds a nexthop with id 4. The nexthop is a group using nexthops with ids
 1 and 2 with nexthop 1 at weight 5 and nexthop 2 at weight 11.
 .RE
+.PP
+ip nexthop add id 5 via 192.168.1.2 fdb
+.RS 4
+Adds a fdb nexthop with id 5.
+.RE
+.PP
+ip nexthop add id 7 group 5/6 fdb
+.RS 4
+Adds a fdb nexthop group with id 7. A fdb nexthop group can only have
+fdb nexthops.
+.RE
 .SH SEE ALSO
 .br
 .BR ip (8)
-- 
2.1.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