[iproute2-next] ip: vxlan: Support IFLA_VXLAN_RESERVED_BITS

Message ID	5eaf7a5df51b687f3354d9e065c3358f56b5ad34.1737387719.git.petrm@nvidia.com (mailing list archive)
State	Accepted
Commit	1db4f568789b57a5fd0a66679787d33fca986ab2
Delegated to:	David Ahern
Headers	show Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2081.outbound.protection.outlook.com [40.107.243.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD80F1E98FF for <netdev@vger.kernel.org>; Mon, 20 Jan 2025 15:43:51 +0000 (UTC) Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C From: Petr Machata <petrm@nvidia.com> To: Stephen Hemminger <stephen@networkplumber.org>, David Ahern <dsahern@kernel.org>, <netdev@vger.kernel.org> CC: Petr Machata <petrm@nvidia.com> Subject: [PATCH iproute2-next] ip: vxlan: Support IFLA_VXLAN_RESERVED_BITS Date: Mon, 20 Jan 2025 16:43:06 +0100 Message-ID: <5eaf7a5df51b687f3354d9e065c3358f56b5ad34.1737387719.git.petrm@nvidia.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	[iproute2-next] ip: vxlan: Support IFLA_VXLAN_RESERVED_BITS \| expand [iproute2-next] ip: vxlan: Support IFLA_VXLAN_RESERVED_BITS

Message ID

5eaf7a5df51b687f3354d9e065c3358f56b5ad34.1737387719.git.petrm@nvidia.com (mailing list archive)

State

Accepted

Commit

1db4f568789b57a5fd0a66679787d33fca986ab2

Delegated to:

David Ahern

Headers

show

Received: from NAM12-DM6-obe.outbound.protection.outlook.com
 (mail-dm6nam12on2081.outbound.protection.outlook.com [40.107.243.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD80F1E98FF
	for <netdev@vger.kernel.org>; Mon, 20 Jan 2025 15:43:51 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=fail smtp.client-ip=40.107.243.81
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1737387833; cv=fail;
 b=Dm/VzIG9dPbbJitM4YMk7P6n+7kLL5U0cTN85Tkh5qWp8Itmfya0iagsgLx8fCjLIqTBSb/Rn29DnIZIX3XBmA27sF9XMQ1EtohU7mq9Qmgpl+hWEOrETXo4Mk1K09uNl8Pt1Zl5cda8l/1p5Ao0b4Q1PtOUA8Lxhfb2aYTitKk=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1737387833; c=relaxed/simple;
	bh=X05pLYeCHs2dWFcO5qcIIZP7nAkTRrc7ik9P56TeeJM=;
	h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type;
 b=FRVKuOF6kPcBTlmAc57+Uz/r0bVnU3JrI3HpxpE6EwOx67fOMk5fILV/X5JfCV2be0dYFn7WBxX/r3Vzc1ur4SnvTEAOltjwi3T/537WdigJMpkxR/G4mWhSKYD07kGtIywImlCRd1ekpKWdkmQYrO5Tzf7TG4uK7KDzRLkdDXU=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=nvidia.com;
 spf=fail smtp.mailfrom=nvidia.com;
 dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com
 header.b=oUxkXs0l; arc=fail smtp.client-ip=40.107.243.81
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=nvidia.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=fail smtp.mailfrom=nvidia.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com
 header.b="oUxkXs0l"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=NuUb+xRObE3Oh95Cnmh9YkYnYqo9Vq8oZqAGwOih8SFaDE9KprlwH+X7lKxrDbVVYTwH3PQR7fjFZsfH52zHREaaAPW7p2EHxeUxB5NoeKJgMaIQ6tSNcrq8XCo/fwh9o68o3f3dNyoPAZxOkB3IVfoM/z6UUXR40+A8+XWL4s9xKpXO43s5vvjUwFz3gP91zzOuIkQWTbMq89F1ivnr8wJF480dRNqwDvvirqRElG8WYruNMsiBtLlHFBmlKMWbxFBrT8JqGQpHz81HR4qXdjTwt6Ybz3DO4MeslYIQrL7PUM0KwQj7bQbeXF7x+m0qDLFXN8ptFrZ8OlNuZ3VurA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=C2CUYEB4xmsespaKUANIA5mLW1C4umCiFXzjunJZe8U=;
 b=UYUkbIIDjtYAKzeVXbow+pJ8vszgPP9318PoyGkD8Rqq92HzWeYKx7CG7GX0JQcXuZb99+9C1Apeid8AfElj5pdNT4Mua1zegjrk9pndC8qTH76j4ZuT9zEh78mA4TcaS90xGydy3zsiXZSzZpx1SQqXv2s7TH3NFQ4o8qudYUeTu3obGqbFDjp/7zB4j+IfxhYN/xH7rpdKdNqkACaO4WCsE06jD3SSHlYUaGk8AriI5wFtqjioUatrZk3HOWmTWgqCGLAXC9soDOmNeiBqvRsZiRoJ+7TkR1ohluV3pemgRNGnx/U7rfry6iQ0I97zRctN2xwVMypO6HK4ULq64w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.117.161) smtp.rcpttodomain=networkplumber.org
 smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none
 header.from=nvidia.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=C2CUYEB4xmsespaKUANIA5mLW1C4umCiFXzjunJZe8U=;
 b=oUxkXs0lg7nAtMH/SwMIjvWCQ1uqy+fZRsaq5lXnR9BU8N2k7Q0iT8Y2kCslGgWw29gizARU8zwkdauBjTpQ4XC9qkaU0vo0f4Dpafvf5tOAD1K8ZrrFhAFMNzVu16aJL+2xWlgygFDFMPiOKjPoJPvzQz1VtGLSriMUDxFCDtz4OQ2SKDL3nbJbLvbLrcjp0DU5uV5TsYKOaepdKq1jnONAjpimlX6flZTcHZYikm6t1k/jBXBd2D5cS2j1C2yM+U66fhE4EYNROXGIxINpr2yJ4UT0eQozs7alTrMRWQodPwDprXxb/iAxyCpK8mGCgs68UYCUQSNexBEtpZav1Q==
Received: from BLAPR05CA0005.namprd05.prod.outlook.com (2603:10b6:208:36e::14)
 by DS0PR12MB8416.namprd12.prod.outlook.com (2603:10b6:8:ff::13) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8356.20; Mon, 20 Jan
 2025 15:43:47 +0000
Received: from BN1PEPF00004688.namprd05.prod.outlook.com
 (2603:10b6:208:36e:cafe::d3) by BLAPR05CA0005.outlook.office365.com
 (2603:10b6:208:36e::14) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.20.8377.12 via Frontend Transport; Mon,
 20 Jan 2025 15:43:47 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161)
 smtp.mailfrom=nvidia.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.117.161 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.117.161) by
