Signed-off-by: Mathieu Xhonneux
---
tools/testing/selftests/bpf/test_lwt_seg6local.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/bpf/test_lwt_seg6local.sh
b/tools/testing/selftests/bpf/test_lwt_seg6local.sh
index 270fa8f49573..785eabf2a593
.
v3: s/1/true, s/0/false for boolean values
v2: - changed true/false -> 1/0
- preempt_enable no longer called in first conditional block
Signed-off-by: Mathieu Xhonneux
---
include/net/seg6_local.h | 4 ++-
net/core/filter.c| 89
2018-07-25 23:13 GMT+02:00 Martin KaFai Lau :
>> v2: - changed true/false -> 1/0
> hmmm...I thought I was asking to replace 1/0 with true/false. More
> below.
Silly me, I read your indication backwards. Agreed.
@Daniel: sorry for this one, sending a v3.
.
v2: - changed true/false -> 1/0
- preempt_enable no longer called in first conditional block
Signed-off-by: Mathieu Xhonneux
---
include/net/seg6_local.h | 4 ++-
net/core/filter.c| 83 +---
net/ipv6/seg6_local.c|
Indeed, I missed this one. Thanks, sending a v2.
2018-07-25 5:40 GMT+00:00 Daniel Borkmann :
> On 07/24/2018 07:14 PM, Martin KaFai Lau wrote:
>> On Tue, Jul 24, 2018 at 04:59:54PM +, Mathieu Xhonneux wrote:
>>> The seg6local LWT provides the End.DT6 action, which allows to
.
Signed-off-by: Mathieu Xhonneux
---
include/net/seg6_local.h | 4 ++-
net/core/filter.c| 83 +---
net/ipv6/seg6_local.c| 42 +++-
3 files changed, 87 insertions(+), 42 deletions(-)
diff --git a/include/net
::18 encap seg6local action End.BPF endpoint my_bpf.o:[my_func]
dev eth0 metric 1024 pref medium
v2: - re-use of print_encap_bpf_prog instead of fprintf
- introduction of "endpoint" keyword for more consistency with
others parameters
Signed-off-by: Mathieu Xhonneu
This patch corresponds to a new feature that is now available in the
net tree. I hence assumed that this patch had to be sent to iproute2
and not iproute2-next, please tell me if this is not OK, I'll then
send a v2 towards iproute2-next.
Thanks.
2018-07-16 14:47 GMT+00:00 Mathieu Xho
encap seg6local action End.BPF my_bpf.o:[my_func] dev eth0
metric 1024 pref medium
Signed-off-by: Mathieu Xhonneux
---
ip/iproute_lwtunnel.c | 122 +-
lib/bpf.c | 5 +++
2 files changed, 77 insertions(+), 50 deletions(-)
diff --git a/ip
: Mathieu Xhonneux
---
net/core/filter.c | 22 --
1 file changed, 8 insertions(+), 14 deletions(-)
diff --git a/net/core/filter.c b/net/core/filter.c
index b9ec916f4e3a..c910a95e9a7c 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -4439,10 +4439,10 @@ static const
2018-05-30 13:00 GMT+02:00 Daniel Borkmann :
>> Instead of doing this inside the helper you can reject the program already
>> in the lwt_*_func_proto() by returning NULL when !CONFIG_IPV6_SEG6_BPF. That
>> way programs get rejected at verification time instead of runtime, so the
>> user can probe a
#x27; file not found
^~~~
1 error generated.
make: Leaving directory
`/data/users/yhs/work/net-next/tools/testing/selftests/bpf'
v2: moving the headers to tools/include/uapi/.
Reported-by: Y Song
Signed-off-by: Mathieu Xhonneux
---
tools/include/uapi/linux/seg6.h | 55 ++
2018-05-25 18:39 GMT+02:00 Daniel Borkmann :
> Yes, should definitely go there to tools include infrastructure.
What is the point of tools/testing/selftests/bpf/include/uapi/ then ?
Incompatibility issues preventing linux/types.h to be included in
non-bpf testing executables ? My initial conceptio
h lwtunnels")
Signed-off-by: David Lebrun
Signed-off-by: Mathieu Xhonneux
---
net/ipv6/seg6_iptunnel.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/ipv6/seg6_iptunnel.c b/net/ipv6/seg6_iptunnel.c
index 5fe139484919..bf4763fd68c2 100644
--- a/net/ipv6/seg6_iptunnel.
