| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230323060451.24280-1-vladimir@nikishkin.pw>
Date: Thu, 23 Mar 2023 14:04:51 +0800
From: Vladimir Nikishkin <vladimir@...ishkin.pw>
To: netdev@...r.kernel.org
Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com, eng.alaamohamedsoliman.am@...il.com,
gnault@...hat.com, razor@...ckwall.org, idosch@...dia.com,
liuhangbin@...il.com, eyal.birger@...il.com, jtoppins@...hat.com,
Vladimir Nikishkin <vladimir@...ishkin.pw>
Subject: [PATCH iproute2-next v1 1/1 v1] ip-link: add support for nolocalbypass in vxlan
Add userspace support for the nolocalbypass vxlan netlink
attribute. With nolocalbypass, if an entry is pointing to the
local machine, but the system driver is not listening on this
port, the driver will not drop packets, but will forward them
to the userspace network stack instead.
This commit has a corresponding patch in the net-next list.
Signed-off-by: Vladimir Nikishkin <vladimir@...ishkin.pw>
---
include/uapi/linux/if_link.h | 1 +
ip/iplink_vxlan.c | 18 ++++++++++++++++++
man/man8/ip-link.8.in | 8 ++++++++
3 files changed, 27 insertions(+)
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index d61bd32d..fd390b40 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -824,6 +824,7 @@ enum {
IFLA_VXLAN_TTL_INHERIT,
IFLA_VXLAN_DF,
IFLA_VXLAN_VNIFILTER, /* only applicable with COLLECT_METADATA mode */
+ IFLA_VXLAN_LOCALBYPASS,
__IFLA_VXLAN_MAX
};
#define IFLA_VXLAN_MAX (__IFLA_VXLAN_MAX - 1)
diff --git a/ip/iplink_vxlan.c b/ip/iplink_vxlan.c
index c7e0e1c4..17fa5cf7 100644
--- a/ip/iplink_vxlan.c
+++ b/ip/iplink_vxlan.c
@@ -276,6 +276,12 @@ static int vxlan_parse_opt(struct link_util *lu, int argc, char **argv,
} else if (!matches(*argv, "noudpcsum")) {
check_duparg(&attrs, IFLA_VXLAN_UDP_CSUM, *argv, *argv);
addattr8(n, 1024, IFLA_VXLAN_UDP_CSUM, 0);
+ } else if (!matches(*argv, "localbypass")) {
+ check_duparg(&attrs, IFLA_VXLAN_LOCALBYPASS, *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_LOCALBYPASS, 1);
+ } else if (!matches(*argv, "nolocalbypass")) {
+ check_duparg(&attrs, IFLA_VXLAN_LOCALBYPASS, *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_LOCALBYPASS, 0);
} else if (!matches(*argv, "udp6zerocsumtx")) {
check_duparg(&attrs, IFLA_VXLAN_UDP_ZERO_CSUM6_TX,
*argv, *argv);
@@ -613,6 +619,18 @@ static void vxlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
}
}
+ if (tb[IFLA_VXLAN_LOCALBYPASS]) {
+ __u8 localbypass = rta_getattr_u8(tb[IFLA_VXLAN_LOCALBYPASS]);
+
+ if (is_json_context()) {
+ print_bool(PRINT_ANY, "localbypass", NULL, localbypass);
+ } else {
+ if (!localbypass)
+ fputs("no", f);
+ fputs("localbypass ", f);
+ }
+ }
+
if (tb[IFLA_VXLAN_UDP_ZERO_CSUM6_TX]) {
__u8 csum6 = rta_getattr_u8(tb[IFLA_VXLAN_UDP_ZERO_CSUM6_TX]);
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index c8c65657..c78dc9dd 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -623,6 +623,8 @@ the following additional arguments are supported:
] [
.RB [ no ] udpcsum
] [
+.RB [ no ] localbypass
+] [
.RB [ no ] udp6zerocsumtx
] [
.RB [ no ] udp6zerocsumrx
@@ -727,6 +729,12 @@ are entered into the VXLAN device forwarding database.
.RB [ no ] udpcsum
- specifies if UDP checksum is calculated for transmitted packets over IPv4.
+.sp
+.RB [ no ] localbypass
+- if fdb destination is local, but there is no corresponding vni, forward packets
+to the userspace network stack. Supposedly, there may be a userspace process
+listening for these packets.
+
.sp
.RB [ no ] udp6zerocsumtx
- skip UDP checksum calculation for transmitted packets over IPv6.
--
2.35.7
--
Fastmail.
Powered by blists - more mailing lists