From patchwork Thu May 30 21:50:16 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom Herbert <tom@herbertland.com>
X-Patchwork-Id: 1107945
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=herbertland.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=herbertland-com.20150623.gappssmtp.com
	header.i=@herbertland-com.20150623.gappssmtp.com
	header.b="GLKTJijD"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 45FLzd4qwsz9s4V
	for <patchwork-incoming-netdev@ozlabs.org>;
	Fri, 31 May 2019 07:57:49 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1726762AbfE3V5s (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Thu, 30 May 2019 17:57:48 -0400
Received: from mail-it1-f195.google.com ([209.85.166.195]:53424 "EHLO
	mail-it1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726501AbfE3V5r (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 30 May 2019 17:57:47 -0400
Received: by mail-it1-f195.google.com with SMTP id m141so12534112ita.3
	for <netdev@vger.kernel.org>; Thu, 30 May 2019 14:57:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=herbertland-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=89hZMmezA5w3jZYmfuhYUi1+Is13nZJN6LeR0xoSleo=;
	b=GLKTJijDjlMRvcXrPX5Ns9+quvhGmeECbBgUylrrom0ejvIyJD6gChGM0TiYg5HY77
	Co6mBGwZr+ClVODBpYYpcxPzcurFNp4ntxk7UProPyh+LlrcAiAds2wGk0vJgUGF88nT
	uxm/+DCsouKK7EDv5zLSuna/aiXpHIThX4/YAx/SH5vKkp04GXLr9AReqCMm38VT7AcV
	4XchkTPAR6p0wDPdickX7YDu+kSTM+s+6MdQgKN4NNN3xlmfo4O/p9uPNumeWoPqHFJR
	saa4nTrvcTg5FF5w0iX+Yc760B4VWoCoj7z9y0odV9KX8WBhvmp5TYmQghGwhi0u4mu3
	NCSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=89hZMmezA5w3jZYmfuhYUi1+Is13nZJN6LeR0xoSleo=;
	b=Li8IN0JCh/5TO+45YdeQTVhOZqJN9wpuPGYNKtUwxmrTE6hlw0juxu7mToQSJ1OYZM
	lkIeR74c2mzdhUlPhUQllP1Xgc6WTcIUVDljSZEKIVhViBplj15nJYRWPCJwMIIwf/b8
	70vhhc1sHEKV3xHLLCbUo9pUR5x6Ud11vRinMcmOamkPi+LSrep10TLw++1ql1+p4ONL
	Uxw1TXiOWuEHVQY1ZB13Rnw7oMwbgZcKz1GfEHHpYwvmvYgrsLKdgUI4IuG4G1ipdl+c
	OXNvpsDG/aQfjFxDeKJCgBtWUT/YHBG7ZtrieIK0mU6n1APWIInkmb2vHbtGbMcoDctw
	a0pA==
X-Gm-Message-State: APjAAAXCYskbt+JSeeDEvt1A/6XjAbDRUEnV/4iUDUGW/VbXjIhY/Smq
	Ll3qFI3zU7buqVM99I8coQPPGg==
X-Google-Smtp-Source: 
 APXvYqxGrZdOzpplGLW3jnXq9Gxfa2Fimr4iisJ2OndEhMcKwA9idABAiMd3LYhJRWTej6FhDaobeA==
X-Received: by 2002:a05:660c:392:: with SMTP id
	x18mr4397893itj.89.1559253052281;
	Thu, 30 May 2019 14:50:52 -0700 (PDT)
Received: from localhost.localdomain
	(107-0-94-194-ip-static.hfc.comcastbusiness.net. [107.0.94.194])
	by smtp.gmail.com with ESMTPSA id
	j125sm1662391itb.27.2019.05.30.14.50.51
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Thu, 30 May 2019 14:50:51 -0700 (PDT)
From: Tom Herbert <tom@herbertland.com>
X-Google-Original-From: Tom Herbert <tom@quantonium.net>
To: davem@davemloft.net, netdev@vger.kernel.org, dlebrun@google.com
Cc: Tom Herbert <tom@quantonium.net>
Subject: [PATCH net-next 1/6] seg6: Fix TLV definitions
Date: Thu, 30 May 2019 14:50:16 -0700
Message-Id: <1559253021-16772-2-git-send-email-tom@quantonium.net>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1559253021-16772-1-git-send-email-tom@quantonium.net>
References: <1559253021-16772-1-git-send-email-tom@quantonium.net>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

The definitions of TLVs in uapi/linux/seg6.h are incorrect and
incomplete. Fix this.

TLV constants are defined for PAD1, PADN, and HMAC (the three defined in
draft-ietf-6man-segment-routing-header-19). The other TLV are unused and
not correct so they are removed.

