| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241216171201.274644-1-idosch@nvidia.com> Date: Mon, 16 Dec 2024 19:11:52 +0200 From: Ido Schimmel <idosch@...dia.com> To: <netdev@...r.kernel.org> CC: <davem@...emloft.net>, <kuba@...nel.org>, <pabeni@...hat.com>, <edumazet@...gle.com>, <dsahern@...nel.org>, <donald.hunter@...il.com>, <horms@...nel.org>, <gnault@...hat.com>, <rostedt@...dmis.org>, <mhiramat@...nel.org>, <mathieu.desnoyers@...icios.com>, <petrm@...dia.com>, Ido Schimmel <idosch@...dia.com> Subject: [PATCH net-next 0/9] net: fib_rules: Add flow label selector support In some deployments users would like to encode path information into certain bits of the IPv6 flow label, the UDP source port and the DSCP and use this information to route packets accordingly. Redirecting traffic to a routing table based on the flow label is not currently possible with Linux as FIB rules cannot match on it despite the flow label being available in the IPv6 flow key. This patchset extends FIB rules to match on the flow label with a mask. Future patches will add mask attributes to L4 ports and DSCP matches. Patches #1-#5 gradually extend FIB rules to match on the flow label. Patches #6-#7 allow user space to specify a flow label in route get requests. This is useful for both debugging and testing. Patch #8 adjusts the fib6_table_lookup tracepoint to print the flow label to the trace buffer for better observability. Patch #9 extends the FIB rule selftest with flow label test cases while utilizing the route get functionality from patch #6. Ido Schimmel (9): net: fib_rules: Add flow label selector attributes ipv4: fib_rules: Reject flow label attributes ipv6: fib_rules: Add flow label support net: fib_rules: Enable flow label selector usage netlink: specs: Add FIB rule flow label attributes ipv6: Add flow label to route get requests netlink: specs: Add route flow label attribute tracing: ipv6: Add flow label to fib6_table_lookup tracepoint selftests: fib_rule_tests: Add flow label selector match tests Documentation/netlink/specs/rt_route.yaml | 7 +++ Documentation/netlink/specs/rt_rule.yaml | 12 ++++ include/trace/events/fib6.h | 8 ++- include/uapi/linux/fib_rules.h | 2 + include/uapi/linux/rtnetlink.h | 1 + net/core/fib_rules.c | 2 + net/ipv4/fib_rules.c | 6 ++ net/ipv6/fib6_rules.c | 57 ++++++++++++++++++- net/ipv6/route.c | 20 ++++++- tools/testing/selftests/net/fib_rule_tests.sh | 31 ++++++++++ 10 files changed, 140 insertions(+), 6 deletions(-) -- 2.47.1
Powered by blists - more mailing lists