forked from luck/tmp_suning_uos_patched
004d4b274e
This patch adds the End.BPF action to the LWT seg6local infrastructure. This action works like any other seg6local End action, meaning that an IPv6 header with SRH is needed, whose DA has to be equal to the SID of the action. It will also advance the SRH to the next segment, the BPF program does not have to take care of this. Since the BPF program may not be a source of instability in the kernel, it is important to ensure that the integrity of the packet is maintained before yielding it back to the IPv6 layer. The hook hence keeps track if the SRH has been altered through the helpers, and re-validates its content if needed with seg6_validate_srh. The state kept for validation is stored in a per-CPU buffer. The BPF program is not allowed to directly write into the packet, and only some fields of the SRH can be altered through the helper bpf_lwt_seg6_store_bytes. Performances profiling has shown that the SRH re-validation does not induce a significant overhead. If the altered SRH is deemed as invalid, the packet is dropped. This validation is also done before executing any action through bpf_lwt_seg6_action, and will not be performed again if the SRH is not modified after calling the action. The BPF program may return 3 types of return codes: - BPF_OK: the End.BPF action will look up the next destination through seg6_lookup_nexthop. - BPF_REDIRECT: if an action has been executed through the bpf_lwt_seg6_action helper, the BPF program should return this value, as the skb's destination is already set and the default lookup should not be performed. - BPF_DROP : the packet will be dropped. Signed-off-by: Mathieu Xhonneux <m.xhonneux@gmail.com> Acked-by: David Lebrun <dlebrun@google.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
81 lines
2.0 KiB
C
81 lines
2.0 KiB
C
/*
|
|
* SR-IPv6 implementation
|
|
*
|
|
* Author:
|
|
* David Lebrun <david.lebrun@uclouvain.be>
|
|
*
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
|
|
#ifndef _UAPI_LINUX_SEG6_LOCAL_H
|
|
#define _UAPI_LINUX_SEG6_LOCAL_H
|
|
|
|
#include <linux/seg6.h>
|
|
|
|
enum {
|
|
SEG6_LOCAL_UNSPEC,
|
|
SEG6_LOCAL_ACTION,
|
|
SEG6_LOCAL_SRH,
|
|
SEG6_LOCAL_TABLE,
|
|
SEG6_LOCAL_NH4,
|
|
SEG6_LOCAL_NH6,
|
|
SEG6_LOCAL_IIF,
|
|
SEG6_LOCAL_OIF,
|
|
SEG6_LOCAL_BPF,
|
|
__SEG6_LOCAL_MAX,
|
|
};
|
|
#define SEG6_LOCAL_MAX (__SEG6_LOCAL_MAX - 1)
|
|
|
|
enum {
|
|
SEG6_LOCAL_ACTION_UNSPEC = 0,
|
|
/* node segment */
|
|
SEG6_LOCAL_ACTION_END = 1,
|
|
/* adjacency segment (IPv6 cross-connect) */
|
|
SEG6_LOCAL_ACTION_END_X = 2,
|
|
/* lookup of next seg NH in table */
|
|
SEG6_LOCAL_ACTION_END_T = 3,
|
|
/* decap and L2 cross-connect */
|
|
SEG6_LOCAL_ACTION_END_DX2 = 4,
|
|
/* decap and IPv6 cross-connect */
|
|
SEG6_LOCAL_ACTION_END_DX6 = 5,
|
|
/* decap and IPv4 cross-connect */
|
|
SEG6_LOCAL_ACTION_END_DX4 = 6,
|
|
/* decap and lookup of DA in v6 table */
|
|
SEG6_LOCAL_ACTION_END_DT6 = 7,
|
|
/* decap and lookup of DA in v4 table */
|
|
SEG6_LOCAL_ACTION_END_DT4 = 8,
|
|
/* binding segment with insertion */
|
|
SEG6_LOCAL_ACTION_END_B6 = 9,
|
|
/* binding segment with encapsulation */
|
|
SEG6_LOCAL_ACTION_END_B6_ENCAP = 10,
|
|
/* binding segment with MPLS encap */
|
|
SEG6_LOCAL_ACTION_END_BM = 11,
|
|
/* lookup last seg in table */
|
|
SEG6_LOCAL_ACTION_END_S = 12,
|
|
/* forward to SR-unaware VNF with static proxy */
|
|
SEG6_LOCAL_ACTION_END_AS = 13,
|
|
/* forward to SR-unaware VNF with masquerading */
|
|
SEG6_LOCAL_ACTION_END_AM = 14,
|
|
/* custom BPF action */
|
|
SEG6_LOCAL_ACTION_END_BPF = 15,
|
|
|
|
__SEG6_LOCAL_ACTION_MAX,
|
|
};
|
|
|
|
#define SEG6_LOCAL_ACTION_MAX (__SEG6_LOCAL_ACTION_MAX - 1)
|
|
|
|
enum {
|
|
SEG6_LOCAL_BPF_PROG_UNSPEC,
|
|
SEG6_LOCAL_BPF_PROG,
|
|
SEG6_LOCAL_BPF_PROG_NAME,
|
|
__SEG6_LOCAL_BPF_PROG_MAX,
|
|
};
|
|
|
|
#define SEG6_LOCAL_BPF_PROG_MAX (__SEG6_LOCAL_BPF_PROG_MAX - 1)
|
|
|
|
#endif
|