Signed-off-by: Tom Herbert <tom@quantonium.net>
---
 include/uapi/linux/seg6.h | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/include/uapi/linux/seg6.h b/include/uapi/linux/seg6.h
index 286e8d6..a69ce16 100644
--- a/include/uapi/linux/seg6.h
+++ b/include/uapi/linux/seg6.h
@@ -38,10 +38,8 @@ struct ipv6_sr_hdr {
 #define SR6_FLAG1_ALERT		(1 << 4)
 #define SR6_FLAG1_HMAC		(1 << 3)
 
-#define SR6_TLV_INGRESS		1
-#define SR6_TLV_EGRESS		2
-#define SR6_TLV_OPAQUE		3
-#define SR6_TLV_PADDING		4
+#define SR6_TLV_PAD1		0
+#define SR6_TLV_PADDING		1
 #define SR6_TLV_HMAC		5
 
 #define sr_has_hmac(srh) ((srh)->flags & SR6_FLAG1_HMAC)

From patchwork Thu May 30 21:50:17 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom Herbert <tom@herbertland.com>
X-Patchwork-Id: 1107941
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=herbertland.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=herbertland-com.20150623.gappssmtp.com
	header.i=@herbertland-com.20150623.gappssmtp.com
	header.b="sMO1fe7n"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 45FLxm5gJRz9sBb
	for <patchwork-incoming-netdev@ozlabs.org>;
	Fri, 31 May 2019 07:56:12 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1726694AbfE3V4L (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Thu, 30 May 2019 17:56:11 -0400
Received: from mail-it1-f195.google.com ([209.85.166.195]:51614 "EHLO
	mail-it1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726326AbfE3V4L (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 30 May 2019 17:56:11 -0400
Received: by mail-it1-f195.google.com with SMTP id m3so12535637itl.1
	for <netdev@vger.kernel.org>; Thu, 30 May 2019 14:56:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=herbertland-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=YJmpws5TGF/hnX4HmYz7C4rytybEFExKaeoFkpkkjDM=;
	b=sMO1fe7n55hJzPH1pW8GBWTluQhDe+68+lU+M+74ZWmRpCDtzDpgDQ7/aZYLRwSZ8q
	CDlBB75ux8ThVYd6Hde0YteBNcJvSz2IaJb/wj5vvoc6kHcRDID92DEpYmZH6pAn8N/B
	28Q9Ekuh/PHhU7+qmscxBvCUbbt/1IkbVDd4kymJaEP+DE2hwP460fDb/XKP1vF5hB70
	Xp/WKqoldvpFENpjLo8/a+D0f/kHxU0AEc3Q8pshV3ywE8fQwuWCt2muqe/7+Ltz8Pgf
	9l64uIOKniWCUvlzNmByBJ3y7ID9HN/bwWT6SfFrEoN0tcvnVj4D2wwpEu0IN3c3+hib
	at3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=YJmpws5TGF/hnX4HmYz7C4rytybEFExKaeoFkpkkjDM=;
	b=DFsmT36n8aj0I8tubfCfjEbvUhqvdA1d9KfPchZyAbCHJs6tspcR5a8Gg6rhxi+Uls
	3FFObcjqTslRXeKHlJsdTT3aefu9cf9XmNtyfdnKk2Q9YhOH0Jt4rvwHx+9GgWVMiSoz
	3m5bPQrueXq1skxXRSnevGB84hLuDt7u3oJkpkEDg1h8meL/QNiJaV3iHlPYbjldfA01
	ifT6FzxLj8TNCudUGRjSNUoUasrSFriNnc3Y/QSmhIjdgUhzzdp9BR4lVd4tqDF1Oal6
	KeKQjkbRysVcTNwjK54U4XpJbna68yD0G2+NIkY9FWMrr2XDyjri4shNwly8rLW1bNFS
	pDLg==
X-Gm-Message-State: APjAAAXWWOOn0vS4VH0fXU/XDeMRE/k1zaH1tPUsUQSTOXDbKTfta+nw
	AqC48X/2lE/IHQin+FbOKOzANg==
X-Google-Smtp-Source: 
 APXvYqwlDSjwl8xvMJM+Dwfin2KBMeE8EeI85VqQTJK3VABV4Abl/WleuolkgHaNw8iOx/QG2bf4vA==
X-Received: by 2002:a24:16c6:: with SMTP id
	a189mr4414664ita.179.1559253054044;
	Thu, 30 May 2019 14:50:54 -0700 (PDT)
Received: from localhost.localdomain
	(107-0-94-194-ip-static.hfc.comcastbusiness.net. [107.0.94.194])
	by smtp.gmail.com with ESMTPSA id
	j125sm1662391itb.27.2019.05.30.14.50.53
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Thu, 30 May 2019 14:50:53 -0700 (PDT)
From: Tom Herbert <tom@herbertland.com>
X-Google-Original-From: Tom Herbert <tom@quantonium.net>
To: davem@davemloft.net, netdev@vger.kernel.org, dlebrun@google.com
Cc: Tom Herbert <tom@quantonium.net>
Subject: [PATCH net-next 2/6] seg6: Implement a TLV parsing loop
Date: Thu, 30 May 2019 14:50:17 -0700
Message-Id: <1559253021-16772-3-git-send-email-tom@quantonium.net>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1559253021-16772-1-git-send-email-tom@quantonium.net>
References: <1559253021-16772-1-git-send-email-tom@quantonium.net>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Implement a TLV parsing loop for segment routing. The code is uniform
with other instances of TLV parsing loops in the stack (e.g. parsing of
Hop-by-Hop and Destination Options).

seg_validate_srh calls this function. Note, this fixes a bug in the
original parsing code that PAD1 was not supported.