#x27; file not found
^~~~
1 error generated.
make: Leaving directory
`/data/users/yhs/work/net-next/tools/testing/selftests/bpf'
Reported-by: Y Song
Signed-off-by: Mathieu Xhonneux
---
.../selftests/bpf/include/uapi/linux/seg6.h| 55 +++
.../selftests/bpf/includ
ned-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/net/seg6.h | 3 ++-
include/net/seg6_local.h | 24
net/ipv6/seg6_local.c| 20 +++-
3 files changed, 37 insertions(+), 10 deletions(-)
create mode 100644 include/net/seg6_local.h
d
return this
value, as the skb's destination is already set and the default
lookup should not be performed.
- BPF_DROP : the packet will be dropped.
Signed-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/linux/bpf_types.h | 1 +
include/uapi/linux/
before entering this chain. Each End.BPF action validates
the previous one, otherwise the packet is dropped. The test succeeds
if the last node in the chain receives the packet and the UDP datagram
contained can be retrieved from userspace.
Signed-off-by: Mathieu Xhonneux
---
tools/include/uapi
: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/linux/bpf_types.h | 4 +--
net/core/filter.c | 83 +--
2 files changed, 54 insertions(+), 33 deletions(-)
diff --git a/include/linux/bpf_types.h b/include/linux/bpf_types.h
index
route.
These helpers require CONFIG_IPV6=y (and not =m).
Signed-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/net/seg6_local.h | 8 ++
include/uapi/linux/bpf.h | 96 +++-
net/core/filter.c| 285 +++
net/ipv6/Kc
u mean 'ipv4'?
return net->ipv6.seg6_data;
^~~~
ipv4
This commit makes seg6_pernet return NULL if IPv6 is not compiled, hence
allowing seg6.h to be included regardless of the configuration.
Signed-off-by: Mathieu Xhonneux
---
include/net/seg6.
pf for
netlink nested bpf attributes
- SEG6_LOCAL_BPF_PROG attr now contains prog->aux->id when dumping
state
Thanks.
Mathieu Xhonneux (6):
ipv6: sr: make seg6.h includable without IPv6
ipv6: sr: export function lookup_nexthop
bpf: Add IPv6 Segment Routing helpers
bpf: Spl
2018-05-18 21:24 GMT+01:00 Daniel Borkmann :
>> +#define MAX_PROG_NAME 256
>> +static const struct nla_policy bpf_prog_policy[LWT_BPF_PROG_MAX + 1] = {
>> + [LWT_BPF_PROG_FD] = { .type = NLA_U32, },
>
> From UAPI point of view, I wouldn't name it LWT_BPF_PROG_FD but rather
> something like
>
In bpf_parse_prog, if bpf_prog_get_type fails, the function is
immediately terminated without freeing the previously allocated
prog->name.
This patch adds a kfree before the return.
Signed-off-by: Mathieu Xhonneux
---
net/core/lwt_bpf.c | 4 +++-
1 file changed, 3 insertions(+), 1 delet
before the chain. Each End.BPF action validates the previous
one, otherwise the packet is dropped.
The test succeeds if the last node in the chain receives the packet and
the UDP datagram contained can be retrieved from userspace.
Signed-off-by: Mathieu Xhonneux
---
tools/include/uapi/linux/bpf.h
route.
These helpers require CONFIG_IPV6=y (and not =m).
Signed-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/net/seg6_local.h | 8 ++
include/uapi/linux/bpf.h | 96 +++-
net/core/filter.c| 285 +++
net/ipv6/Kc
ned-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/net/seg6.h | 3 ++-
include/net/seg6_local.h | 24
net/ipv6/seg6_local.c| 20 +++-
3 files changed, 37 insertions(+), 10 deletions(-)
create mode 100644 include/net/seg6_local.h
d
: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/linux/bpf_types.h | 4 +--
net/core/filter.c | 83 +--
2 files changed, 54 insertions(+), 33 deletions(-)
diff --git a/include/linux/bpf_types.h b/include/linux/bpf_types.h
index
u mean 'ipv4'?
return net->ipv6.seg6_data;
^~~~
ipv4
This commit makes seg6_pernet return NULL if IPv6 is not compiled, hence
allowing seg6.h to be included regardless of the configuration.
Signed-off-by: Mathieu Xhonneux
---
include/net/seg6.
d bugs when CONFIG_IPV6=m
v5: fix kbuild sparse warnings when CONFIG_IPV6=m
v6: fix skb pointers-related bugs in helpers
Thanks.
