lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250217134109.311176-1-idosch@nvidia.com>
Date: Mon, 17 Feb 2025 15:41:01 +0200
From: Ido Schimmel <idosch@...dia.com>
To: <netdev@...r.kernel.org>
CC: <davem@...emloft.net>, <kuba@...nel.org>, <pabeni@...hat.com>,
	<edumazet@...gle.com>, <horms@...nel.org>, <donald.hunter@...il.com>,
	<dsahern@...nel.org>, <petrm@...dia.com>, <gnault@...hat.com>, Ido Schimmel
	<idosch@...dia.com>
Subject: [PATCH net-next 0/8] net: fib_rules: Add port mask support

In some deployments users would like to encode path information into
certain bits of the IPv6 flow label, the UDP source port and the DSCP
field and use this information to route packets accordingly.

Redirecting traffic to a routing table based on specific bits in the UDP
source port is not currently possible. Only exact match and range are
currently supported by FIB rules.

This patchset extends FIB rules to match on layer 4 ports with an
optional mask. The mask is not supported when matching on a range. A
future patchset will add support for matching on the DSCP field with an
optional mask.

Patches #1-#6 gradually extend FIB rules to match on layer 4 ports with
an optional mask.

Patches #7-#8 add test cases for FIB rule port matching.

iproute2 support can be found here [1].

[1] https://github.com/idosch/iproute2/tree/submit/fib_rule_mask_v1

Ido Schimmel (8):
  net: fib_rules: Add port mask attributes
  net: fib_rules: Add port mask support
  ipv4: fib_rules: Add port mask matching
  ipv6: fib_rules: Add port mask matching
  net: fib_rules: Enable port mask usage
  netlink: specs: Add FIB rule port mask attributes
  selftests: fib_rule_tests: Add port range match tests
  selftests: fib_rule_tests: Add port mask match tests

 Documentation/netlink/specs/rt_rule.yaml      | 10 +++
 include/net/fib_rules.h                       | 19 +++++
 include/uapi/linux/fib_rules.h                |  2 +
 net/core/fib_rules.c                          | 69 ++++++++++++++++++-
 net/ipv4/fib_rules.c                          |  8 +--
 net/ipv6/fib6_rules.c                         |  8 +--
 tools/testing/selftests/net/fib_rule_tests.sh | 36 ++++++++++
 7 files changed, 143 insertions(+), 9 deletions(-)

-- 
2.48.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