Signed-off-by: Tom Herbert <tom@quantonium.net>
---
 include/net/seg6.h |  6 ++++++
 net/ipv6/seg6.c    | 60 +++++++++++++++++++++++++++++++-----------------------
 2 files changed, 40 insertions(+), 26 deletions(-)

diff --git a/include/net/seg6.h b/include/net/seg6.h
index 8b2dc68..563d4a6 100644
--- a/include/net/seg6.h
+++ b/include/net/seg6.h
@@ -38,6 +38,11 @@ static inline void update_csum_diff16(struct sk_buff *skb, __be32 *from,
 	skb->csum = ~csum_partial((char *)diff, sizeof(diff), ~skb->csum);
 }
 
+static inline unsigned int seg6_tlv_offset(struct ipv6_sr_hdr *srh)
+{
+	return sizeof(*srh) + ((srh->first_segment + 1) << 4);
+}
+
 struct seg6_pernet_data {
 	struct mutex lock;
 	struct in6_addr __rcu *tun_src;
@@ -62,6 +67,7 @@ extern void seg6_iptunnel_exit(void);
 extern int seg6_local_init(void);
 extern void seg6_local_exit(void);
 
+extern bool __seg6_parse_srh(struct ipv6_sr_hdr *srh);
 extern bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len);
 extern int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh,
 			     int proto);
diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c
index 0c5479e..e461357 100644
--- a/net/ipv6/seg6.c
+++ b/net/ipv6/seg6.c
@@ -30,44 +30,52 @@
 #include <net/seg6_hmac.h>
 #endif
 
-bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len)
+bool __seg6_parse_srh(struct ipv6_sr_hdr *srh)
 {
-	int trailing;
-	unsigned int tlv_offset;
+	int len = ipv6_optlen((struct ipv6_opt_hdr *)srh);
+	unsigned char *opt = (unsigned char *)srh;
+	unsigned int off;
 
-	if (srh->type != IPV6_SRCRT_TYPE_4)
-		return false;
+	off = seg6_tlv_offset(srh);
+	len -= off;
 
-	if (((srh->hdrlen + 1) << 3) != len)
-		return false;
+	while (len > 0) {
+		struct sr6_tlv *tlv;
+		unsigned int optlen;
 
-	if (srh->segments_left > srh->first_segment)
-		return false;
+		switch (opt[off]) {
+		case SR6_TLV_PAD1:
+			optlen = 1;
+			break;
+		default:
+			if (len < sizeof(*tlv))
+				return false;
 
-	tlv_offset = sizeof(*srh) + ((srh->first_segment + 1) << 4);
+			tlv = (struct sr6_tlv *)&opt[off];
+			optlen = sizeof(*tlv) + tlv->len;
 
-	trailing = len - tlv_offset;
-	if (trailing < 0)
-		return false;
+			break;
+		}
 
-	while (trailing) {
-		struct sr6_tlv *tlv;
-		unsigned int tlv_len;
+		off += optlen;
+		len -= optlen;
+	}
 
-		if (trailing < sizeof(*tlv))
-			return false;
+	return !len;
+}
 
-		tlv = (struct sr6_tlv *)((unsigned char *)srh + tlv_offset);
-		tlv_len = sizeof(*tlv) + tlv->len;
+bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len)
+{
+	if (srh->type != IPV6_SRCRT_TYPE_4)
+		return false;
 
-		trailing -= tlv_len;
-		if (trailing < 0)
-			return false;
+	if (ipv6_optlen((struct ipv6_opt_hdr *)srh) != len)
+		return false;
 
-		tlv_offset += tlv_len;
-	}
+	if (srh->segments_left > srh->first_segment)
+		return false;
 
-	return true;
+	return __seg6_parse_srh(srh);
 }
 
 static struct genl_family seg6_genl_family;