Mathieu Xhonneux (6):
ipv6: sr: make seg6.h includable without IPv6
ipv6: sr: export function lookup_nexthop
bpf: Add IPv6 Segment Routing helpers
bpf: Split lwt
return this
value, as the skb's destination is already set and the default
lookup should not be performed.
- BPF_DROP : the packet will be dropped.
Signed-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/linux/bpf_types.h | 1 +
include/uapi/linux/
2018-05-14 23:40 GMT+01:00 Daniel Borkmann :
> On 05/12/2018 07:25 PM, Mathieu Xhonneux wrote:
> [...]
>> +BPF_CALL_4(bpf_lwt_seg6_store_bytes, struct sk_buff *, skb, u32, offset,
>> +const void *, from, u32, len)
>> +{
>> +#if IS_ENABLED(CONFIG_
Sorry for the v4 still throwing warnings from the kbuild bot, this
version should be OK.
2018-05-12 18:25 GMT+01:00 Mathieu Xhonneux :
> As of Linux 4.14, it is possible to define advanced local processing for
> IPv6 packets with a Segment Routing Header through the seg6local LWT
> infra
: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/linux/bpf_types.h | 4 +--
net/core/filter.c | 83 +--
2 files changed, 54 insertions(+), 33 deletions(-)
diff --git a/include/linux/bpf_types.h b/include/linux/bpf_types.h
index
return this
value, as the skb's destination is already set and the default
lookup should not be performed.
- BPF_DROP : the packet will be dropped.
Signed-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/linux/bpf_types.h | 1 +
include/uapi/linux/
ned-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/net/seg6.h | 3 ++-
include/net/seg6_local.h | 24
net/ipv6/seg6_local.c| 20 +++-
3 files changed, 37 insertions(+), 10 deletions(-)
create mode 100644 include/net/seg6_local.h
d
before the chain. Each End.BPF action validates the previous
one, otherwise the packet is dropped.
The test succeeds if the last node in the chain receives the packet and
the UDP datagram contained can be retrieved from userspace.
Signed-off-by: Mathieu Xhonneux
---
tools/include/uapi/linux/bpf.h
d bugs when CONFIG_IPV6=m
v5: fix kbuild sparse warnings when CONFIG_IPV6=m
Thanks.
Mathieu Xhonneux (6):
ipv6: sr: make seg6.h includable without IPv6
ipv6: sr: export function lookup_nexthop
bpf: Add IPv6 Segment Routing helpers
bpf: Split lwt inout verifier structures
ipv6: sr: Add seg
route.
These helpers require CONFIG_IPV6=y (and not =m).
Signed-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/net/seg6_local.h | 8 ++
include/uapi/linux/bpf.h | 97 +++-
net/core/filter.c| 282 +++
net/ipv6/Kc
u mean 'ipv4'?
return net->ipv6.seg6_data;
^~~~
ipv4
This commit makes seg6_pernet return NULL if IPv6 is not compiled, hence
allowing seg6.h to be included regardless of the configuration.
Signed-off-by: Mathieu Xhonneux
---
include/net/seg6.
I'm quite interested in this helper to implement OAM features (through
other hooks, e.g. the BPF LWT hook). Do you have an idea about how it
behaves with ECMP routes (with IPv4 and/or IPv6) ? In IPv6, I'm
guessing that the returned gateway address is always a link-local
address ?
Thanks.
2018-05-
@Alexei: I created the CONFIG_IPV6_SEG6_BPF symbol, fearing that using
ipv6_bpf_stub would be detrimental for the bpf_lwt_seg6_action helper,
since all the calls to seg6_* are in the critical path.
2018-05-09 22:16 GMT+01:00 Mathieu Xhonneux :
> As of Linux 4.14, it is possible to define advan
before the chain. Each End.BPF action validates the previous
one, otherwise the packet is dropped.
The test succeeds if the last node in the chain receives the packet and
the UDP datagram contained can be retrieved from userspace.
Signed-off-by: Mathieu Xhonneux
---
tools/include/uapi/linux/bpf.h
return this
value, as the skb's destination is already set and the default
lookup should not be performed.
- BPF_DROP : the packet will be dropped.
This action requires CONFIG_IPV6=y (and not =m).
