lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cover.1601673174.git.gnault@redhat.com>
Date:   Sat, 3 Oct 2020 00:44:25 +0200
From:   Guillaume Nault <gnault@...hat.com>
To:     David Miller <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>
Cc:     netdev@...r.kernel.org, Jamal Hadi Salim <jhs@...atatu.com>,
        Cong Wang <xiyou.wangcong@...il.com>,
        Jiri Pirko <jiri@...nulli.us>, Jiri Benc <jbenc@...hat.com>,
        Martin Varghese <martin.varghese@...ia.com>
Subject: [PATCH net-next 0/2] net/sched: Add actions for MPLS L2 VPNs

This patch series adds the necessary TC actions for supporting layer 2
MPLS VPNs (VPLS).

The objective is to give the possibility to add an MPLS header right
before an skb's mac header, then to prepend this MPLS packet with a
new Ethernet header with the MAC address of the next hop.

Patch 1 implements the actions for adding and removing the external
Ethernet header.
Patch 2 adds the possibility to push an MPLS header before the mac
header.

Most of the code already exists as these operations were first
implemented in openvswitch.

Practical example, with encap on Host-A and decap on Host-B:

 Host-A# tc filter add dev ethAx ingress matchall         \
           action mpls mac_push label 20                  \
           action vlan push_eth dst_mac 02:00:00:00:00:02 \
                                src_mac 02:00:00:00:00:01 \
           action mirred egress redirect dev ethAy

 Host-B# tc filter add dev ethBx ingress protocol mpls_uc \
           flower mpls_label 20 mpls_bos 1                \
           action vlan pop_eth                            \
           action mpls pop proto teb                      \
           action mirred egress redirect dev ethBy

Guillaume Nault (2):
  net/sched: act_vlan: Add {POP,PUSH}_ETH actions
  net/sched: act_mpls: Add action to push MPLS LSE before Ethernet
    header

 include/linux/skbuff.h              |  3 ++
 include/net/tc_act/tc_vlan.h        |  2 +
 include/uapi/linux/tc_act/tc_mpls.h |  1 +
 include/uapi/linux/tc_act/tc_vlan.h |  4 ++
 net/core/skbuff.c                   | 67 +++++++++++++++++++++++++++++
 net/openvswitch/actions.c           | 28 +++++-------
 net/sched/act_mpls.c                | 18 ++++++++
 net/sched/act_vlan.c                | 40 +++++++++++++++++
 8 files changed, 145 insertions(+), 18 deletions(-)

-- 
2.21.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