Re: [ovs-dev] [PATCH net-next v5] net: openvswitch: IPv6: Add IPv6 extension header support
On Tue, Sep 28, 2021 at 7:51 AM Nicolas Dichtel wrote: > > Le 27/09/2021 à 21:12, Cpp Code a écrit : > > To use this code there is a part of code in the userspace. We want to > > keep compatibility when we only update userspace part code or only > > kernel part code. This means we should have same values for constants > > and we can only add new ones at the end of list. > All attributes after OVS_KEY_ATTR_CT_STATE (ie 7 attributes) were added before > OVS_KEY_ATTR_TUNNEL_INFO. > Why is it not possible anymore? > > > Regards, > Nicolas > > > > > Best, > > Tom > > > > On Wed, Sep 22, 2021 at 11:02 PM Nicolas Dichtel > > wrote: > >> > >> Le 20/09/2021 à 20:20, Toms Atteka a écrit : > >>> This change adds a new OpenFlow field OFPXMT_OFB_IPV6_EXTHDR and > >>> packets can be filtered using ipv6_ext flag. > >>> > >>> Signed-off-by: Toms Atteka > >>> --- > >>> include/uapi/linux/openvswitch.h | 12 +++ > >>> net/openvswitch/flow.c | 140 +++ > >>> net/openvswitch/flow.h | 14 > >>> net/openvswitch/flow_netlink.c | 24 +- > >>> 4 files changed, 189 insertions(+), 1 deletion(-) > >>> > >>> diff --git a/include/uapi/linux/openvswitch.h > >>> b/include/uapi/linux/openvswitch.h > >>> index a87b44cd5590..dc6eb5f6399f 100644 > >>> --- a/include/uapi/linux/openvswitch.h > >>> +++ b/include/uapi/linux/openvswitch.h > >>> @@ -346,6 +346,13 @@ enum ovs_key_attr { > >>> #ifdef __KERNEL__ > >>> OVS_KEY_ATTR_TUNNEL_INFO, /* struct ip_tunnel_info */ > >>> #endif > >>> + > >>> +#ifndef __KERNEL__ > >>> + PADDING, /* Padding so kernel and non kernel field count would > >>> match */ > >>> +#endif > >>> + > >>> + OVS_KEY_ATTR_IPV6_EXTHDRS, /* struct ovs_key_ipv6_exthdr */ > >> Naive question, why not moving OVS_KEY_ATTR_IPV6_EXTHDRS above > >> OVS_KEY_ATTR_TUNNEL_INFO? > >> > >> > >> > >> Regards, > >> Nicolas These 3 commits does not support compatibility for scenarios when only kernel gets updated. I assume at that point this requirement wasn't required. Best, Tom ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH net-next v5] net: openvswitch: IPv6: Add IPv6 extension header support
Le 27/09/2021 à 21:12, Cpp Code a écrit : > To use this code there is a part of code in the userspace. We want to > keep compatibility when we only update userspace part code or only > kernel part code. This means we should have same values for constants > and we can only add new ones at the end of list. All attributes after OVS_KEY_ATTR_CT_STATE (ie 7 attributes) were added before OVS_KEY_ATTR_TUNNEL_INFO. Why is it not possible anymore? Regards, Nicolas > > Best, > Tom > > On Wed, Sep 22, 2021 at 11:02 PM Nicolas Dichtel > wrote: >> >> Le 20/09/2021 à 20:20, Toms Atteka a écrit : >>> This change adds a new OpenFlow field OFPXMT_OFB_IPV6_EXTHDR and >>> packets can be filtered using ipv6_ext flag. >>> >>> Signed-off-by: Toms Atteka >>> --- >>> include/uapi/linux/openvswitch.h | 12 +++ >>> net/openvswitch/flow.c | 140 +++ >>> net/openvswitch/flow.h | 14 >>> net/openvswitch/flow_netlink.c | 24 +- >>> 4 files changed, 189 insertions(+), 1 deletion(-) >>> >>> diff --git a/include/uapi/linux/openvswitch.h >>> b/include/uapi/linux/openvswitch.h >>> index a87b44cd5590..dc6eb5f6399f 100644 >>> --- a/include/uapi/linux/openvswitch.h >>> +++ b/include/uapi/linux/openvswitch.h >>> @@ -346,6 +346,13 @@ enum ovs_key_attr { >>> #ifdef __KERNEL__ >>> OVS_KEY_ATTR_TUNNEL_INFO, /* struct ip_tunnel_info */ >>> #endif >>> + >>> +#ifndef __KERNEL__ >>> + PADDING, /* Padding so kernel and non kernel field count would match >>> */ >>> +#endif >>> + >>> + OVS_KEY_ATTR_IPV6_EXTHDRS, /* struct ovs_key_ipv6_exthdr */ >> Naive question, why not moving OVS_KEY_ATTR_IPV6_EXTHDRS above >> OVS_KEY_ATTR_TUNNEL_INFO? >> >> >> >> Regards, >> Nicolas ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH net-next v5] net: openvswitch: IPv6: Add IPv6 extension header support