Signed-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/
u mean 'ipv4'?
return net->ipv6.seg6_data;
^~~~
ipv4
This commit makes seg6_pernet return NULL if IPv6 is not compiled, hence
allowing seg6.h to be included regardless of the configuration.
Signed-off-by: Mathieu Xhonneux
---
include/net/seg6.
ned-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/net/seg6.h | 3 ++-
include/net/seg6_local.h | 24
net/ipv6/seg6_local.c| 20 +++-
3 files changed, 37 insertions(+), 10 deletions(-)
create mode 100644 include/net/seg6_local.h
d
route.
Signed-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/net/seg6_local.h | 8 ++
include/uapi/linux/bpf.h | 95 +++-
net/core/filter.c| 282 +++
net/ipv6/Kconfig | 5 +
net/ipv6/seg6_local.c| 2
: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/linux/bpf_types.h | 4 +--
net/core/filter.c | 83 +--
2 files changed, 54 insertions(+), 33 deletions(-)
diff --git a/include/linux/bpf_types.h b/include/linux/bpf_types.h
index
d bugs when CONFIG_IPV6=m
Thanks.
Mathieu Xhonneux (6):
ipv6: sr: make seg6.h includable without IPv6
ipv6: sr: export function lookup_nexthop
bpf: Add IPv6 Segment Routing helpers
bpf: Split lwt inout verifier structures
ipv6: sr: Add seg6local action End.BPF
selftests/bpf: test for seg
-05-07 0:29 GMT+01:00 kbuild test robot :
> Hi Mathieu,
>
> Thank you for the patch! Yet something to improve:
>
> [auto build test ERROR on bpf-next/master]
>
> url:
> https://github.com/0day-ci/linux/commits/Mathieu-Xhonneux/ipv6-sr-introduce-seg6local-End-BPF
: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/linux/bpf_types.h | 4 +--
net/core/filter.c | 83 +--
2 files changed, 54 insertions(+), 33 deletions(-)
diff --git a/include/linux/bpf_types.h b/include/linux/bpf_types.h
index
u mean 'ipv4'?
return net->ipv6.seg6_data;
^~~~
ipv4
This commit makes seg6_pernet return NULL if IPv6 is not compiled, hence
allowing seg6.h to be included regardless of the configuration.
Signed-off-by: Mathieu Xhonneux
---
include/net/seg6.
route.
Signed-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/net/seg6_local.h | 8 ++
include/uapi/linux/bpf.h | 95 +++-
net/core/filter.c| 282 +++
net/ipv6/seg6_local.c| 2 +
4 files changed, 363 insertions(+
the SRH integrity state from skb->cb to a per-cpu buffer
v3: - document helpers in man-page style
- fix kbuild bugs
- un-break BPF LWT out hook
- bpf_push_seg6_encap is now static
- preempt_enable is now called when the packet is dropped in
input_action_end_bpf
Thanks.
M
ned-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/net/seg6.h | 3 ++-
include/net/seg6_local.h | 24
net/ipv6/seg6_local.c| 20 +++-
3 files changed, 37 insertions(+), 10 deletions(-)
create mode 100644 include/net/seg6_local.h
d
before the chain. Each End.BPF action validates the previous
one, otherwise the packet is dropped.
The test succeeds if the last node in the chain receives the packet and
the UDP datagram contained can be retrieved from userspace.
Signed-off-by: Mathieu Xhonneux
---
tools/include/uapi/linux/bpf.h
return this
value, as the skb's destination is already set and the default
lookup should not be performed.
- BPF_DROP : the packet will be dropped.
Signed-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/linux/bpf_types.h | 3 +
include/uapi/linux/
2018-04-28 2:01 GMT+02:00 Alexei Starovoitov :
>
> On Fri, Apr 27, 2018 at 10:59:19AM -0400, David Miller wrote:
> > From: Mathieu Xhonneux
> > Date: Tue, 24 Apr 2018 18:44:15 +0100
> >
> > > This patch adds the End.BPF action to the LWT seg6local infrastructure.
the SRH integrity state from skb->cb to a per-cpu buffer
Thanks.
Mathieu Xhonneux (5):
ipv6: sr: export function lookup_nexthop
bpf: Add IPv6 Segment Routing helpers
bpf: Split lwt inout verifier structures
ipv6: sr: Add seg6local action End.BPF
selftests/bpf: test for seg6local E
route.
