1. 10 Nov, 2016 7 commits
    • David Lebrun's avatar
      ipv6: sr: add core files for SR HMAC support · bf355b8d
      David Lebrun authored
      
      
      This patch adds the necessary functions to compute and check the HMAC signature
      of an SR-enabled packet. Two HMAC algorithms are supported: hmac(sha1) and
      hmac(sha256).
      
      In order to avoid dynamic memory allocation for each HMAC computation,
      a per-cpu ring buffer is allocated for this purpose.
      
      A new per-interface sysctl called seg6_require_hmac is added, allowing a
      user-defined policy for processing HMAC-signed SR-enabled packets.
      A value of -1 means that the HMAC field will always be ignored.
      A value of 0 means that if an HMAC field is present, its validity will
      be enforced (the packet is dropped is the signature is incorrect).
      Finally, a value of 1 means that any SR-enabled packet that does not
      contain an HMAC signature or whose signature is incorrect will be dropped.
      Signed-off-by: default avatarDavid Lebrun <david.lebrun@uclouvain.be>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bf355b8d
    • David Lebrun's avatar
      ipv6: sr: add support for SRH encapsulation and injection with lwtunnels · 6c8702c6
      David Lebrun authored
      
      
      This patch creates a new type of interfaceless lightweight tunnel (SEG6),
      enabling the encapsulation and injection of SRH within locally emitted
      packets and forwarded packets.
      
      >From a configuration viewpoint, a seg6 tunnel would be configured as follows:
      
        ip -6 ro ad fc00::1/128 encap seg6 mode encap segs fc42::1,fc42::2,fc42::3 dev eth0
      
      Any packet whose destination address is fc00::1 would thus be encapsulated
      within an outer IPv6 header containing the SRH with three segments, and would
      actually be routed to the first segment of the list. If `mode inline' was
      specified instead of `mode encap', then the SRH would be directly inserted
      after the IPv6 header without outer encapsulation.
      
      The inline mode is only available if CONFIG_IPV6_SEG6_INLINE is enabled. This
      feature was made configurable because direct header insertion may break
      several mechanisms such as PMTUD or IPSec AH.
      Signed-off-by: default avatarDavid Lebrun <david.lebrun@uclouvain.be>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6c8702c6
    • David Lebrun's avatar
      ipv6: sr: add code base for control plane support of SR-IPv6 · 915d7e5e
      David Lebrun authored
      
      
      This patch adds the necessary hooks and structures to provide support
      for SR-IPv6 control plane, essentially the Generic Netlink commands
      that will be used for userspace control over the Segment Routing
      kernel structures.
      
      The genetlink commands provide control over two different structures:
      tunnel source and HMAC data. The tunnel source is the source address
      that will be used by default when encapsulating packets into an
      outer IPv6 header + SRH. If the tunnel source is set to :: then an
      address of the outgoing interface will be selected as the source.
      
      The HMAC commands currently just return ENOTSUPP and will be implemented
      in a future patch.
      Signed-off-by: default avatarDavid Lebrun <david.lebrun@uclouvain.be>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      915d7e5e
    • David Lebrun's avatar
      ipv6: implement dataplane support for rthdr type 4 (Segment Routing Header) · 1ababeba
      David Lebrun authored
      Implement minimal support for processing of SR-enabled packets
      as described in
      https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-02
      
      .
      
      This patch implements the following operations:
      - Intermediate segment endpoint: incrementation of active segment and rerouting.
      - Egress for SR-encapsulated packets: decapsulation of outer IPv6 header + SRH
        and routing of inner packet.
      - Cleanup flag support for SR-inlined packets: removal of SRH if we are the
        penultimate segment endpoint.
      
      A per-interface sysctl seg6_enabled is provided, to accept/deny SR-enabled
      packets. Default is deny.
      
      This patch does not provide support for HMAC-signed packets.
      Signed-off-by: default avatarDavid Lebrun <david.lebrun@uclouvain.be>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1ababeba
    • Arnd Bergmann's avatar
      net: mii: report 0 for unknown lp_advertising · dc0b2c9c
      Arnd Bergmann authored
      The newly introduced mii_ethtool_get_link_ksettings function sets
      lp_advertising to an uninitialized value when BMCR_ANENABLE is not
      set:
      
      drivers/net/mii.c: In function 'mii_ethtool_get_link_ksettings':
      drivers/net/mii.c:224:2: error: 'lp_advertising' may be used uninitialized in this function [-Werror=maybe-uninitialized]
      
      As documented in include/uapi/linux/ethtool.h, the value is
      expected to be zero when we don't know it, so let's initialize
      it to that.
      
      Fixes: bc8ee596
      
       ("net: mii: add generic function to support ksetting support")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      dc0b2c9c
    • Jan Beulich's avatar
      xen-netback: prefer xenbus_scanf() over xenbus_gather() · 6c27f99d
      Jan Beulich authored
      
      
      For single items being collected this should be preferred as being more
      typesafe (as the compiler can check format string and to-be-written-to
      variable match) and more efficient (requiring one less parameter to be
      passed).
      Signed-off-by: default avatarJan Beulich <jbeulich@suse.com>
      Reviewed-by: default avatarPaul Durrant <paul.durrant@citrix.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6c27f99d
    • Hangbin Liu's avatar
      igmp: Document sysctl force_igmp_version · 1af92836
      Hangbin Liu authored
      
      
      There is some difference between force_igmp_version and force_mld_version.
      Add document to make users aware of this.
      Signed-off-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1af92836
  2. 09 Nov, 2016 33 commits