Commit ed6dc4b8 authored by David S. Miller's avatar David S. Miller

Merge branch 'seg6-headend-reduced'

Andrea Mayer says:

====================
seg6: add support for SRv6 Headend Reduced

This patchset adds support for SRv6 Headend behavior with Reduced
Encapsulation. It introduces the H.Encaps.Red and H.L2Encaps.Red versions
of the SRv6 H.Encaps and H.L2Encaps behaviors, according to RFC 8986 [1].

In details, the patchset is made of:
 - patch 1/4: add support for SRv6 H.Encaps.Red behavior;
 - Patch 2/4: add support for SRv6 H.L2Encaps.Red behavior;
 - patch 2/4: add selftest for SRv6 H.Encaps.Red behavior;
 - patch 3/4: add selftest for SRv6 H.L2Encaps.Red behavior.

The corresponding iproute2 patch for supporting SRv6 H.Encaps.Red and
H.L2Encaps.Red behaviors is provided in a separated patchset.

[1] - https://datatracker.ietf.org/doc/html/rfc8986

V4 -> v5:
 - Fix skb checksum for SRH Reduced encapsulation/insertion;

 - Improve selftests by:
      i) adding a random suffix to network namespaces;
     ii) creating net devices directly into network namespaces;
    iii) using trap EXIT command to properly clean up selftest networks.

 Thanks to Paolo Abeni.

v3 -> v4:
 - Add selftests to the Makefile, thanks to Jakub Kicinski.

v2 -> v3:
 - Keep SRH when HMAC TLV is present;

 - Split the support for H.Encaps.Red and H.L2Encaps.Red behaviors in two
   patches (respectively, patch 1/4 and patch 2/4);

 - Add selftests for SRv6 H.Encaps.Red and H.L2Encaps.Red.

v1 -> v2:
 - Fixed sparse warnings;

 - memset now uses sizeof() instead of hardcoded value;

