| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2975663a-4cf9-b7cd-7509-9f48f815a56e@kernel.org>
Date: Wed, 15 Feb 2023 23:07:48 -0700
From: David Ahern <dsahern@...nel.org>
To: Andrea Mayer <andrea.mayer@...roma2.it>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, Shuah Khan <shuah@...nel.org>,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
linux-kselftest@...r.kernel.org
Cc: Stefano Salsano <stefano.salsano@...roma2.it>,
Paolo Lungaroni <paolo.lungaroni@...roma2.it>,
Ahmed Abdelsalam <ahabdels.dev@...il.com>
Subject: Re: [net-next 2/3] seg6: add PSP flavor support for SRv6 End behavior
On 2/15/23 6:46 AM, Andrea Mayer wrote:
> The "flavors" framework defined in RFC8986 [1] represents additional
> operations that can modify or extend a subset of existing behaviors such as
> SRv6 End, End.X and End.T. We report these flavors hereafter:
> - Penultimate Segment Pop (PSP);
> - Ultimate Segment Pop (USP);
> - Ultimate Segment Decapsulation (USD).
>
> Depending on how the Segment Routing Header (SRH) has to be handled, an
> SRv6 End* behavior can support these flavors either individually or in
> combinations.
> In this patch, we only consider the PSP flavor for the SRv6 End behavior.
>
> A PSP enabled SRv6 End behavior is used by the Source/Ingress SR node
> (i.e., the one applying the SRv6 Policy) when it needs to instruct the
> penultimate SR Endpoint node listed in the SID List (carried by the SRH) to
> remove the SRH from the IPv6 header.
>
> Specifically, a PSP enabled SRv6 End behavior processes the SRH by:
> i) decreasing the Segment Left (SL) from 1 to 0;
> ii) copying the Last Segment IDentifier (SID) into the IPv6 Destination
> Address (DA);
> iii) removing (i.e., popping) the outer SRH from the extension headers
> following the IPv6 header.
>
> It is important to note that PSP operation (steps i, ii, iii) takes place
> only at a penultimate SR Segment Endpoint node (i.e., when the SL=1) and
> does not happen at non-penultimate Endpoint nodes. Indeed, when a SID of
> PSP flavor is processed at a non-penultimate SR Segment Endpoint node, the
> PSP operation is not performed because it would not be possible to decrease
> the SL from 1 to 0.
>
> SL=2 SL=1 SL=0
> | | |
> For example, given the SRv6 policy (SID List := < X, Y, Z >):
> - a PSP enabled SRv6 End behavior bound to SID "Y" will apply the PSP
> operation as Segment Left (SL) is 1, corresponding to the Penultimate
> Segment of the SID List;
> - a PSP enabled SRv6 End behavior bound to SID "X" will *NOT* apply the
> PSP operation as the Segment Left is 2. This behavior instance will
> apply the "standard" End packet processing, ignoring the configured PSP
> flavor at all.
>
> [1] - RFC8986: https://datatracker.ietf.org/doc/html/rfc8986
>
> Signed-off-by: Andrea Mayer <andrea.mayer@...roma2.it>
> ---
> net/ipv6/seg6_local.c | 336 +++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 333 insertions(+), 3 deletions(-)
>
Reviewed-by: David Ahern <dsahern@...nel.org>
Powered by blists - more mailing lists