1. 25 7月, 2018 1 次提交
  2. 19 7月, 2018 1 次提交
    • A
      ipv6: ila: select CONFIG_DST_CACHE · 83ed7d1f
      Arnd Bergmann 提交于
      My randconfig builds came across an old missing dependency for ILA:
      
      ERROR: "dst_cache_set_ip6" [net/ipv6/ila/ila.ko] undefined!
      ERROR: "dst_cache_get" [net/ipv6/ila/ila.ko] undefined!
      ERROR: "dst_cache_init" [net/ipv6/ila/ila.ko] undefined!
      ERROR: "dst_cache_destroy" [net/ipv6/ila/ila.ko] undefined!
      
      We almost never run into this by accident because randconfig builds
      end up selecting DST_CACHE from some other tunnel protocol, and this
      one appears to be the only one missing the explicit 'select'.
      
      >From all I can tell, this problem first appeared in linux-4.9
      when dst_cache support got added to ILA.
      
      Fixes: 79ff2fc3 ("ila: Cache a route to translated address")
      Cc: Tom Herbert <tom@herbertland.com>
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      83ed7d1f
  3. 24 5月, 2018 1 次提交
    • M
      bpf: Add IPv6 Segment Routing helpers · fe94cc29
      Mathieu Xhonneux 提交于
      The BPF seg6local hook should be powerful enough to enable users to
      implement most of the use-cases one could think of. After some thinking,
      we figured out that the following actions should be possible on a SRv6
      packet, requiring 3 specific helpers :
          - bpf_lwt_seg6_store_bytes: Modify non-sensitive fields of the SRH
          - bpf_lwt_seg6_adjust_srh: Allow to grow or shrink a SRH
                                     (to add/delete TLVs)
          - bpf_lwt_seg6_action: Apply some SRv6 network programming actions
                                 (specifically End.X, End.T, End.B6 and
                                  End.B6.Encap)
      
      The specifications of these helpers are provided in the patch (see
      include/uapi/linux/bpf.h).
      
      The non-sensitive fields of the SRH are the following : flags, tag and
      TLVs. The other fields can not be modified, to maintain the SRH
      integrity. Flags, tag and TLVs can easily be modified as their validity
      can be checked afterwards via seg6_validate_srh. It is not allowed to
      modify the segments directly. If one wants to add segments on the path,
      he should stack a new SRH using the End.B6 action via
      bpf_lwt_seg6_action.
      
      Growing, shrinking or editing TLVs via the helpers will flag the SRH as
      invalid, and it will have to be re-validated before re-entering the IPv6
      layer. This flag is stored in a per-CPU buffer, along with the current
      header length in bytes.
      
      Storing the SRH len in bytes in the control block is mandatory when using
      bpf_lwt_seg6_adjust_srh. The Header Ext. Length field contains the SRH
      len rounded to 8 bytes (a padding TLV can be inserted to ensure the 8-bytes
      boundary). When adding/deleting TLVs within the BPF program, the SRH may
      temporary be in an invalid state where its length cannot be rounded to 8
      bytes without remainder, hence the need to store the length in bytes
      separately. The caller of the BPF program can then ensure that the SRH's
      final length is valid using this value. Again, a final SRH modified by a
      BPF program which doesn’t respect the 8-bytes boundary will be discarded
      as it will be considered as invalid.
      
      Finally, a fourth helper is provided, bpf_lwt_push_encap, which is
      available from the LWT BPF IN hook, but not from the seg6local BPF one.
      This helper allows to encapsulate a Segment Routing Header (either with
      a new outer IPv6 header, or by inlining it directly in the existing IPv6
      header) into a non-SRv6 packet. This helper is required if we want to
      offer the possibility to dynamically encapsulate a SRH for non-SRv6 packet,
      as the BPF seg6local hook only works on traffic already containing a SRH.
      This is the BPF equivalent of the seg6 LWT infrastructure, which achieves
      the same purpose but with a static SRH per route.
      
      These helpers require CONFIG_IPV6=y (and not =m).
      Signed-off-by: NMathieu Xhonneux <m.xhonneux@gmail.com>
      Acked-by: NDavid Lebrun <dlebrun@google.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      fe94cc29
  4. 08 5月, 2018 1 次提交
  5. 02 3月, 2018 1 次提交
  6. 26 8月, 2017 1 次提交
    • D
      ipv6: sr: add helper functions for seg6local · d7a669dd
      David Lebrun 提交于
      This patch adds three helper functions to be used with the seg6local packet
      processing actions.
      
