lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230323060451.24280-1-vladimir@nikishkin.pw>
Date:   Thu, 23 Mar 2023 14:04:51 +0800
From:   Vladimir Nikishkin <vladimir@...ishkin.pw>
To:     netdev@...r.kernel.org
Cc:     davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
        pabeni@...hat.com, eng.alaamohamedsoliman.am@...il.com,
        gnault@...hat.com, razor@...ckwall.org, idosch@...dia.com,
        liuhangbin@...il.com, eyal.birger@...il.com, jtoppins@...hat.com,
        Vladimir Nikishkin <vladimir@...ishkin.pw>
Subject: [PATCH iproute2-next v1 1/1 v1] ip-link: add support for nolocalbypass in vxlan

Add userspace support for the nolocalbypass vxlan netlink
attribute. With nolocalbypass, if an entry is pointing to the
local machine, but the system driver is not listening on this
port, the driver will not drop packets, but will forward them
to the userspace network stack instead.

This commit has a corresponding patch in the net-next list.

Signed-off-by: Vladimir Nikishkin <vladimir@...ishkin.pw>
---
 include/uapi/linux/if_link.h |  1 +
 ip/iplink_vxlan.c            | 18 ++++++++++++++++++
 man/man8/ip-link.8.in        |  8 ++++++++
 3 files changed, 27 insertions(+)

diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index d61bd32d..fd390b40 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -824,6 +824,7 @@ enum {
 	IFLA_VXLAN_TTL_INHERIT,
 	IFLA_VXLAN_DF,
 	IFLA_VXLAN_VNIFILTER, /* only applicable with COLLECT_METADATA mode */
+	IFLA_VXLAN_LOCALBYPASS,
 	__IFLA_VXLAN_MAX
 };
 #define IFLA_VXLAN_MAX	(__IFLA_VXLAN_MAX - 1)
diff --git a/ip/iplink_vxlan.c b/ip/iplink_vxlan.c
index c7e0e1c4..17fa5cf7 100644
--- a/ip/iplink_vxlan.c
+++ b/ip/iplink_vxlan.c
@@ -276,6 +276,12 @@ static int vxlan_parse_opt(struct link_util *lu, int argc, char **argv,
 		} else if (!matches(*argv, "noudpcsum")) {
 			check_duparg(&attrs, IFLA_VXLAN_UDP_CSUM, *argv, *argv);
 			addattr8(n, 1024, IFLA_VXLAN_UDP_CSUM, 0);
+		} else if (!matches(*argv, "localbypass")) {
+			check_duparg(&attrs, IFLA_VXLAN_LOCALBYPASS, *argv, *argv);
+			addattr8(n, 1024, IFLA_VXLAN_LOCALBYPASS, 1);
+		} else if (!matches(*argv, "nolocalbypass")) {
+			check_duparg(&attrs, IFLA_VXLAN_LOCALBYPASS, *argv, *argv);
+			addattr8(n, 1024, IFLA_VXLAN_LOCALBYPASS, 0);
 		} else if (!matches(*argv, "udp6zerocsumtx")) {
 			check_duparg(&attrs, IFLA_VXLAN_UDP_ZERO_CSUM6_TX,
 				     *argv, *argv);
@@ -613,6 +619,18 @@ static void vxlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
 		}
 	}
 
+	if (tb[IFLA_VXLAN_LOCALBYPASS]) {
+		__u8 localbypass = rta_getattr_u8(tb[IFLA_VXLAN_LOCALBYPASS]);
+
+		if (is_json_context()) {
+			print_bool(PRINT_ANY, "localbypass", NULL, localbypass);
+		} else {
+			if (!localbypass)
+				fputs("no", f);
+			fputs("localbypass ", f);
+		}
+	}
+
 	if (tb[IFLA_VXLAN_UDP_ZERO_CSUM6_TX]) {
 		__u8 csum6 = rta_getattr_u8(tb[IFLA_VXLAN_UDP_ZERO_CSUM6_TX]);
 
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index c8c65657..c78dc9dd 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -623,6 +623,8 @@ the following additional arguments are supported:
 ] [
 .RB [ no ] udpcsum
 ] [
+.RB [ no ] localbypass
+] [
 .RB [ no ] udp6zerocsumtx
 ] [
 .RB [ no ] udp6zerocsumrx
@@ -727,6 +729,12 @@ are entered into the VXLAN device forwarding database.
 .RB [ no ] udpcsum
 - specifies if UDP checksum is calculated for transmitted packets over IPv4.
 
+.sp
+.RB [ no ] localbypass
+- if fdb destination is local, but there is no corresponding vni, forward packets
+to the userspace network stack. Supposedly, there may be a userspace process
+listening for these packets.
+
 .sp
 .RB [ no ] udp6zerocsumtx
 - skip UDP checksum calculation for transmitted packets over IPv6.
-- 
2.35.7

--
Fastmail.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