 - Removed EXPORT_SYMBOL_GPL.
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 5b91884b 95baa4e8
...@@ -35,6 +35,8 @@ enum { ...@@ -35,6 +35,8 @@ enum {
SEG6_IPTUN_MODE_INLINE, SEG6_IPTUN_MODE_INLINE,
SEG6_IPTUN_MODE_ENCAP, SEG6_IPTUN_MODE_ENCAP,
SEG6_IPTUN_MODE_L2ENCAP, SEG6_IPTUN_MODE_L2ENCAP,
SEG6_IPTUN_MODE_ENCAP_RED,
SEG6_IPTUN_MODE_L2ENCAP_RED,
}; };
#endif #endif
...@@ -36,9 +36,11 @@ static size_t seg6_lwt_headroom(struct seg6_iptunnel_encap *tuninfo) ...@@ -36,9 +36,11 @@ static size_t seg6_lwt_headroom(struct seg6_iptunnel_encap *tuninfo)
case SEG6_IPTUN_MODE_INLINE: case SEG6_IPTUN_MODE_INLINE:
break; break;
case SEG6_IPTUN_MODE_ENCAP: case SEG6_IPTUN_MODE_ENCAP:
case SEG6_IPTUN_MODE_ENCAP_RED:
head = sizeof(struct ipv6hdr); head = sizeof(struct ipv6hdr);
break; break;
case SEG6_IPTUN_MODE_L2ENCAP: case SEG6_IPTUN_MODE_L2ENCAP:
case SEG6_IPTUN_MODE_L2ENCAP_RED:
return 0; return 0;
} }
...@@ -197,6 +199,124 @@ int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh, int proto) ...@@ -197,6 +199,124 @@ int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh, int proto)
} }
EXPORT_SYMBOL_GPL(seg6_do_srh_encap); EXPORT_SYMBOL_GPL(seg6_do_srh_encap);
/* encapsulate an IPv6 packet within an outer IPv6 header with reduced SRH */
static int seg6_do_srh_encap_red(struct sk_buff *skb,
struct ipv6_sr_hdr *osrh, int proto)
{
__u8 first_seg = osrh->first_segment;
struct dst_entry *dst = skb_dst(skb);
struct net *net = dev_net(dst->dev);
struct ipv6hdr *hdr, *inner_hdr;
int hdrlen = ipv6_optlen(osrh);
int red_tlv_offset, tlv_offset;
struct ipv6_sr_hdr *isrh;
bool skip_srh = false;
__be32 flowlabel;
int tot_len, err;
int red_hdrlen;
int tlvs_len;
if (first_seg > 0) {
red_hdrlen = hdrlen - sizeof(struct in6_addr);
} else {
/* NOTE: if tag/flags and/or other TLVs are introduced in the
* seg6_iptunnel infrastructure, they should be considered when
* deciding to skip the SRH.
*/
skip_srh = !sr_has_hmac(osrh);
red_hdrlen = skip_srh ? 0 : hdrlen;
}
tot_len = red_hdrlen + sizeof(struct ipv6hdr);
err = skb_cow_head(skb, tot_len + skb->mac_len);
if (unlikely(err))
return err;
inner_hdr = ipv6_hdr(skb);
flowlabel = seg6_make_flowlabel(net, skb, inner_hdr);
skb_push(skb, tot_len);
skb_reset_network_header(skb);
skb_mac_header_rebuild(skb);
hdr = ipv6_hdr(skb);
/* based on seg6_do_srh_encap() */
if (skb->protocol == htons(ETH_P_IPV6)) {
ip6_flow_hdr(hdr, ip6_tclass(ip6_flowinfo(inner_hdr)),
flowlabel);
hdr->hop_limit = inner_hdr->hop_limit;
} else {
ip6_flow_hdr(hdr, 0, flowlabel);
hdr->hop_limit = ip6_dst_hoplimit(skb_dst(skb));
memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
IP6CB(skb)->iif = skb->skb_iif;
}
/* no matter if we have to skip the SRH or not, the first segment
* always comes in the pushed IPv6 header.
*/
hdr->daddr = osrh->segments[first_seg];
if (skip_srh) {
hdr->nexthdr = proto;
set_tun_src(net, dst->dev, &hdr->daddr, &hdr->saddr);
goto out;
}
/* we cannot skip the SRH, slow path */
hdr->nexthdr = NEXTHDR_ROUTING;
isrh = (void *)hdr + sizeof(struct ipv6hdr);
if (unlikely(!first_seg)) {
/* this is a very rare case; we have only one SID but
* we cannot skip the SRH since we are carrying some
* other info.
*/
memcpy(isrh, osrh, hdrlen);
goto srcaddr;
}
tlv_offset = sizeof(*osrh) + (first_seg + 1) * sizeof(struct in6_addr);
red_tlv_offset = tlv_offset - sizeof(struct in6_addr);
memcpy(isrh, osrh, red_tlv_offset);
tlvs_len = hdrlen - tlv_offset;
if (unlikely(tlvs_len > 0)) {
const void *s = (const void *)osrh + tlv_offset;
void *d = (void *)isrh + red_tlv_offset;
memcpy(d, s, tlvs_len);
}
--isrh->first_segment;
isrh->hdrlen -= 2;
