lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 31 Mar 2023 18:49:03 +0200
From:   Davide Caratti <dcaratti@...hat.com>
To:     Jamal Hadi Salim <jhs@...atatu.com>,
        Cong Wang <xiyou.wangcong@...il.com>,
        Jiri Pirko <jiri@...nulli.us>,
        Ilya Maximets <i.maximets@....org>
Cc:     David Ahern <dsahern@...nel.org>, netdev@...r.kernel.org,
        Pedro Tammela <pctammela@...atatu.com>
Subject: [PATCH iproute2-next] tc: m_tunnel_key: support code for "nofrag" tunnels

add control plane for setting TCA_TUNNEL_KEY_NO_FRAG flag on
act_tunnel_key actions.

Signed-off-by: Davide Caratti <dcaratti@...hat.com>
---
 include/uapi/linux/tc_act/tc_tunnel_key.h |  1 +
 man/man8/tc-tunnel_key.8                  |  3 ++
 tc/m_tunnel_key.c                         | 48 +++++++++++++++++------
 3 files changed, 41 insertions(+), 11 deletions(-)

diff --git a/include/uapi/linux/tc_act/tc_tunnel_key.h b/include/uapi/linux/tc_act/tc_tunnel_key.h
index 49ad4033951b..37c6f612f161 100644
--- a/include/uapi/linux/tc_act/tc_tunnel_key.h
+++ b/include/uapi/linux/tc_act/tc_tunnel_key.h
@@ -34,6 +34,7 @@ enum {
 					 */
 	TCA_TUNNEL_KEY_ENC_TOS,		/* u8 */
 	TCA_TUNNEL_KEY_ENC_TTL,		/* u8 */
+	TCA_TUNNEL_KEY_NO_FRAG,		/* flag */
 	__TCA_TUNNEL_KEY_MAX,
 };
 
diff --git a/man/man8/tc-tunnel_key.8 b/man/man8/tc-tunnel_key.8
index f639f4333540..b987cd0d95a1 100644
--- a/man/man8/tc-tunnel_key.8
+++ b/man/man8/tc-tunnel_key.8
@@ -131,6 +131,9 @@ If using
 .B nocsum
 with IPv6, be sure you know what you are doing. Zero UDP checksums provide
 weaker protection against corrupted packets. See RFC6935 for details.
+.TP
+.B nofrag
+disallow IP fragmentation.
 .RE
 .SH EXAMPLES
 The following example encapsulates incoming ICMP packets on eth0 into a vxlan
diff --git a/tc/m_tunnel_key.c b/tc/m_tunnel_key.c
index 1b4c8bd640eb..b00fe1d73c08 100644
--- a/tc/m_tunnel_key.c
+++ b/tc/m_tunnel_key.c
@@ -26,7 +26,8 @@ static void explain(void)
 		"dst_ip <IP> (mandatory)\n"
 		"dst_port <UDP_PORT>\n"
 		"geneve_opts | vxlan_opts | erspan_opts <OPTIONS>\n"
-		"csum | nocsum (default is \"csum\")\n");
+		"csum | nocsum (default is \"csum\")\n"
+		"nofrag\n");
 }
 
 static void usage(void)
@@ -321,7 +322,7 @@ static int parse_tunnel_key(struct action_util *a, int *argc_p, char ***argv_p,
 	int ret;
 	int has_src_ip = 0;
 	int has_dst_ip = 0;
-	int csum = 1;
+	int csum = 1, nofrag = 0;
 
 	if (matches(*argv, "tunnel_key") != 0)
 		return -1;
@@ -425,6 +426,8 @@ static int parse_tunnel_key(struct action_util *a, int *argc_p, char ***argv_p,
 			csum = 1;
 		} else if (matches(*argv, "nocsum") == 0) {
 			csum = 0;
+		} else if (matches(*argv, "nofrag") == 0) {
+			nofrag = 1;
 		} else if (matches(*argv, "help") == 0) {
 			usage();
 		} else {
@@ -435,6 +438,9 @@ static int parse_tunnel_key(struct action_util *a, int *argc_p, char ***argv_p,
 
 	addattr8(n, MAX_MSG, TCA_TUNNEL_KEY_NO_CSUM, !csum);
 
+	if (nofrag)
+		addattr(n, MAX_MSG, TCA_TUNNEL_KEY_NO_FRAG);
+
 	parse_action_control_dflt(&argc, &argv, &parm.action,
 				  false, TC_ACT_PIPE);
 
@@ -513,15 +519,36 @@ static void tunnel_key_print_dst_port(FILE *f, char *name,
 		   rta_getattr_be16(attr));
 }
 
-static void tunnel_key_print_flag(FILE *f, const char *name_on,
-				  const char *name_off,
-				  struct rtattr *attr)
+static const struct {
+	const char *name;
+	unsigned int nl_flag;
+} tunnel_key_flag_names[] = {
+	{ "",	    TCA_TUNNEL_KEY_NO_CSUM }, /* special handling, not bool */
+	{ "nofrag", TCA_TUNNEL_KEY_NO_FRAG },
+};
+
+static void tunnel_key_print_flags(struct rtattr *tb[])
 {
-	if (!attr)
-		return;
+	unsigned int i, nl_flag;
+
 	print_nl();
-	print_string(PRINT_ANY, "flag", "\t%s",
-		     rta_getattr_u8(attr) ? name_on : name_off);
+	for (i = 0; i < ARRAY_SIZE(tunnel_key_flag_names); i++) {
+		nl_flag = tunnel_key_flag_names[i].nl_flag;
+		if (nl_flag == TCA_TUNNEL_KEY_NO_CSUM) {
+			/* special handling to preserve csum/nocsum design */
+			if (!tb[nl_flag])
+				continue;
+			print_string(PRINT_ANY, "flag", "\t%s",
+				     rta_getattr_u8(tb[nl_flag]) ?
+					"nocsum" : "csum" );
+		} else {
+			if (tb[nl_flag])
+				print_string(PRINT_FP, NULL, "\t%s",
+					     tunnel_key_flag_names[i].name);
+			print_bool(PRINT_JSON, tunnel_key_flag_names[i].name,
+				   NULL, !!tb[nl_flag]);
+		}
+	}
 }
 
 static void tunnel_key_print_geneve_options(struct rtattr *attr)
@@ -697,8 +724,7 @@ static int print_tunnel_key(struct action_util *au, FILE *f, struct rtattr *arg)
 		tunnel_key_print_dst_port(f, "dst_port",
 					  tb[TCA_TUNNEL_KEY_ENC_DST_PORT]);
 		tunnel_key_print_key_opt(tb[TCA_TUNNEL_KEY_ENC_OPTS]);
-		tunnel_key_print_flag(f, "nocsum", "csum",
-				      tb[TCA_TUNNEL_KEY_NO_CSUM]);
+		tunnel_key_print_flags(tb);
 		tunnel_key_print_tos_ttl(f, "tos",
 					  tb[TCA_TUNNEL_KEY_ENC_TOS]);
 		tunnel_key_print_tos_ttl(f, "ttl",
-- 
2.39.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