To use this code there is a part of code in the userspace. We want to keep compatibility when we only update userspace part code or only kernel part code. This means we should have same values for constants and we can only add new ones at the end of list. Best, Tom On Wed, Sep 22, 2021 at 11:02 PM Nicolas Dichtel wrote: > > Le 20/09/2021 à 20:20, Toms Atteka a écrit : > > This change adds a new OpenFlow field OFPXMT_OFB_IPV6_EXTHDR and > > packets can be filtered using ipv6_ext flag. > > > > Signed-off-by: Toms Atteka > > --- > > include/uapi/linux/openvswitch.h | 12 +++ > > net/openvswitch/flow.c | 140 +++ > > net/openvswitch/flow.h | 14 > > net/openvswitch/flow_netlink.c | 24 +- > > 4 files changed, 189 insertions(+), 1 deletion(-) > > > > diff --git a/include/uapi/linux/openvswitch.h > > b/include/uapi/linux/openvswitch.h > > index a87b44cd5590..dc6eb5f6399f 100644 > > --- a/include/uapi/linux/openvswitch.h > > +++ b/include/uapi/linux/openvswitch.h > > @@ -346,6 +346,13 @@ enum ovs_key_attr { > > #ifdef __KERNEL__ > > OVS_KEY_ATTR_TUNNEL_INFO, /* struct ip_tunnel_info */ > > #endif > > + > > +#ifndef __KERNEL__ > > + PADDING, /* Padding so kernel and non kernel field count would match > > */ > > +#endif > > + > > + OVS_KEY_ATTR_IPV6_EXTHDRS, /* struct ovs_key_ipv6_exthdr */ > Naive question, why not moving OVS_KEY_ATTR_IPV6_EXTHDRS above > OVS_KEY_ATTR_TUNNEL_INFO? > > > > Regards, > Nicolas ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH net-next v5] net: openvswitch: IPv6: Add IPv6 extension header support
Le 20/09/2021 à 20:20, Toms Atteka a écrit : > This change adds a new OpenFlow field OFPXMT_OFB_IPV6_EXTHDR and > packets can be filtered using ipv6_ext flag. > > Signed-off-by: Toms Atteka > --- > include/uapi/linux/openvswitch.h | 12 +++ > net/openvswitch/flow.c | 140 +++ > net/openvswitch/flow.h | 14 > net/openvswitch/flow_netlink.c | 24 +- > 4 files changed, 189 insertions(+), 1 deletion(-) > > diff --git a/include/uapi/linux/openvswitch.h > b/include/uapi/linux/openvswitch.h > index a87b44cd5590..dc6eb5f6399f 100644 > --- a/include/uapi/linux/openvswitch.h > +++ b/include/uapi/linux/openvswitch.h > @@ -346,6 +346,13 @@ enum ovs_key_attr { > #ifdef __KERNEL__ > OVS_KEY_ATTR_TUNNEL_INFO, /* struct ip_tunnel_info */ > #endif > + > +#ifndef __KERNEL__ > + PADDING, /* Padding so kernel and non kernel field count would match */ > +#endif > + > + OVS_KEY_ATTR_IPV6_EXTHDRS, /* struct ovs_key_ipv6_exthdr */ Naive question, why not moving OVS_KEY_ATTR_IPV6_EXTHDRS above OVS_KEY_ATTR_TUNNEL_INFO? Regards, Nicolas ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH net-next v5] net: openvswitch: IPv6: Add IPv6 extension header support
On Mon, 20 Sep 2021 11:20:38 -0700 Toms Atteka wrote: > This change adds a new OpenFlow field OFPXMT_OFB_IPV6_EXTHDR and > packets can be filtered using ipv6_ext flag. > > Signed-off-by: Toms Atteka Please make sure to check the files you touch with ./scripts/kernel-doc -none You're adding kdoc warnings by using the /** comments which are in fact not kdoc-formatted. Please fix and repost. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH net-next v5] net: openvswitch: IPv6: Add IPv6 extension header support
