| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Jan 2021 15:23:01 +0200
From: Ido Schimmel <idosch@...sch.org>
To: netdev@...r.kernel.org
Cc: davem@...emloft.net, kuba@...nel.org, dsahern@...il.com,
amcohen@...dia.com, roopa@...dia.com, sharpd@...dia.com,
bpoirier@...dia.com, mlxsw@...dia.com,
Ido Schimmel <idosch@...dia.com>
Subject: [PATCH net-next 00/10] Add notifications when route hardware flags change
From: Ido Schimmel <idosch@...dia.com>
Routes installed to the kernel can be programmed to capable devices, in
which case they are marked with one of two flags. RTM_F_OFFLOAD for
routes that offload traffic from the kernel and RTM_F_TRAP for routes
that trap packets to the kernel for processing (e.g., host routes).
These flags are of interest to routing daemons since they would like to
delay advertisement of routes until they are installed in hardware. This
allows them to avoid packet loss or misrouted packets. Currently,
routing daemons do not receive any notifications when these flags are
changed, requiring them to poll the kernel tables for changes which is
inefficient.
This series addresses the issue by having the kernel emit RTM_NEWROUTE
notifications whenever these flags change. The behavior is controlled by
two sysctls (net.ipv4.fib_notify_on_flag_change and
net.ipv6.fib_notify_on_flag_change) that default to 0 (no
notifications).
Note that even if route installation in hardware is improved to be more
synchronous, these notifications are still of interest. For example, a
multipath route can change from RTM_F_OFFLOAD to RTM_F_TRAP if its
neighbours become invalid. A routing daemon can choose to withdraw /
replace the route in that case. In addition, the deletion of a route
from the kernel can prompt the installation of an identical route
(already in kernel, with an higher metric) to hardware.
For testing purposes, netdevsim is aligned to simulate a "real" driver
that programs routes to hardware.
Series overview:
Patches #1-#2 align netdevsim to perform route programming in a
non-atomic context
Patches #3-#5 add sysctl to control IPv4 notifications
Patches #6-#8 add sysctl to control IPv6 notifications
Patch #9 extends existing fib tests to set sysctls before running tests
Patch #10 adds test for fib notifications over netdevsim
Amit Cohen (10):
netdevsim: fib: Convert the current occupancy to an atomic variable
netdevsim: fib: Perform the route programming in a non-atomic context
net: ipv4: Pass fib_rt_info as const to fib_dump_info()
net: ipv4: Publish fib_nlmsg_size()
net: ipv4: Emit notification when fib hardware flags are changed
net: Pass 'net' struct as first argument to fib6_info_hw_flags_set()
net: Do not call fib6_info_hw_flags_set() when IPv6 is disabled
net: ipv6: Emit notification when fib hardware flags are changed
selftests: Extend fib tests to run with and without flags
notifications
selftests: netdevsim: Add fib_notifications test
Documentation/networking/ip-sysctl.rst | 40 ++
.../ethernet/mellanox/mlxsw/spectrum_router.c | 23 +-
drivers/net/netdevsim/fib.c | 535 ++++++++++++------
include/net/ip6_fib.h | 9 +-
include/net/netns/ipv4.h | 2 +
include/net/netns/ipv6.h | 1 +
net/ipv4/af_inet.c | 2 +
net/ipv4/fib_lookup.h | 3 +-
net/ipv4/fib_semantics.c | 4 +-
net/ipv4/fib_trie.c | 27 +
net/ipv4/sysctl_net_ipv4.c | 9 +
net/ipv6/af_inet6.c | 1 +
net/ipv6/route.c | 44 ++
net/ipv6/sysctl_net_ipv6.c | 9 +
.../selftests/drivers/net/mlxsw/fib.sh | 14 +
.../selftests/drivers/net/netdevsim/fib.sh | 14 +
.../net/netdevsim/fib_notifications.sh | 300 ++++++++++
17 files changed, 855 insertions(+), 182 deletions(-)
create mode 100755 tools/testing/selftests/drivers/net/netdevsim/fib_notifications.sh
--
2.29.2
Powered by blists - more mailing lists