 BN1PEPF00004688.mail.protection.outlook.com (10.167.243.133) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.8377.8 via Frontend Transport; Mon, 20 Jan 2025 15:43:46 +0000
Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com
 (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Mon, 20 Jan
 2025 07:43:32 -0800
Received: from fedora.mtl.com (10.126.230.35) by rnnvmail201.nvidia.com
 (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Mon, 20 Jan
 2025 07:43:29 -0800
From: Petr Machata <petrm@nvidia.com>
To: Stephen Hemminger <stephen@networkplumber.org>, David Ahern
	<dsahern@kernel.org>, <netdev@vger.kernel.org>
CC: Petr Machata <petrm@nvidia.com>
Subject: [PATCH iproute2-next] ip: vxlan: Support IFLA_VXLAN_RESERVED_BITS
Date: Mon, 20 Jan 2025 16:43:06 +0100
Message-ID: 
 <5eaf7a5df51b687f3354d9e065c3358f56b5ad34.1737387719.git.petrm@nvidia.com>
X-Mailer: git-send-email 2.47.1
Precedence: bulk
X-Mailing-List: netdev@vger.kernel.org
List-Id: <netdev.vger.kernel.org>
List-Subscribe: <mailto:netdev+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:netdev+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-ClientProxiedBy: rnnvmail201.nvidia.com (10.129.68.8) To
 rnnvmail201.nvidia.com (10.129.68.8)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN1PEPF00004688:EE_|DS0PR12MB8416:EE_
X-MS-Office365-Filtering-Correlation-Id: c139263e-2f4b-41d5-8b9f-08dd39693a4d
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|36860700013|82310400026|1800799024|376014|13003099007;
X-Microsoft-Antispam-Message-Info: 
 qqn1CpQ9x2g4UJCfhj0l4YlAeR9LFoMErJ8WJzWymDykbAyoTxQqGbqGOO1AWCYpP+HWw2VFYH+4a1IiMdt4jVAiQAKt2sGAMAUDmZxQaHoy5owfY9RXCMgs1zpBGXPgY1RtbpccyFmUeJT/Hum94VsJ4ViRnH3grke6IbfKamoXD95FIo5d/ZxrZYstdlelVlho4UXYNjrAWu8OK10+/v4zbkJW/RI1wWGNQGznjYNWEbFl71HSkEwbdS4c9qe7wYfMqcvnhGRGH8/AYCm67nWRpdLrxGmZ9+IQmwmHDjpSoghs1qkiSZAy5kiCYSe3iaNnlUYpxZEFDfF7CyrpNgk+Yd1YC+l79KaieggUxGuHY8iv9S2R77Taz78jS+aC9dj2NuR8RhTSteAbqyUh81IUDSvRTW4K14WTRfNKEQ+t/enut3THpGAGJ32VN1MO82kE86l5ZDqzobakJoXlfBwCaM9vzYGpMvAxCgVKN0fo8MxABPiqKbJs+LcDlxqHJTgsQrKXfuFaL4VK9apaxM6Yd5FxpyJlSG6sagThvJBybnq+Ut7fTAjS83QEGMxvMwvG5biFOcyELA+O+QTUkYnp3ODKAeKUyRC2tAQWQ5E+lBJQt/CyhvA2bGXc5w+r/4V6vQMRrKpRTosvWHUu6IWnx2X2c014MemO3p+ulmI5Bm25YSRkHviq6InBU9yqKGwH+g/gdFXKGfBCVtuGK3P2cuvI3mlfxl5fLLnE5cMqZb3Dj7GZnpZhDDGYme/hwATDg0dDBs3+2LXhTO0LTGdABMy6b2XUzoMjT86JcN3QyxarhJdlujoZcFHABy7hUebX5vDbbhOjR4nVO/9KVgA24WQ+4zJKEvUfJGOh0xRyUiM1U5DJAnyZBH8L1/HJ9anNcpkImT2SUT0LwrcswCPE4mq8a/qmMKuwvOjg9WoyDldkav1ziZ725FAdJ/bGQ7dgkODeK5QxOcbEXbPoQmbl6xbbS/WF5D9Wwm4hAamE0yHP94fuC/9riSq2jRpBg/DCzXtkUpIY6lrlnruRj1zAnooYBNcbWSHM8xIFJZScvTyCoIO+HhxVTekmpgvsehx+bIYKhQe1FKxj8Z+2iJZQO8hQcqR4jo4lC9AXMvDC1DrnCKnmXbk5NokV22CaDnth3Db0XApDUQM9KifiHy1pH93AksfvH4nXYClWVGYgARHd72ayxEmUJtkqprOSPRfEOhmiNwZMTgVPt0ywVdey37y2ViqJpbtpscCDm70D6HMvE4MrEzVX6oOkGG0QuurcT+fCng59LfqgAIkz9VYpB5LnHMkidpNXJBd3j1AfbK03cZKzZ0RF2t/CBQMI0+4Bfk1D257T6IoUYwGma/UJL3gmrq57ZtZwluAmVZ8BkaW1/Ef/eg0R7wDnal68yzr9MmI0EDbhQiALoyTs7zTQCRZ/38Qvq2KXcDQOMZUNZEIwXtmxVF/Ts4EcuLjzPSAYZ4jnMdEq9pSpjFGJJ2vjlZ42zk+G/Ry8hbea8D8=
X-Forefront-Antispam-Report: 
	CIP:216.228.117.161;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge2.nvidia.com;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(1800799024)(376014)(13003099007);DIR:OUT;SFP:1101;
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jan 2025 15:43:46.6957
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 c139263e-2f4b-41d5-8b9f-08dd39693a4d
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.161];Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	BN1PEPF00004688.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8416
X-Patchwork-Delegate: dsahern@gmail.com