This change adds a new OpenFlow field OFPXMT_OFB_IPV6_EXTHDR and packets can be filtered using ipv6_ext flag. Signed-off-by: Toms Atteka --- include/uapi/linux/openvswitch.h | 12 +++ net/openvswitch/flow.c | 140 +++ net/openvswitch/flow.h | 14 net/openvswitch/flow_netlink.c | 24 +- 4 files changed, 189 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/openvswitch.h b/include/uapi/linux/openvswitch.h index a87b44cd5590..dc6eb5f6399f 100644 --- a/include/uapi/linux/openvswitch.h +++ b/include/uapi/linux/openvswitch.h @@ -346,6 +346,13 @@ enum ovs_key_attr { #ifdef __KERNEL__ OVS_KEY_ATTR_TUNNEL_INFO, /* struct ip_tunnel_info */ #endif + +#ifndef __KERNEL__ + PADDING, /* Padding so kernel and non kernel field count would match */ +#endif + + OVS_KEY_ATTR_IPV6_EXTHDRS, /* struct ovs_key_ipv6_exthdr */ + __OVS_KEY_ATTR_MAX }; @@ -421,6 +428,11 @@ struct ovs_key_ipv6 { __u8 ipv6_frag; /* One of OVS_FRAG_TYPE_*. */ }; +/* separate structure to support backward compatibility with older user space */ +struct ovs_key_ipv6_exthdrs { + __u16 hdrs; +}; + struct ovs_key_tcp { __be16 tcp_src; __be16 tcp_dst; diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c index 9d375e74b607..6c78169867fe 100644 --- a/net/openvswitch/flow.c +++ b/net/openvswitch/flow.c @@ -239,6 +239,144 @@ static bool icmphdr_ok(struct sk_buff *skb) sizeof(struct icmphdr)); } +/** + * Parses packet and sets IPv6 extension header flags. + * + * @skb: buffer where extension header data starts in packet + * @nh: ipv6 header + * @ext_hdrs: flags are stored here + * + * OFPIEH12_UNREP is set if more than one of a given IPv6 extension header + * is unexpectedly encountered. (Two destination options headers may be + * expected and would not cause this bit to be set.) + * + * OFPIEH12_UNSEQ is set if IPv6 extension headers were not in the order + * preferred (but not required) by RFC 2460: + * + * When more than one extension header is used in the same packet, it is + * recommended that those headers appear in the following order: + * IPv6 header + * Hop-by-Hop Options header + * Destination Options header + * Routing header + * Fragment header + * Authentication header + * Encapsulating Security Payload header + * Destination Options header + * upper-layer header + */ +static void get_ipv6_ext_hdrs(struct sk_buff *skb, struct ipv6hdr *nh, + u16 *ext_hdrs) +{ + u8 next_type = nh->nexthdr; + unsigned int start = skb_network_offset(skb) + sizeof(struct ipv6hdr); + int dest_options_header_count = 0; + + *ext_hdrs = 0; + + while (ipv6_ext_hdr(next_type)) { + struct ipv6_opt_hdr _hdr, *hp; + + switch (next_type) { + case IPPROTO_NONE: + *ext_hdrs |= OFPIEH12_NONEXT; + /* stop parsing */ + return; + + case IPPROTO_ESP: + if (*ext_hdrs & OFPIEH12_ESP) + *ext_hdrs |= OFPIEH12_UNREP; + if ((*ext_hdrs & ~(OFPIEH12_HOP | OFPIEH12_DEST | + OFPIEH12_ROUTER | IPPROTO_FRAGMENT | + OFPIEH12_AUTH | OFPIEH12_UNREP)) || + dest_options_header_count >= 2) { + *ext_hdrs |= OFPIEH12_UNSEQ; + } + *ext_hdrs |= OFPIEH12_ESP; + break; + + case IPPROTO_AH: + if (*ext_hdrs & OFPIEH12_AUTH) + *ext_hdrs |= OFPIEH12_UNREP; + if ((*ext_hdrs & +~(OFPIEH12_HOP | OFPIEH12_DEST | OFPIEH12_ROUTER | + IPPROTO_FRAGMENT | OFPIEH12_UNREP)) || + dest_options_header_count >= 2) { + *ext_hdrs |= OFPIEH12_UNSEQ; + } + *ext_hdrs |= OFPIEH12_AUTH; + break; + + case IPPROTO_DSTOPTS: + if (dest_options_header_count == 0) { + if (*ext_hdrs & + ~(OFPIEH12_HOP | OFPIEH12_UNREP)) + *ext_hdrs |= OFPIEH12_UNSEQ; + *ext_hdrs |= OFPIEH12_DEST; + } else if (dest_options_header_count == 1) { + if (*ext_hdrs & + ~(OFPIEH12_HOP | OFPIEH12_DEST | + OFPIEH12_ROUTER | OFPIEH12_FRAG | + OFPIEH12_AUTH | OFPIEH12_ESP | +