From patchwork Thu May 30 21:50:18 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom Herbert <tom@herbertland.com>
X-Patchwork-Id: 1107947
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=herbertland.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=herbertland-com.20150623.gappssmtp.com
	header.i=@herbertland-com.20150623.gappssmtp.com
	header.b="fL2gtpio"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 45FM0V64V8z9s3l
	for <patchwork-incoming-netdev@ozlabs.org>;
	Fri, 31 May 2019 07:58:34 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1726879AbfE3V6d (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Thu, 30 May 2019 17:58:33 -0400
Received: from mail-it1-f195.google.com ([209.85.166.195]:37531 "EHLO
	mail-it1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726827AbfE3V6d (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 30 May 2019 17:58:33 -0400
Received: by mail-it1-f195.google.com with SMTP id s16so11981319ita.2
	for <netdev@vger.kernel.org>; Thu, 30 May 2019 14:58:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=herbertland-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=u0wxAgS7Z04gKq+rNXYKLmGUgzsQiof5BnxwwNZbDGE=;
	b=fL2gtpioVH9ojFTDJmjtgMGh6lcy+CV4nA29p5lVQnBgALHnhMIkM+6vLn9JVu8s20
	bb5t6+TvdAVWUIPVWDr40bIcYMdBgIopkynG+NSLJduzUArbfEAPVmawW5iUsr/EMSkp
	kJ/lQ+0MqLDyK8tRuA/UsMQxd02tTpf1TPvBXaOYyBij0D4Qh63o1BHzQeQYF+mJbaPA
	ma7u4X+aVOr8b0zWVs5ba7Nr5TcpfzksyzjUCD34QTh8PP7cg8tjVrEkuebyuAODBQEn
	XapYgGqLBh0+uAmBzrjJoh9+BDCV6fUKK7uDWRZMX2UT/DlCumwWwXpDkfgxKoR8mD3T
	8aRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=u0wxAgS7Z04gKq+rNXYKLmGUgzsQiof5BnxwwNZbDGE=;
	b=BSGVDNkDsNdfCt7sZV7CEJ5OHOnqdWp2b1J2fY9jAKLHtkR3TMgzCYbgwFX4HcIn20
	CbtlJqsiKZHBfKFYNcfN6J7NOVByjfHiX5k0xOzZiiemor2DDrbRyMhI3ymFfIybGhyp
	HHbpS7iNsD8sb+lk7MhOxTU9JngaRx116/HRxgeuHYZVmVsjbb5GaekrXso0HUbpOxtD
	HTPpD14IbVA7msmKg3rMr4ZpiVqXOoj/v7RHli5r8DQOrqPcVxe0ritENWRFODuhxdGi
	6XHBx35Q8z/OUQwp+4iqdjOz7TL69Ml3dt0MSJhun4T+ORxooUFjXfAah5XzkS7oVsSM
	iVAw==
X-Gm-Message-State: APjAAAWRWsjDU4eCQxBQB4yoChzhpVFSEgAvbfPumATLF0shL3YN5vNZ
	nValxY6wc07U0e4DM+48vOajPw==
X-Google-Smtp-Source: 
 APXvYqxqxb0528ie53xElUrwakG++8qTsNpozwrBMs4UmdBSENabvsQqKtMrMpxapLyKj8GubANmig==
X-Received: by 2002:a05:660c:1cc:: with SMTP id
	s12mr3833910itk.170.1559253055515;
	Thu, 30 May 2019 14:50:55 -0700 (PDT)
Received: from localhost.localdomain
	(107-0-94-194-ip-static.hfc.comcastbusiness.net. [107.0.94.194])
	by smtp.gmail.com with ESMTPSA id
	j125sm1662391itb.27.2019.05.30.14.50.54
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Thu, 30 May 2019 14:50:55 -0700 (PDT)
From: Tom Herbert <tom@herbertland.com>
X-Google-Original-From: Tom Herbert <tom@quantonium.net>
To: davem@davemloft.net, netdev@vger.kernel.org, dlebrun@google.com
Cc: Tom Herbert <tom@quantonium.net>
Subject: [PATCH net-next 3/6] seg6: Remove HMAC flag and implement
	seg6_find_hmac_tlv
Date: Thu, 30 May 2019 14:50:18 -0700
Message-Id: <1559253021-16772-4-git-send-email-tom@quantonium.net>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1559253021-16772-1-git-send-email-tom@quantonium.net>
References: <1559253021-16772-1-git-send-email-tom@quantonium.net>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

The HMAC flag is no longer defined in the SRH specification. Remove
it and any uses of it.

This includes removal of sr_has_hmac. We replace this function with
seg6_find_hmac_tlv. That function parses (via __seg6_parse_srh) a
TLV list and returns the pointer to an HMAC TLV if one exists. The
parsing function also eliminates the assumption in seg6_get_tlv_hmac
that the HMAC TLV must be the first TLV.

Signed-off-by: Tom Herbert <tom@quantonium.net>
---
 include/net/seg6.h        | 12 +++++++++++-
 include/uapi/linux/seg6.h |  3 ---
 net/ipv6/exthdrs.c        |  2 +-
 net/ipv6/seg6.c           | 12 ++++++++++--
 net/ipv6/seg6_hmac.c      |  8 +++-----
 net/ipv6/seg6_iptunnel.c  |  4 ++--
 6 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/include/net/seg6.h b/include/net/seg6.h
index 563d4a6..47e7c90 100644
--- a/include/net/seg6.h
+++ b/include/net/seg6.h
@@ -17,6 +17,7 @@
 #include <linux/net.h>
 #include <linux/ipv6.h>
 #include <linux/seg6.h>
+#include <linux/seg6_hmac.h>
 #include <linux/rhashtable-types.h>
 
 static inline void update_csum_diff4(struct sk_buff *skb, __be32 from,
@@ -67,11 +68,20 @@ extern void seg6_iptunnel_exit(void);
 extern int seg6_local_init(void);
 extern void seg6_local_exit(void);
 
-extern bool __seg6_parse_srh(struct ipv6_sr_hdr *srh);
+extern bool __seg6_parse_srh(struct ipv6_sr_hdr *srh,
+			     struct sr6_tlv_hmac **hmacp);
 extern bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len);
 extern int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh,
 			     int proto);
 extern int seg6_do_srh_inline(struct sk_buff *skb, struct ipv6_sr_hdr *osrh);
 extern int seg6_lookup_nexthop(struct sk_buff *skb, struct in6_addr *nhaddr,
 			       u32 tbl_id);
+
+static inline struct sr6_tlv_hmac *seg6_find_hmac_tlv(struct ipv6_sr_hdr *srh)
+{
+	struct sr6_tlv_hmac *hmacp = NULL;
+
+	return __seg6_parse_srh(srh, &hmacp) ? hmacp : NULL;
+}
+
 #endif
diff --git a/include/uapi/linux/seg6.h b/include/uapi/linux/seg6.h
index a69ce16..ca14df4 100644
--- a/include/uapi/linux/seg6.h
+++ b/include/uapi/linux/seg6.h
@@ -36,14 +36,11 @@ struct ipv6_sr_hdr {
 #define SR6_FLAG1_PROTECTED	(1 << 6)
 #define SR6_FLAG1_OAM		(1 << 5)
 #define SR6_FLAG1_ALERT		(1 << 4)
-#define SR6_FLAG1_HMAC		(1 << 3)
 