Series

[iproute2-next] ip: vxlan: Support IFLA_VXLAN_RESERVED_BITS | expand

Context	Check	Description
netdev/tree_selection	success	Not a local patch

Context

Check

Description

netdev/tree_selection

success

Not a local patch

Commit Message

Petr Machata Jan. 20, 2025, 3:43 p.m. UTC

A new attribute, IFLA_VXLAN_RESERVED_BITS, was added in Linux kernel
commit 6c11379b104e ("vxlan: Add an attribute to make VXLAN header
validation configurable") (See the link below for the full patchset).

The payload is a 64-bit binary field that covers the VXLAN header. The set
bits indicate which bits in a VXLAN packet header should be allowed to
carry 1's. Support the new attribute through a CLI keyword "reserved_bits".

Link: https://patch.msgid.link/173378643250.273075.13832548579412179113.git-patchwork-notify@kernel.org
Signed-off-by: Petr Machata <petrm@nvidia.com>
---
 ip/iplink_vxlan.c     | 20 ++++++++++++++++++++
 man/man8/ip-link.8.in |  9 +++++++++
 2 files changed, 29 insertions(+)

Comments

patchwork-bot+netdevbpf@kernel.org Jan. 20, 2025, 4:50 p.m. UTC | #1

Hello:

This patch was applied to iproute2/iproute2-next.git (main)
by David Ahern <dsahern@kernel.org>:

On Mon, 20 Jan 2025 16:43:06 +0100 you wrote:
> A new attribute, IFLA_VXLAN_RESERVED_BITS, was added in Linux kernel
> commit 6c11379b104e ("vxlan: Add an attribute to make VXLAN header
> validation configurable") (See the link below for the full patchset).
> 
> The payload is a 64-bit binary field that covers the VXLAN header. The set
> bits indicate which bits in a VXLAN packet header should be allowed to
> carry 1's. Support the new attribute through a CLI keyword "reserved_bits".
> 
> [...]

Here is the summary with links:
  - [iproute2-next] ip: vxlan: Support IFLA_VXLAN_RESERVED_BITS
    https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=1db4f568789b

You are awesome, thank you!

diff --git a/ip/iplink_vxlan.c b/ip/iplink_vxlan.c
index 7781d60b..9649a8eb 100644
--- a/ip/iplink_vxlan.c
+++ b/ip/iplink_vxlan.c
@@ -52,6 +52,7 @@  static void print_explain(FILE *f)
 		"		[ dev PHYS_DEV ]\n"
 		"		[ dstport PORT ]\n"
 		"		[ srcport MIN MAX ]\n"
+		"		[ reserved_bits VALUE ]\n"
 		"		[ [no]learning ]\n"
 		"		[ [no]proxy ]\n"
 		"		[ [no]rsc ]\n"
@@ -337,6 +338,17 @@  static int vxlan_parse_opt(struct link_util *lu, int argc, char **argv,
 			check_duparg(&attrs, IFLA_VXLAN_LOCALBYPASS,
 				     *argv, *argv);
 			addattr8(n, 1024, IFLA_VXLAN_LOCALBYPASS, 0);
+		} else if (strcmp(*argv, "reserved_bits") == 0) {
+			NEXT_ARG();
+			__be64 bits;
+
+			check_duparg(&attrs, IFLA_VXLAN_RESERVED_BITS,
+				     *argv, *argv);
+			if (get_be64(&bits, *argv, 0))
+				invarg("reserved_bits", *argv);
+			addattr_l(n, 1024, IFLA_VXLAN_RESERVED_BITS,
+				  &bits, sizeof(bits));
+
 		} else if (!matches(*argv, "external")) {
 			check_duparg(&attrs, IFLA_VXLAN_COLLECT_METADATA,
 				     *argv, *argv);
@@ -601,6 +613,14 @@  static void vxlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
 	    ((maxaddr = rta_getattr_u32(tb[IFLA_VXLAN_LIMIT])) != 0))
 		print_uint(PRINT_ANY, "limit", "maxaddr %u ", maxaddr);
 
+	if (tb[IFLA_VXLAN_RESERVED_BITS]) {
+		__be64 reserved_bits =
+			rta_getattr_u64(tb[IFLA_VXLAN_RESERVED_BITS]);
+
+		print_0xhex(PRINT_ANY, "reserved_bits",
+			    "reserved_bits %#llx ", ntohll(reserved_bits));
+	}
+
 	if (tb[IFLA_VXLAN_GBP])
 		print_null(PRINT_ANY, "gbp", "gbp ", NULL);
 	if (tb[IFLA_VXLAN_GPE])
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index 64b5ba21..d0f30556 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -632,6 +632,8 @@  the following additional arguments are supported:
 ] [
 .BI srcport " MIN MAX "
 ] [
+.BI reserved_bits " VALUE "
+] [
 .RB [ no ] learning
 ] [
 .RB [ no ] proxy
@@ -725,6 +727,13 @@  bit is not set.
 - specifies the range of port numbers to use as UDP
 source ports to communicate to the remote VXLAN tunnel endpoint.
 
+.sp
+.BI reserved_bits " VALUE "
+- by default the kernel rejects packets that have bits set outside of the fields
+required by the features enabled on the VXLAN netdevice. \fBreserved_bits\fR is
+a 64-bit quantity specifying which bits it should be possible to set in a VXLAN
+header. Each bit set in the value is a tolerated bit set in a packet.
+
 .sp
 .RB [ no ] learning
 - specifies if unknown source link layer addresses and IP addresses

[iproute2-next] ip: vxlan: Support IFLA_VXLAN_RESERVED_BITS

Checks

Commit Message

Comments

Patch