Signed-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/net/seg6_local.h | 8 ++
include/uapi/linux/bpf.h | 57 +-
net/core/filter.c| 267 +++
3 files changed, 308 insertions(+), 24 deletions(-)
diff --git a/includ
return this
value, as the skb's destination is already set and the default
lookup should not be performed.
- BPF_DROP : the packet will be dropped.
Signed-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/linux/bpf_types.h | 1 +
include/uapi/linux/
before the chain. Each End.BPF action validates the previous
one, otherwise the packet is dropped.
The test succeeds if the last node in the chain receives the packet and
the UDP datagram contained can be retrieved from userspace.
Signed-off-by: Mathieu Xhonneux
---
tools/include/uapi/linux/bpf.h
: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/linux/bpf_types.h | 3 +-
net/core/filter.c | 83 +--
2 files changed, 53 insertions(+), 33 deletions(-)
diff --git a/include/linux/bpf_types.h b/include/linux/bpf_types.h
index
ned-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/net/seg6.h | 3 ++-
include/net/seg6_local.h | 24
net/ipv6/seg6_local.c| 20 +++-
3 files changed, 37 insertions(+), 10 deletions(-)
create mode 100644 include/net/seg6_local.h
d
2018-04-03 16:25 GMT+02:00 David Lebrun :
> Actually I'm wrong here. dst_input() will call either ip6_input() or
> ip6_forward(), not ipv6_rcv(). Both functions expect IP6CB() to be set,
> so using skb->cb here will interfere with them.
>
> What about saving and restoring the IPv6 CB, similarly to
2018-03-31 1:03 GMT+02:00 Alexei Starovoitov :
>
> On Fri, Mar 23, 2018 at 10:15:59AM +, Mathieu Xhonneux wrote:
> > As of Linux 4.14, it is possible to define advanced local processing for
> > IPv6 packets with a Segment Routing Header through the seg6local LWT
> >
ned-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/net/seg6.h | 3 ++-
include/net/seg6_local.h | 24
net/ipv6/seg6_local.c| 20 +++-
3 files changed, 37 insertions(+), 10 deletions(-)
create mode 100644 include/net/seg6_local.h
d
: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/linux/bpf_types.h | 4 +--
net/core/filter.c | 85 ++-
2 files changed, 56 insertions(+), 33 deletions(-)
diff --git a/include/linux/bpf_types.h b/include/linux/bpf_types.h
index
SRH for non-SRv6 packet,
as the BPF seg6local hook only works on traffic already containing a SRH.
This is the BPF equivalent of the seg6 LWT infrastructure, which achieves
the same purpose but with a static SRH per route.
Signed-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/net
before the chain. Each End.BPF action validates the previous
one, otherwise the packet is dropped.
The test succeeds if the last node in the chain receives the packet and
the UDP datagram contained can be retrieved from userspace.
Signed-off-by: Mathieu Xhonneux
---
tools/include/uapi/linux/bpf.h
the
bpf_lwt_seg6_action helper, the BPF program should return this
value, as the skb destination is already set and the default
lookup shouldn’t be performed.
- BPF_DROP : the packet will be dropped.
Signed-off-by: Mathieu Xhonneux
Acked-by: David Lebrun
---
include/li
the patchset are welcome.
Thanks.
Mathieu Xhonneux (5):
ipv6: sr: export function lookup_nexthop
bpf: Add IPv6 Segment Routing helpers
bpf: Split lwt inout verifier structures
ipv6: sr: Add seg6local action End.BPF
selftests/bpf: test for seg6local End.BPF action
include/linux/bpf_type
6: sr: add
support for SRH injection through setsockopt")
Acked-by: David Lebrun
Signed-off-by: Mathieu Xhonneux
---
net/ipv6/exthdrs.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
index 83bd75713535..bc68eb661970 100644
--- a/net/ipv6/
Just realized I messed up the justification about sr_has_hmac. The
branch will be taken, but its execution will not complete since the
TLV's len and type fields aren't copied, hence seg6_get_tlv_hmac will
fail, and the HMAC will not be computed.
2018-01-07 17:12 GMT+00:00 Mathie
ommit adds a memcpy in case TLVs have been appended to the SRH.
Fixes: a149e7c7ce812561f0fdc7a86ddc42f294e5eb3e ("ipv6: sr: add
support for SRH injection through setsockopt")
Acked-by: David Lebrun
Signed-off-by: Mathieu Xhonneux
---
net/ipv6/exthdrs.c | 9 +
1 file change
75 matches
Mail list logo
