From patchwork Wed Jan 23 05:31:18 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Herbert X-Patchwork-Id: 1029662 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=herbertland.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=herbertland-com.20150623.gappssmtp.com header.i=@herbertland-com.20150623.gappssmtp.com header.b="zSg4ZORE"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 43kv6t2jw6z9s4s for ; Wed, 23 Jan 2019 16:32:06 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726183AbfAWFcE (ORCPT ); Wed, 23 Jan 2019 00:32:04 -0500 Received: from mail-pl1-f196.google.com ([209.85.214.196]:36266 "EHLO mail-pl1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726102AbfAWFcE (ORCPT ); Wed, 23 Jan 2019 00:32:04 -0500 Received: by mail-pl1-f196.google.com with SMTP id g9so564931plo.3 for ; Tue, 22 Jan 2019 21:32:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id; bh=jS2oHe/jHSF95YVzgY71iVREwXahIkwnwAG1dyY9zZw=; b=zSg4ZOREzFguOlX/iV2S+hCPddrzOVu7f6nfPaCeYTV+Rfw/KU2QlG2kGDEAxwG8gM hO3zfAWq8aTo80p4mfNx7t1/x6vSzo0M8GBDjGfbxHdvuZP1UNKHzADWqj1E3d3df3tg pWx/IfVCFKtcRuLVSstmQN59P+MPY08IofvzjinCS1uOyCEJDxizYlDFjGdjpd1p3rQ9 DCFVqhD1LEj0w9Jt4yHFZzFAaHtJL62Z/0EJT9TApqAmGT4GJ/NtwON8nBKFrMXJg/oD RffGSDEsxPfiYrowIJTOY4MhQ2Ieeykj93uNYPCvAcbw24nw6P/YyXzMONGisMl7O+Su BgjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=jS2oHe/jHSF95YVzgY71iVREwXahIkwnwAG1dyY9zZw=; b=RMbQ6KYvppN0caYMj+bwV/HXv5ZFO4rdDOTh1qmOQ9UDvT438oRJqcNG8mEkTyQnVk BnENQPRvzB1rhBcCQPYkmEU0zjmBJ3xqjyjKB7FGC/9rB6zrqJWBHsypIDuURIRH7f6X NIg9atcrrVgOh5MPIi0BfggLpz5E5B6G6uITEY2TwGfIOk2ORautcBqdJ6b4GoHeCFJA hCfyw/jcN9QWCDmpQDcIo2OFoj+7t8FWbogLt802RlHuXyg8rIHc7P0jybhjYbjSXZsq oTCZGmx9v6LlB1STNm5nwmrGSU2n3BY/Uo52BgptQ1ovkf/LiEj8vFabHYIH2gthg2zG oPXw== X-Gm-Message-State: AJcUukeV6rEbiox6sszazgOT2nj7YxQnml1M23D/XEwsq6x42pyiBs/v fzZcAssvGkEoW3SGrAKW4Gg2tyPrRsw= X-Google-Smtp-Source: ALg8bN7llnXyZxkwUSKIWQ8kdG4IUJKRCRAbs0VRnxaEpIfASFZDdn7nIw9uOook5dBWcvRwWjKXrw== X-Received: by 2002:a17:902:a5c3:: with SMTP id t3mr868259plq.117.1548221523560; Tue, 22 Jan 2019 21:32:03 -0800 (PST) Received: from localhost.localdomain (c-73-223-249-119.hsd1.ca.comcast.net. [73.223.249.119]) by smtp.gmail.com with ESMTPSA id o66sm31700948pgo.75.2019.01.22.21.32.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 22 Jan 2019 21:32:02 -0800 (PST) From: Tom Herbert X-Google-Original-From: Tom Herbert To: davem@davemloft.net, netdev@vger.kernel.org Cc: Tom Herbert Subject: [PATCH net-next 0/5] ipv6: Rework ext. headers infrastructure Date: Tue, 22 Jan 2019 21:31:18 -0800 Message-Id: <1548221483-3085-1-git-send-email-tom@quantonium.net> X-Mailer: git-send-email 2.7.4 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This patch set implements an infrastructure to allow fine grained control over IPv6 Destination and Hop-by-Hop TLV options. This includes being able to registers handlers for receiving options as well as a set of parameters that sets permissions for who may send a TLV option and the preferred format of a list of options. The goal of the patch is to enable broader use cases of IPv6 options, including those for which non-privileged users can send options. In order to curtail misuse of options in such cases, a number of requirements on how the option may be sent and formatted is enforced. Particular features are: - A single 256 entry table containing the information about each TLV is defined. Lookups are simple offset accesses to the table based on TLV type. Both receiving and sending properties of TLVs are maintained in the table. - Allow registration/deregistration of receive handlers for specific TLVs. - Describe the properties of sending different TLVs in a TLV parameter table. The parameter table can be managed via netlink. - Allow non-privileged users to send TLVs for which they have been granted permission. - Provide a deep validation of TLVs and TLV lists to enforce specific limits and permission in order to thwart misuse of TLVs. - Define a canonical format for sending TLVs that includes a preferred order, option alignment, minimal padding between TLVs. - Allow individual TLVs to be added or set in txoptions list on a socket. Tested: Write and read different TLVs on a socket via setsockopt and getsockopt. Flow is add individual TLV, read back options, set read option on new socket as a list. Verify options are properly sent and received. Used a modified ip command in iproute2 to test managing the TLV parameter via netlink. Tom Herbert (5): exthdrs: Create exthdrs_options.c exthdrs: Registration of TLV handlers and parameters ip6tlvs: Add netlink interface ip6tlvs: Validation of TX Destination and Hop-by-Hop options ip6tlvs: API to set and remove individual TLVs from DO or HBH EH include/net/ipv6.h | 76 ++ include/uapi/linux/in6.h | 58 ++ net/ipv6/Makefile | 2 +- net/ipv6/datagram.c | 27 +- net/ipv6/exthdrs.c | 389 +--------- net/ipv6/exthdrs_options.c | 1722 ++++++++++++++++++++++++++++++++++++++++++++ net/ipv6/ipv6_sockglue.c | 110 ++- 7 files changed, 2007 insertions(+), 377 deletions(-) create mode 100644 net/ipv6/exthdrs_options.c