lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 8 Dec 2020 19:29:10 -0700
From:   David Ahern <dsahern@...il.com>
To:     Paolo Lungaroni <paolo.lungaroni@...t.it>,
        David Ahern <dsahern@...nel.org>, netdev@...r.kernel.org
Cc:     Jakub Kicinski <kuba@...nel.org>,
        Andrea Mayer <andrea.mayer@...roma2.it>
Subject: Re: [iproute2-next v2] seg6: add support for vrftable attribute in
 SRv6 End.DT4/DT6 behaviors

On 12/2/20 6:15 AM, Paolo Lungaroni wrote:
> We introduce the "vrftable" attribute for supporting the SRv6 End.DT4 and
> End.DT6 behaviors in iproute2.
> The "vrftable" attribute indicates the routing table associated with
> the VRF device used by SRv6 End.DT4/DT6 for routing IPv4/IPv6 packets.
> 
> The SRv6 End.DT4/DT6 is used to implement IPv4/IPv6 L3 VPNs based on Segment
> Routing over IPv6 networks in multi-tenants environments.
> It decapsulates the received packets and it performs the IPv4/IPv6 routing
> lookup in the routing table of the tenant.
> 
> The SRv6 End.DT4/DT6 leverages a VRF device in order to force the routing
> lookup into the associated routing table using the "vrftable" attribute.
> 
> Some examples:
>  $ ip -6 route add 2001:db8::1 encap seg6local action End.DT4 vrftable 100 dev eth0
>  $ ip -6 route add 2001:db8::2 encap seg6local action End.DT6 vrftable 200 dev eth0
> 
> Standard Output:
>  $ ip -6 route show 2001:db8::1
>  2001:db8::1  encap seg6local action End.DT4 vrftable 100 dev eth0 metric 1024 pref medium
> 
> JSON Output:
> $ ip -6 -j -p route show 2001:db8::2
> [ {
>         "dst": "2001:db8::2",
>         "encap": "seg6local",
>         "action": "End.DT6",
>         "vrftable": 200,
>         "dev": "eth0",
>         "metric": 1024,
>         "flags": [ ],
>         "pref": "medium"
> } ]
> 
> v2:
>  - no changes made: resubmit after pulling out this patch from the kernel
>    patchset.
> 
> v1:
>  - mixing this patch with the kernel patchset confused patckwork.
> 
> Signed-off-by: Paolo Lungaroni <paolo.lungaroni@...t.it>
> Signed-off-by: Andrea Mayer <andrea.mayer@...roma2.it>
> ---
>  include/uapi/linux/seg6_local.h |  1 +
>  ip/iproute_lwtunnel.c           | 19 ++++++++++++++++---
>  2 files changed, 17 insertions(+), 3 deletions(-)
> 

applied to iproute2-next. Thanks,

Powered by blists - more mailing lists