 #define SR6_TLV_PAD1		0
 #define SR6_TLV_PADDING		1
 #define SR6_TLV_HMAC		5
 
-#define sr_has_hmac(srh) ((srh)->flags & SR6_FLAG1_HMAC)
-
 struct sr6_tlv {
 	__u8 type;
 	__u8 len;
diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
index 20291c2..112e2fd 100644
--- a/net/ipv6/exthdrs.c
+++ b/net/ipv6/exthdrs.c
@@ -922,7 +922,7 @@ static void ipv6_push_rthdr4(struct sk_buff *skb, u8 *proto,
 	}
 
 #ifdef CONFIG_IPV6_SEG6_HMAC
-	if (sr_has_hmac(sr_phdr)) {
+	if (seg6_find_hmac_tlv(sr_phdr)) {
 		struct net *net = NULL;
 
 		if (skb->dev)
diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c
index e461357..1e782a6 100644
--- a/net/ipv6/seg6.c
+++ b/net/ipv6/seg6.c
@@ -30,7 +30,7 @@
 #include <net/seg6_hmac.h>
 #endif
 
-bool __seg6_parse_srh(struct ipv6_sr_hdr *srh)
+bool __seg6_parse_srh(struct ipv6_sr_hdr *srh, struct sr6_tlv_hmac **hmacp)
 {
 	int len = ipv6_optlen((struct ipv6_opt_hdr *)srh);
 	unsigned char *opt = (unsigned char *)srh;
@@ -39,6 +39,8 @@ bool __seg6_parse_srh(struct ipv6_sr_hdr *srh)
 	off = seg6_tlv_offset(srh);
 	len -= off;
 
+	*hmacp = NULL;
+
 	while (len > 0) {
 		struct sr6_tlv *tlv;
 		unsigned int optlen;
@@ -47,6 +49,10 @@ bool __seg6_parse_srh(struct ipv6_sr_hdr *srh)
 		case SR6_TLV_PAD1:
 			optlen = 1;
 			break;
+		case SR6_TLV_HMAC:
+			if (!*hmacp)
+				*hmacp = (struct sr6_tlv_hmac *)&opt[off];
+			/* Fall through */
 		default:
 			if (len < sizeof(*tlv))
 				return false;
@@ -66,6 +72,8 @@ bool __seg6_parse_srh(struct ipv6_sr_hdr *srh)
 
 bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len)
 {
+	struct sr6_tlv_hmac *hmacp;
+
 	if (srh->type != IPV6_SRCRT_TYPE_4)
 		return false;
 
@@ -75,7 +83,7 @@ bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len)
 	if (srh->segments_left > srh->first_segment)
 		return false;
 
-	return __seg6_parse_srh(srh);
+	return __seg6_parse_srh(srh, &hmacp);
 }
 
 static struct genl_family seg6_genl_family;
diff --git a/net/ipv6/seg6_hmac.c b/net/ipv6/seg6_hmac.c
index 8546f94..92b398c 100644
--- a/net/ipv6/seg6_hmac.c
+++ b/net/ipv6/seg6_hmac.c
@@ -95,13 +95,11 @@ static struct sr6_tlv_hmac *seg6_get_tlv_hmac(struct ipv6_sr_hdr *srh)
 	if (srh->hdrlen < (srh->first_segment + 1) * 2 + 5)
 		return NULL;
 
-	if (!sr_has_hmac(srh))
+	tlv = seg6_find_hmac_tlv(srh);
+	if (!tlv)
 		return NULL;
 
-	tlv = (struct sr6_tlv_hmac *)
-	      ((char *)srh + ((srh->hdrlen + 1) << 3) - 40);
-
-	if (tlv->tlvhdr.type != SR6_TLV_HMAC || tlv->tlvhdr.len != 38)
+	if (tlv->tlvhdr.len != sizeof(*tlv) - 2)
 		return NULL;
 
 	return tlv;
diff --git a/net/ipv6/seg6_iptunnel.c b/net/ipv6/seg6_iptunnel.c
index 7a525fd..5344bee 100644
--- a/net/ipv6/seg6_iptunnel.c
+++ b/net/ipv6/seg6_iptunnel.c
@@ -161,7 +161,7 @@ int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh, int proto)
 	set_tun_src(net, dst->dev, &hdr->daddr, &hdr->saddr);
 
 #ifdef CONFIG_IPV6_SEG6_HMAC
-	if (sr_has_hmac(isrh)) {
+	if (seg6_find_hmac_tlv(isrh)) {
 		err = seg6_push_hmac(net, &hdr->saddr, isrh);
 		if (unlikely(err))
 			return err;
@@ -211,7 +211,7 @@ int seg6_do_srh_inline(struct sk_buff *skb, struct ipv6_sr_hdr *osrh)
 	hdr->daddr = isrh->segments[isrh->first_segment];
 