      The decap_and_validate() function will be used by the End.D* actions, that
      decapsulate an SR-enabled packet.
      
      The advance_nextseg() function applies the fundamental operations to update
      an SRH for the next segment.
      
      The lookup_nexthop() function helps select the next-hop for the processed
      SR packets. It supports an optional next-hop address to route the packet
      specifically through it, and an optional routing table to use.
      Signed-off-by: NDavid Lebrun <david.lebrun@uclouvain.be>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d7a669dd
  7. 08 8月, 2017 2 次提交
    • D
      ipv6: sr: define core operations for seg6local lightweight tunnel · d1df6fd8
      David Lebrun 提交于
      This patch implements a new type of lightweight tunnel named seg6local.
      A seg6local lwt is defined by a type of action and a set of parameters.
      The action represents the operation to perform on the packets matching the
      lwt's route, and is not necessarily an encapsulation. The set of parameters
      are arguments for the processing function.
      
      Each action is defined in a struct seg6_action_desc within
      seg6_action_table[]. This structure contains the action, mandatory
      attributes, the processing function, and a static headroom size required by
      the action. The mandatory attributes are encoded as a bitmask field. The
      static headroom is set to a non-zero value when the processing function
      always add a constant number of bytes to the skb (e.g. the header size for
      encapsulations).
      
      To facilitate rtnetlink-related operations such as parsing, fill_encap,
      and cmp_encap, each type of action parameter is associated to three
      function pointers, in seg6_action_params[].
      
      All actions defined in seg6_local.h are detailed in [1].
      
      [1] https://tools.ietf.org/html/draft-filsfils-spring-srv6-network-programming-01Signed-off-by: NDavid Lebrun <david.lebrun@uclouvain.be>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d1df6fd8
    • D
      ipv6: sr: export SRH insertion functions · b04c80d3
      David Lebrun 提交于
      This patch exports the seg6_do_srh_encap() and seg6_do_srh_inline()
      functions. It also removes the CONFIG_IPV6_SEG6_INLINE knob
      that enabled the compilation of seg6_do_srh_inline(). This function
      is now built-in.
      Signed-off-by: NDavid Lebrun <david.lebrun@uclouvain.be>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b04c80d3
  8. 28 3月, 2017 1 次提交
  9. 15 2月, 2017 1 次提交
    • S
      esp: Add a software GRO codepath · 7785bba2
      Steffen Klassert 提交于
      This patch adds GRO ifrastructure and callbacks for ESP on
      ipv4 and ipv6.
      
      In case the GRO layer detects an ESP packet, the
      esp{4,6}_gro_receive() function does a xfrm state lookup
      and calls the xfrm input layer if it finds a matching state.
      The packet will be decapsulated and reinjected it into layer 2.
      Signed-off-by: NSteffen Klassert <steffen.klassert@secunet.com>
      7785bba2
  10. 09 2月, 2017 1 次提交
  11. 17 11月, 2016 1 次提交
    • D
      ipv6: sr: add option to control lwtunnel support · 46738b13
      David Lebrun 提交于
      This patch adds a new option CONFIG_IPV6_SEG6_LWTUNNEL to enable/disable
      support of encapsulation with the lightweight tunnels. When this option
      is enabled, CONFIG_LWTUNNEL is automatically selected.
      
      Fix commit 6c8702c6 ("ipv6: sr: add support for SRH encapsulation and injection with lwtunnels")
      
      Without a proper option to control lwtunnel support for SR-IPv6, if
      CONFIG_LWTUNNEL=n then the IPv6 initialization fails as a consequence
      of seg6_iptunnel_init() failure with EOPNOTSUPP:
      
      NET: Registered protocol family 10
      IPv6: Attempt to unregister permanent protocol 6
      IPv6: Attempt to unregister permanent protocol 136
      IPv6: Attempt to unregister permanent protocol 17
      NET: Unregistered protocol family 10
      
