lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 15 Feb 2023 23:07:48 -0700
From:   David Ahern <dsahern@...nel.org>
To:     Andrea Mayer <andrea.mayer@...roma2.it>,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>, Shuah Khan <shuah@...nel.org>,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        linux-kselftest@...r.kernel.org
Cc:     Stefano Salsano <stefano.salsano@...roma2.it>,
        Paolo Lungaroni <paolo.lungaroni@...roma2.it>,
        Ahmed Abdelsalam <ahabdels.dev@...il.com>
Subject: Re: [net-next 2/3] seg6: add PSP flavor support for SRv6 End behavior

On 2/15/23 6:46 AM, Andrea Mayer wrote:
> The "flavors" framework defined in RFC8986 [1] represents additional
> operations that can modify or extend a subset of existing behaviors such as
> SRv6 End, End.X and End.T. We report these flavors hereafter:
>  - Penultimate Segment Pop (PSP);
>  - Ultimate Segment Pop (USP);
>  - Ultimate Segment Decapsulation (USD).
> 
> Depending on how the Segment Routing Header (SRH) has to be handled, an
> SRv6 End* behavior can support these flavors either individually or in
> combinations.
> In this patch, we only consider the PSP flavor for the SRv6 End behavior.
> 
> A PSP enabled SRv6 End behavior is used by the Source/Ingress SR node
> (i.e., the one applying the SRv6 Policy) when it needs to instruct the
> penultimate SR Endpoint node listed in the SID List (carried by the SRH) to
> remove the SRH from the IPv6 header.
> 
> Specifically, a PSP enabled SRv6 End behavior processes the SRH by:
>    i) decreasing the Segment Left (SL) from 1 to 0;
>   ii) copying the Last Segment IDentifier (SID) into the IPv6 Destination
>       Address (DA);
>  iii) removing (i.e., popping) the outer SRH from the extension headers
>       following the IPv6 header.
> 
> It is important to note that PSP operation (steps i, ii, iii) takes place
> only at a penultimate SR Segment Endpoint node (i.e., when the SL=1) and
> does not happen at non-penultimate Endpoint nodes. Indeed, when a SID of
> PSP flavor is processed at a non-penultimate SR Segment Endpoint node, the
> PSP operation is not performed because it would not be possible to decrease
> the SL from 1 to 0.
> 
>                                                  SL=2 SL=1 SL=0
>                                                    |    |    |
> For example, given the SRv6 policy (SID List := <  X,   Y,   Z  >):
>  - a PSP enabled SRv6 End behavior bound to SID "Y" will apply the PSP
>    operation as Segment Left (SL) is 1, corresponding to the Penultimate
>    Segment of the SID List;
>  - a PSP enabled SRv6 End behavior bound to SID "X" will *NOT* apply the
>    PSP operation as the Segment Left is 2. This behavior instance will
>    apply the "standard" End packet processing, ignoring the configured PSP
>    flavor at all.
> 
> [1] - RFC8986: https://datatracker.ietf.org/doc/html/rfc8986
> 
> Signed-off-by: Andrea Mayer <andrea.mayer@...roma2.it>
> ---
>  net/ipv6/seg6_local.c | 336 +++++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 333 insertions(+), 3 deletions(-)
> 

Reviewed-by: David Ahern <dsahern@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