 #ifdef CONFIG_IPV6_SEG6_HMAC
-	if (sr_has_hmac(isrh)) {
+	if (seg6_find_hmac_tlv(isrh)) {
 		struct net *net = dev_net(skb_dst(skb)->dev);
 
 		err = seg6_push_hmac(net, &hdr->saddr, isrh);

From patchwork Thu May 30 21:50:19 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom Herbert <tom@herbertland.com>
X-Patchwork-Id: 1107943
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=herbertland.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=herbertland-com.20150623.gappssmtp.com
	header.i=@herbertland-com.20150623.gappssmtp.com
	header.b="GqemEd2X"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 45FLyW2R61z9sBb
	for <patchwork-incoming-netdev@ozlabs.org>;
	Fri, 31 May 2019 07:56:51 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1726587AbfE3V4u (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Thu, 30 May 2019 17:56:50 -0400
Received: from mail-io1-f65.google.com ([209.85.166.65]:41267 "EHLO
	mail-io1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726308AbfE3V4u (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 30 May 2019 17:56:50 -0400
Received: by mail-io1-f65.google.com with SMTP id w25so6424488ioc.8
	for <netdev@vger.kernel.org>; Thu, 30 May 2019 14:56:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=herbertland-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=oFcvdmtXVUaKqxe4PEx9Avhamk6baJlnrhRipIuUu34=;
	b=GqemEd2XsjJXpZ9LmtmIt+Xz1l1boPt6A61umaLS+V6miXXvuOWmNpESHFbgqkCS1Q
	dgdu+gi+717O32JphpJJcvijlUZzef87Ciga1tYymUfl4FWG7Ctt/Jt/ZLAwuqwCbb7f
	v8oQ3+crqP0e4BF2fkCsH+8A+XGHRZfUECuHz2oVe3/6OV9KfkWOy3MYsE4FX3VYv4ax
	28owo9Ok5mxymNxybcIFB0UQCROKQsNluIGhKhtkte1I0Naldit0Gc3Xq5dfJWPcsHAr
	0OQOYqO2M8DBFKSUpw8fcGEMotWFx8NqeKkFv1ZpRR2VIvv4WqOSxKTlrQDKHzG70fzk
	fITg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=oFcvdmtXVUaKqxe4PEx9Avhamk6baJlnrhRipIuUu34=;
	b=fh93Zb+rwTDie8vLJOHTTXk7xW0fmvCQNmJ0BwzuR2qTdpajOXlF3SSl39vEyQARBv
	WTeCetqX1TSi9Lu7H8JAOrkfx8muXsP7vulMrEEIGMzWIuTxw1qQVs0MExtR6HVD3D5n
	+W2maDwGWPDtu2/QPDj58T6BpjYXVsBy8tF+anrx+7iI7Rn1/VPKMr1DAzvepyovDyky
	W0yarh6z/EBd9gjdcHt673JWh5gjN5bGzpahSsZO7oAjHvanJLsLvxySMakLq9Tsafni
	rBoW+Gt/0FcXKMj0LS/bSZqFS9qoR53ZZZXqG9hOFBbajg/v9vEyYXv5gSYdKXhhrlWS
	Xw/g==
X-Gm-Message-State: APjAAAVfo+KYHgEvmZ1BANMXSTueWD8skMQUqRK8zO39XCzUdXF93AFY
	/FUaBC2dXX3tPxIJp+MaP+cQLA==
X-Google-Smtp-Source: 
 APXvYqwq9CdT/9kJv0rw1kiMmECIP47zuMD1csAiMhiHe/9lFSAQPu4oNrcI+2w+R0ODwiQfdugV0g==
X-Received: by 2002:a6b:6505:: with SMTP id z5mr4234812iob.295.1559253056983;
	Thu, 30 May 2019 14:50:56 -0700 (PDT)
Received: from localhost.localdomain
	(107-0-94-194-ip-static.hfc.comcastbusiness.net. [107.0.94.194])
	by smtp.gmail.com with ESMTPSA id
	j125sm1662391itb.27.2019.05.30.14.50.56
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Thu, 30 May 2019 14:50:56 -0700 (PDT)
From: Tom Herbert <tom@herbertland.com>
X-Google-Original-From: Tom Herbert <tom@quantonium.net>
To: davem@davemloft.net, netdev@vger.kernel.org, dlebrun@google.com
Cc: Tom Herbert <tom@quantonium.net>
Subject: [PATCH net-next 4/6] ah6: Create function __zero_out_mutable_opts
Date: Thu, 30 May 2019 14:50:19 -0700
Message-Id: <1559253021-16772-5-git-send-email-tom@quantonium.net>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1559253021-16772-1-git-send-email-tom@quantonium.net>
References: <1559253021-16772-1-git-send-email-tom@quantonium.net>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

This is an adaptation of zero_out_mutable_opts that takes three
additional arguments: offset of the TLVs, a mask to locate the
mutable bit in the TLV type, and the type value for single byte
padding.

zero_out_mutable_opts calls the new function and sets the arguments
appropriate to Hop-by-Hop and Destination Options. The function will
be used to support zeroing out mutable SRH TLVs' data with the
appropriate arguments for SRH TLVs.

Signed-off-by: Tom Herbert <tom@quantonium.net>
---
 net/ipv6/ah6.c | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index 68b9e92..1e80157 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -102,32 +102,28 @@ static inline struct scatterlist *ah_req_sg(struct crypto_ahash *ahash,
 			     __alignof__(struct scatterlist));
 }
 
-static bool zero_out_mutable_opts(struct ipv6_opt_hdr *opthdr)
+static bool __zero_out_mutable_opts(struct ipv6_opt_hdr *opthdr, int off,
+				    unsigned char mut_bit, unsigned char pad1)
 {
 	u8 *opt = (u8 *)opthdr;
 	int len = ipv6_optlen(opthdr);
-	int off = 0;
 	int optlen = 0;
 
-	off += 2;
-	len -= 2;
+	len -= off;
 
 	while (len > 0) {
-
-		switch (opt[off]) {
-
-		case IPV6_TLV_PAD1:
+		if (opt[off] == pad1) {
 			optlen = 1;
-			break;
-		default:
+		} else {
 			if (len < 2)
 				goto bad;
-			optlen = opt[off+1]+2;
+
+			optlen = opt[off + 1] + 2;
 			if (len < optlen)
 				goto bad;
-			if (opt[off] & 0x20)
-				memset(&opt[off+2], 0, opt[off+1]);
-			break;
+
+			if (opt[off] & mut_bit)
+				memset(&opt[off + 2], 0, opt[off + 1]);
 		}
 
 		off += optlen;
@@ -140,6 +136,11 @@ static bool zero_out_mutable_opts(struct ipv6_opt_hdr *opthdr)
 	return false;
 }
 
+static bool zero_out_mutable_opts(struct ipv6_opt_hdr *opthdr)
+{
+	return __zero_out_mutable_opts(opthdr, 2, 0x20, IPV6_TLV_PAD1);
+}
+
 #if IS_ENABLED(CONFIG_IPV6_MIP6)
 /**
  *	ipv6_rearrange_destopt - rearrange IPv6 destination options header

From patchwork Thu May 30 21:50:20 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom Herbert <tom@herbertland.com>
X-Patchwork-Id: 1107944
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=herbertland.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=herbertland-com.20150623.gappssmtp.com
	header.i=@herbertland-com.20150623.gappssmtp.com
	header.b="AcNZX+li"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 45FLzc6gfbz9s3l
	for <patchwork-incoming-netdev@ozlabs.org>;
	Fri, 31 May 2019 07:57:48 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1726666AbfE3V5r (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Thu, 30 May 2019 17:57:47 -0400
Received: from mail-it1-f196.google.com ([209.85.166.196]:53423 "EHLO
	mail-it1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726489AbfE3V5q (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 30 May 2019 17:57:46 -0400
Received: by mail-it1-f196.google.com with SMTP id m141so12534073ita.3
	for <netdev@vger.kernel.org>; Thu, 30 May 2019 14:57:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=herbertland-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=vpCDadP+lypEq2qDT0dWFaVIhZacvzoPNWNfggfQPmk=;
	b=AcNZX+litCgbTXxyROXLE8Q0M200PUHDskmUC5ipc/3Ww8jfoeDr43yKxK3fhm33cZ
	rgtPgJORztElSzowZtAqtgSLQEGU8C4GuQhsZ/xNY08fL+48A9HHxVdWIumuqUyWTdW/
	UW7FGVat4spV0Xu4sI2Z/mso7QUCI04CsqZeTN8AVg/OtWBb+F4CJgkbqxR2DYexqdWK
	4moJe5moJEUoIc6ZeG0S+U8Fz8ACcPIqFaPQh7dqW2O1ASRk0/HOl8iMEfZvYKfgkMbu
	m22jpjaxF8h9zlv8Jrn4FvPf9nQC54V6DngsrFT+x7vQCo+a5YObh15nOrPaT6dmcZHn
	ioyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=vpCDadP+lypEq2qDT0dWFaVIhZacvzoPNWNfggfQPmk=;
	b=SNuOVxIICnFsdknYUu6J3w1HSgWpy9rJNHs1q6LovggoaM9k1GS6rSFj7APKGlzfvz
	nXvCZOE6syM/S5/azjvFtH3BQD2V25mRdaHOKkokpPM49nD40Bn5GZ1Xx35x3gB7eN9d
	Hrf2upRgMQGEthEWBD1gA8a6CHeMEFykAEwg2N2fqiigvG9MebJhvjDa+QVdkqgNGgNK
	T5FXQlBAgZ4GTqGeggO5xzGLvDmwu2PLee/e1DUDjkh406zS/C7Z+9EbTeVM+HcXzNG8
	m/HzOifMP8TArgzLSafwjgmv5FnZLCXHJ75j6wsnDLnths1enBjhmAFQrv1bEOiUN713
	1aYA==
X-Gm-Message-State: APjAAAVKXW1VOMEZYyWPmDeoQs0Ylq5crUpUxW5N6K/UL2MDOg5HppP5
	cooxy5KlAi2B+wr1xJyCyj+2jg==
X-Google-Smtp-Source: 
 APXvYqxhM8NUpRH+0JVIhp6qG+bDUg0sN4x2pW/k/AcPx2wPRHY0XlvTzCGo5uDdUHkENs0fDGSFxw==
X-Received: by 2002:a05:660c:8a:: with SMTP id
	t10mr4624497itj.152.1559253059553;
	Thu, 30 May 2019 14:50:59 -0700 (PDT)
Received: from localhost.localdomain
	(107-0-94-194-ip-static.hfc.comcastbusiness.net. [107.0.94.194])
	by smtp.gmail.com with ESMTPSA id
	j125sm1662391itb.27.2019.05.30.14.50.58
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Thu, 30 May 2019 14:50:59 -0700 (PDT)
From: Tom Herbert <tom@herbertland.com>
X-Google-Original-From: Tom Herbert <tom@quantonium.net>
To: davem@davemloft.net, netdev@vger.kernel.org, dlebrun@google.com
Cc: Tom Herbert <tom@quantonium.net>
Subject: [PATCH net-next 5/6] ah6: Be explicit about which routing types are
	processed.
Date: Thu, 30 May 2019 14:50:20 -0700
Message-Id: <1559253021-16772-6-git-send-email-tom@quantonium.net>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1559253021-16772-1-git-send-email-tom@quantonium.net>
References: <1559253021-16772-1-git-send-email-tom@quantonium.net>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