      Tested (compiling, booting, and loading ipv6 module when relevant)
      with possible combinations of CONFIG_IPV6={y,m,n},
      CONFIG_IPV6_SEG6_LWTUNNEL={y,n} and CONFIG_LWTUNNEL={y,n}.
      Reported-by: NLorenzo Colitti <lorenzo@google.com>
      Suggested-by: NRoopa Prabhu <roopa@cumulusnetworks.com>
      Signed-off-by: NDavid Lebrun <david.lebrun@uclouvain.be>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      46738b13
  12. 10 11月, 2016 2 次提交
    • D
      ipv6: sr: add core files for SR HMAC support · bf355b8d
      David Lebrun 提交于
      This patch adds the necessary functions to compute and check the HMAC signature
      of an SR-enabled packet. Two HMAC algorithms are supported: hmac(sha1) and
      hmac(sha256).
      
      In order to avoid dynamic memory allocation for each HMAC computation,
      a per-cpu ring buffer is allocated for this purpose.
      
      A new per-interface sysctl called seg6_require_hmac is added, allowing a
      user-defined policy for processing HMAC-signed SR-enabled packets.
      A value of -1 means that the HMAC field will always be ignored.
      A value of 0 means that if an HMAC field is present, its validity will
      be enforced (the packet is dropped is the signature is incorrect).
      Finally, a value of 1 means that any SR-enabled packet that does not
      contain an HMAC signature or whose signature is incorrect will be dropped.
      Signed-off-by: NDavid Lebrun <david.lebrun@uclouvain.be>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bf355b8d
    • D
      ipv6: sr: add support for SRH encapsulation and injection with lwtunnels · 6c8702c6
      David Lebrun 提交于
      This patch creates a new type of interfaceless lightweight tunnel (SEG6),
      enabling the encapsulation and injection of SRH within locally emitted
      packets and forwarded packets.
      
      >From a configuration viewpoint, a seg6 tunnel would be configured as follows:
      
        ip -6 ro ad fc00::1/128 encap seg6 mode encap segs fc42::1,fc42::2,fc42::3 dev eth0
      
      Any packet whose destination address is fc00::1 would thus be encapsulated
      within an outer IPv6 header containing the SRH with three segments, and would
      actually be routed to the first segment of the list. If `mode inline' was
      specified instead of `mode encap', then the SRH would be directly inserted
      after the IPv6 header without outer encapsulation.
      
      The inline mode is only available if CONFIG_IPV6_SEG6_INLINE is enabled. This
      feature was made configurable because direct header insertion may break
      several mechanisms such as PMTUD or IPSec AH.
      Signed-off-by: NDavid Lebrun <david.lebrun@uclouvain.be>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6c8702c6
  13. 01 6月, 2016 1 次提交
    • A
      fou: fix IPv6 Kconfig options · 95e4daa8
      Arnd Bergmann 提交于
      The Kconfig options I added to work around broken compilation ended
      up screwing up things more, as I used the wrong symbol to control
      compilation of the file, resulting in IPv6 fou support to never be built
      into the kernel.
      
      Changing CONFIG_NET_FOU_IPV6_TUNNELS to CONFIG_IPV6_FOU fixes that
      problem, I had renamed the symbol in one location but not the other,
      and as the file is never being used by other kernel code, this did not
      lead to a build failure that I would have caught.
      
      After that fix, another issue with the same patch becomes obvious, as we
      'select INET6_TUNNEL', which is related to IPV6_TUNNEL, but not the same,
      and this can still cause the original build failure when IPV6_TUNNEL is
      not built-in but IPV6_FOU is. The fix is equally trivial, we just need
      to select the right symbol.
      
      I have successfully build 350 randconfig kernels with this patch
      and verified that the driver is now being built.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Reported-by: NValentin Rothberg <valentinrothberg@gmail.com>
      Fixes: fabb13db ("fou: add Kconfig options for IPv6 support")
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      95e4daa8
  14. 30 5月, 2016 1 次提交
    • A
      fou: add Kconfig options for IPv6 support · fabb13db
      Arnd Bergmann 提交于
      A previous patch added the fou6.ko module, but that failed to link
      in a couple of configurations:
      
      net/built-in.o: In function `ip6_tnl_encap_add_fou_ops':
      net/ipv6/fou6.c:88: undefined reference to `ip6_tnl_encap_add_ops'
      net/ipv6/fou6.c:94: undefined reference to `ip6_tnl_encap_add_ops'
      net/ipv6/fou6.c:97: undefined reference to `ip6_tnl_encap_del_ops'
      net/built-in.o: In function `ip6_tnl_encap_del_fou_ops':
      net/ipv6/fou6.c:106: undefined reference to `ip6_tnl_encap_del_ops'
      net/ipv6/fou6.c:107: undefined reference to `ip6_tnl_encap_del_ops'
      
      If CONFIG_IPV6=m, ip6_tnl_encap_add_ops/ip6_tnl_encap_del_ops
      are in a module, but fou6.c can still be built-in, and that
      obviously fails to link.
      
      Also, if CONFIG_IPV6=y, but CONFIG_IPV6_TUNNEL=m or
      CONFIG_IPV6_TUNNEL=n, the same problem happens for a different
      reason.
      
      This adds two new silent Kconfig symbols to work around both
      problems:
      
      - CONFIG_IPV6_FOU is now always set to 'm' if either CONFIG_NET_FOU=m
        or CONFIG_IPV6=m
      - CONFIG_IPV6_FOU_TUNNEL is set implicitly when IPV6_FOU is enabled
        and NET_FOU_IP_TUNNELS is also turned out, and it will ensure
        that CONFIG_IPV6_TUNNEL is also available.
      
      The options could be made user-visible as well, to give additional
      room for configuration, but it seems easier not to bother users
      with more choice here.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Fixes: aa3463d6 ("fou: Add encap ops for IPv6 tunnels")
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fabb13db
  15. 05 5月, 2016 1 次提交
  16. 17 2月, 2016 1 次提交
  17. 26 1月, 2016 1 次提交
  18. 19 12月, 2015 1 次提交
    • A
      ila: add NETFILTER dependency · 8cb964da
      Arnd Bergmann 提交于
      The recently added generic ILA translation facility fails to
      build when CONFIG_NETFILTER is disabled:
      
      net/ipv6/ila/ila_xlat.c:229:20: warning: 'struct nf_hook_state' declared inside parameter list
      net/ipv6/ila/ila_xlat.c:235:27: error: array type has incomplete element type 'struct nf_hook_ops'
       static struct nf_hook_ops ila_nf_hook_ops[] __read_mostly = {
      
      This adds an explicit Kconfig dependency to avoid that case.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Fixes: 7f00feaf ("ila: Add generic ILA translation facility")
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8cb964da
  19. 18 8月, 2015 1 次提交
    • T
      net: Identifier Locator Addressing module · 65d7ab8d
      Tom Herbert 提交于
      Adding new module name ila. This implements ILA translation. Light
      weight tunnel redirection is used to perform the translation in
      the data path. This is configured by the "ip -6 route" command
      using the "encap ila <locator>" option, where <locator> is the
      value to set in destination locator of the packet. e.g.
      
      ip -6 route add 3333:0:0:1:5555:0:1:0/128 \
            encap ila 2001:0:0:1 via 2401:db00:20:911a:face:0:25:0
      
      Sets a route where 3333:0:0:1 will be overwritten by
      2001:0:0:1 on output.
      Signed-off-by: NTom Herbert <tom@herbertland.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      65d7ab8d
  20. 14 7月, 2015 1 次提交
    • T
      net: Build IPv6 into kernel by default · de551f2e
      Tom Herbert 提交于
      This patch makes the default to build IPv6 into the kernel. IPv6
      now has significant traction and any remaining vestiges of IPv6
      not being provided parity with IPv4 should be swept away. IPv6 is now
      core to the Internet and kernel.
      
      Points on IPv6 adoption:
      
      - Per Google statistics, IPv6 usage has reached 7% on the Internet
        and continues to exhibit an exponential growth rate
        https://www.google.com/intl/en/ipv6/statistics.html
      - Just a few days ago ARIN officially depleted its IPv4 pool
      - IPv6 only data centers are being successfully built
        (e.g. at Facebook)
      
      This patch changes the IPv6 Kconfig for IPV6. Default for CONFIG_IPV6
      is set to "y" and the text has been updated to reflect the maturity of
      IPv6.
      
      Impact:
      
      Under some circumstances building modules in to kernel might have a
      performance advantage. In my testing, I did notice a very slight
      improvement.
      
      This will obviously increase the size of the kernel image. In my
      configuration I see:
      
      IPv6 as module:
      
         text    data     bss     dec     hex filename
      9703666 1899288  933888 12536842         bf4c0a vmlinux
      
      IPv6 built into kernel
      
        text     data     bss     dec     hex filename
      9436490 1879600  913408 12229498         ba9b7a vmlinux
      
      Which increases text size by ~270K (2.8% increase in size for me). If
      image size is an issue, presumably for a device which does not do IP
      networking (IMO we should be discouraging IPv4-only devices), IPV6 can
      be disabled or still built as a module.
      Acked-by: NYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
      Signed-off-by: NTom Herbert <tom@herbertland.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      de551f2e
  21. 20 2月, 2014 1 次提交
  22. 29 10月, 2013 1 次提交
  23. 10 10月, 2013 1 次提交
  24. 27 3月, 2013 1 次提交
  25. 22 2月, 2013 1 次提交
  26. 12 1月, 2013 1 次提交
    • K
      net/ipv6: remove depends on CONFIG_EXPERIMENTAL · f9ceb16e
      Kees Cook 提交于
      The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
      while now and is almost always enabled by default. As agreed during the
      Linux kernel summit, remove it from any "depends on" lines in Kconfigs.
      
      CC: "David S. Miller" <davem@davemloft.net>
      CC: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
      CC: James Morris <jmorris@namei.org>
      CC: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
      CC: Patrick McHardy <kaber@trash.net>
      Signed-off-by: NKees Cook <keescook@chromium.org>
      Acked-by: NDavid S. Miller <davem@davemloft.net>
      f9ceb16e
  27. 15 8月, 2012 1 次提交
  28. 16 5月, 2012 1 次提交
  29. 11 5月, 2010 1 次提交
    • P
      ipv6: ip6mr: support multiple tables · d1db275d
      Patrick McHardy 提交于
      This patch adds support for multiple independant multicast routing instances,
      named "tables".
      
      Userspace multicast routing daemons can bind to a specific table instance by
      issuing a setsockopt call using a new option MRT6_TABLE. The table number is
      stored in the raw socket data and affects all following ip6mr setsockopt(),
      getsockopt() and ioctl() calls. By default, a single table (RT6_TABLE_DFLT)
      is created with a default routing rule pointing to it. Newly created pim6reg
      devices have the table number appended ("pim6regX"), with the exception of
      devices created in the default table, which are named just "pim6reg" for
      compatibility reasons.
      
      Packets are directed to a specific table instance using routing rules,
      similar to how regular routing rules work. Currently iif, oif and mark
      are supported as keys, source and destination addresses could be supported
      additionally.
      
      Example usage:
      
      - bind pimd/xorp/... to a specific table:
      
      uint32_t table = 123;
      setsockopt(fd, SOL_IPV6, MRT6_TABLE, &table, sizeof(table));
      
      - create routing rules directing packets to the new table:
      
      # ip -6 mrule add iif eth0 lookup 123
      # ip -6 mrule add oif eth0 lookup 123
      Signed-off-by: NPatrick McHardy <kaber@trash.net>
      d1db275d
  30. 08 10月, 2009 1 次提交
  31. 07 10月, 2009 1 次提交
    • Y
      ipv6 sit: 6rd (IPv6 Rapid Deployment) Support. · fa857afc
      YOSHIFUJI Hideaki / 吉藤英明 提交于
      IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
      mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
      deploy IPv6 unicast service to IPv4 sites to which it provides
      customer premise equipment.  Like 6to4, it utilizes stateless IPv6 in
      IPv4 encapsulation in order to transit IPv4-only network
      infrastructure.  Unlike 6to4, a 6rd service provider uses an IPv6
      prefix of its own in place of the fixed 6to4 prefix.
      
      With this option enabled, the SIT driver offers 6rd functionality by
      providing additional ioctl API to configure the IPv6 Prefix for in
      stead of static 2002::/16 for 6to4.
      
      Original patch was done by Alexandre Cassen <acassen@freebox.fr>
      based on old Internet-Draft.
      Signed-off-by: NYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fa857afc
  32. 13 6月, 2009 1 次提交
  33. 30 3月, 2009 1 次提交
  34. 25 7月, 2008 1 次提交
  35. 28 4月, 2008 1 次提交
  36. 25 4月, 2008 1 次提交
  37. 14 4月, 2008 1 次提交
  38. 05 4月, 2008 1 次提交