srcaddr:
isrh->nexthdr = proto;
set_tun_src(net, dst->dev, &hdr->daddr, &hdr->saddr);
#ifdef CONFIG_IPV6_SEG6_HMAC
if (unlikely(!skip_srh && sr_has_hmac(isrh))) {
err = seg6_push_hmac(net, &hdr->saddr, isrh);
if (unlikely(err))
return err;
}
#endif
out:
hdr->payload_len = htons(skb->len - sizeof(struct ipv6hdr));
skb_postpush_rcsum(skb, hdr, tot_len);
return 0;
}
/* insert an SRH within an IPv6 packet, just after the IPv6 header */ /* insert an SRH within an IPv6 packet, just after the IPv6 header */
int seg6_do_srh_inline(struct sk_buff *skb, struct ipv6_sr_hdr *osrh) int seg6_do_srh_inline(struct sk_buff *skb, struct ipv6_sr_hdr *osrh)
{ {
...@@ -269,6 +389,7 @@ static int seg6_do_srh(struct sk_buff *skb) ...@@ -269,6 +389,7 @@ static int seg6_do_srh(struct sk_buff *skb)
return err; return err;
break; break;
case SEG6_IPTUN_MODE_ENCAP: case SEG6_IPTUN_MODE_ENCAP:
case SEG6_IPTUN_MODE_ENCAP_RED:
err = iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6); err = iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6);
if (err) if (err)
return err; return err;
...@@ -280,7 +401,11 @@ static int seg6_do_srh(struct sk_buff *skb) ...@@ -280,7 +401,11 @@ static int seg6_do_srh(struct sk_buff *skb)
else else
return -EINVAL; return -EINVAL;
if (tinfo->mode == SEG6_IPTUN_MODE_ENCAP)
err = seg6_do_srh_encap(skb, tinfo->srh, proto); err = seg6_do_srh_encap(skb, tinfo->srh, proto);
else
err = seg6_do_srh_encap_red(skb, tinfo->srh, proto);
if (err) if (err)
return err; return err;
...@@ -289,6 +414,7 @@ static int seg6_do_srh(struct sk_buff *skb) ...@@ -289,6 +414,7 @@ static int seg6_do_srh(struct sk_buff *skb)
skb->protocol = htons(ETH_P_IPV6); skb->protocol = htons(ETH_P_IPV6);
break; break;
case SEG6_IPTUN_MODE_L2ENCAP: case SEG6_IPTUN_MODE_L2ENCAP:
case SEG6_IPTUN_MODE_L2ENCAP_RED:
if (!skb_mac_header_was_set(skb)) if (!skb_mac_header_was_set(skb))
return -EINVAL; return -EINVAL;
...@@ -298,7 +424,13 @@ static int seg6_do_srh(struct sk_buff *skb) ...@@ -298,7 +424,13 @@ static int seg6_do_srh(struct sk_buff *skb)
skb_mac_header_rebuild(skb); skb_mac_header_rebuild(skb);
skb_push(skb, skb->mac_len); skb_push(skb, skb->mac_len);
err = seg6_do_srh_encap(skb, tinfo->srh, IPPROTO_ETHERNET); if (tinfo->mode == SEG6_IPTUN_MODE_L2ENCAP)
err = seg6_do_srh_encap(skb, tinfo->srh,
IPPROTO_ETHERNET);
else
err = seg6_do_srh_encap_red(skb, tinfo->srh,
IPPROTO_ETHERNET);
if (err) if (err)
return err; return err;
...@@ -517,6 +649,10 @@ static int seg6_build_state(struct net *net, struct nlattr *nla, ...@@ -517,6 +649,10 @@ static int seg6_build_state(struct net *net, struct nlattr *nla,
break; break;
case SEG6_IPTUN_MODE_L2ENCAP: case SEG6_IPTUN_MODE_L2ENCAP:
break; break;
case SEG6_IPTUN_MODE_ENCAP_RED:
break;
case SEG6_IPTUN_MODE_L2ENCAP_RED:
break;
default: default:
return -EINVAL; return -EINVAL;
} }
......
...@@ -35,6 +35,8 @@ TEST_PROGS += cmsg_time.sh cmsg_ipv6.sh ...@@ -35,6 +35,8 @@ TEST_PROGS += cmsg_time.sh cmsg_ipv6.sh
TEST_PROGS += srv6_end_dt46_l3vpn_test.sh TEST_PROGS += srv6_end_dt46_l3vpn_test.sh
TEST_PROGS += srv6_end_dt4_l3vpn_test.sh TEST_PROGS += srv6_end_dt4_l3vpn_test.sh
TEST_PROGS += srv6_end_dt6_l3vpn_test.sh TEST_PROGS += srv6_end_dt6_l3vpn_test.sh
TEST_PROGS += srv6_hencap_red_l3vpn_test.sh
TEST_PROGS += srv6_hl2encap_red_l2vpn_test.sh
TEST_PROGS += vrf_strict_mode_test.sh TEST_PROGS += vrf_strict_mode_test.sh
TEST_PROGS += arp_ndisc_evict_nocarrier.sh TEST_PROGS += arp_ndisc_evict_nocarrier.sh
TEST_PROGS += ndisc_unsolicited_na_test.sh TEST_PROGS += ndisc_unsolicited_na_test.sh
......
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment