| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 4 Jun 2023 22:00:51 +0800
From: Vladimir Nikishkin <vladimir@...ishkin.pw>
To: netdev@...r.kernel.org
Cc: davem@...emloft.net,
edumazet@...gle.com,
kuba@...nel.org,
pabeni@...hat.com,
eng.alaamohamedsoliman.am@...il.com,
gnault@...hat.com,
razor@...ckwall.org,
idosch@...dia.com,
liuhangbin@...il.com,
eyal.birger@...il.com,
jtoppins@...hat.com,
Vladimir Nikishkin <vladimir@...ishkin.pw>
Subject: [PATCH iproute2-next v7] ip-link: add support for nolocalbypass in vxlan
Add userspace support for the [no]localbypass vxlan netlink
attribute. With localbypass on (default), the vxlan driver processes
the packets destined to the local machine by itself, bypassing the
userspace nework stack. With nolocalbypass the packets are always
forwarded to the userspace network stack, so userspace programs,
such as tcpdump have a chance to process them.
Signed-off-by: Vladimir Nikishkin <vladimir@...ishkin.pw>
---
v6=>v7:
Use the new vxlan_opts data structure. Rely on the printing loop
in vxlan_print_opt when printing the value of [no] localbypass.
ip/iplink_vxlan.c | 10 ++++++++++
man/man8/ip-link.8.in | 10 ++++++++++
2 files changed, 20 insertions(+)
diff --git a/ip/iplink_vxlan.c b/ip/iplink_vxlan.c
index 3053cdb8..70f38a86 100644
--- a/ip/iplink_vxlan.c
+++ b/ip/iplink_vxlan.c
@@ -36,6 +36,7 @@ static const struct vxlan_bool_opt {
{ "udp_zero_csum6_rx", IFLA_VXLAN_UDP_ZERO_CSUM6_RX, false },
{ "remcsum_tx", IFLA_VXLAN_REMCSUM_TX, false },
{ "remcsum_rx", IFLA_VXLAN_REMCSUM_RX, false },
+ { "localbypass", IFLA_VXLAN_LOCALBYPASS, true },
};
static void print_explain(FILE *f)
@@ -62,6 +63,7 @@ static void print_explain(FILE *f)
" [ [no]udp6zerocsumtx ]\n"
" [ [no]udp6zerocsumrx ]\n"
" [ [no]remcsumtx ] [ [no]remcsumrx ]\n"
+ " [ [no]localbypass ]\n"
" [ [no]external ] [ gbp ] [ gpe ]\n"
" [ [no]vnifilter ]\n"
"\n"
@@ -327,6 +329,14 @@ static int vxlan_parse_opt(struct link_util *lu, int argc, char **argv,
check_duparg(&attrs, IFLA_VXLAN_REMCSUM_RX,
*argv, *argv);
addattr8(n, 1024, IFLA_VXLAN_REMCSUM_RX, 0);
+ } else if (strcmp(*argv, "localbypass") == 0) {
+ check_duparg(&attrs, IFLA_VXLAN_LOCALBYPASS,
+ *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_LOCALBYPASS, 1);
+ } else if (strcmp(*argv, "nolocalbypass") == 0) {
+ check_duparg(&attrs, IFLA_VXLAN_LOCALBYPASS,
+ *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_LOCALBYPASS, 0);
} else if (!matches(*argv, "external")) {
check_duparg(&attrs, IFLA_VXLAN_COLLECT_METADATA,
*argv, *argv);
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index bf3605a9..6a82ddc4 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -634,6 +634,8 @@ the following additional arguments are supported:
] [
.RB [ no ] udp6zerocsumrx
] [
+.RB [ no ] localbypass
+] [
.BI ageing " SECONDS "
] [
.BI maxaddress " NUMBER "
@@ -742,6 +744,14 @@ are entered into the VXLAN device forwarding database.
.RB [ no ] udp6zerocsumrx
- allow incoming UDP packets over IPv6 with zero checksum field.
+.sp
+.RB [ no ] localbypass
+- if FDB destination is local, with nolocalbypass set, forward encapsulated
+packets to the userspace network stack. If there is a userspace process
+listening for these packets, it will have a chance to process them. If
+localbypass is active (default), bypass the kernel network stack and
+inject the packets into the target VXLAN device, assuming one exists.
+
.sp
.BI ageing " SECONDS"
- specifies the lifetime in seconds of FDB entries learnt by the kernel.
--
2.35.8
--
Fastmail.
Powered by blists - more mailing lists