The current code assumes that all routing headers can be processed
as type 0 when rearranging the routing header for AH verification.
Change this to be explicit. Type 0 and type 2 are supported and are
processed the same way with regards to AH.

Also check if rearranging routing header fails. Update reference
in comment to more current RFC.

Signed-off-by: Tom Herbert <tom@quantonium.net>
---
 net/ipv6/ah6.c | 37 +++++++++++++++++++++++++++++--------
 1 file changed, 29 insertions(+), 8 deletions(-)

diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index 1e80157..032491c 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -145,7 +145,7 @@ static bool zero_out_mutable_opts(struct ipv6_opt_hdr *opthdr)
 /**
  *	ipv6_rearrange_destopt - rearrange IPv6 destination options header
  *	@iph: IPv6 header
- *	@destopt: destionation options header
+ *	@destopt: destination options header
  */
 static void ipv6_rearrange_destopt(struct ipv6hdr *iph, struct ipv6_opt_hdr *destopt)
 {
@@ -204,15 +204,16 @@ static void ipv6_rearrange_destopt(struct ipv6hdr *iph, struct ipv6_opt_hdr *des
 #endif
 
 /**
- *	ipv6_rearrange_rthdr - rearrange IPv6 routing header
+ *	ipv6_rearrange_type0_rthdr - rearrange type 0 IPv6 routing header
  *	@iph: IPv6 header
  *	@rthdr: routing header
  *
  *	Rearrange the destination address in @iph and the addresses in @rthdr
  *	so that they appear in the order they will at the final destination.
- *	See Appendix A2 of RFC 2402 for details.
+ *	See Appendix A2 of RFC 4302 for details.
  */
-static void ipv6_rearrange_rthdr(struct ipv6hdr *iph, struct ipv6_rt_hdr *rthdr)
+static bool ipv6_rearrange_type0_rthdr(struct ipv6hdr *iph,
+				       struct ipv6_rt_hdr *rthdr)
 {
 	int segments, segments_left;
 	struct in6_addr *addrs;
@@ -220,15 +221,13 @@ static void ipv6_rearrange_rthdr(struct ipv6hdr *iph, struct ipv6_rt_hdr *rthdr)
 
 	segments_left = rthdr->segments_left;
 	if (segments_left == 0)
-		return;
+		return true;
 	rthdr->segments_left = 0;
 
 	/* The value of rthdr->hdrlen has been verified either by the system
 	 * call if it is locally generated, or by ipv6_rthdr_rcv() for incoming
 	 * packets.  So we can assume that it is even and that segments is
 	 * greater than or equal to segments_left.
-	 *
-	 * For the same reason we can assume that this option is of type 0.
 	 */
 	segments = rthdr->hdrlen >> 1;
 
@@ -240,6 +239,24 @@ static void ipv6_rearrange_rthdr(struct ipv6hdr *iph, struct ipv6_rt_hdr *rthdr)
 
 	addrs[0] = iph->daddr;
 	iph->daddr = final_addr;
+
+	return true;
+}
+
+static bool ipv6_rearrange_rthdr(struct ipv6hdr *iph, struct ipv6_rt_hdr *rthdr)
+{
+	switch (rthdr->type) {
+	case IPV6_SRCRT_TYPE_2:
+		/* Simplified format of type 0 so same processing */
+		/* fallthrough */
+	case IPV6_SRCRT_TYPE_0: /* Deprecated */
+		return ipv6_rearrange_type0_rthdr(iph, rthdr);
+	default:
+		/* Bad or unidentified routing header, we don't know how
+		 * to fix this header for security purposes. Return failure.
+		 */
+		return false;
+	}
 }
 
 static int ipv6_clear_mutable_options(struct ipv6hdr *iph, int len, int dir)
@@ -271,7 +288,11 @@ static int ipv6_clear_mutable_options(struct ipv6hdr *iph, int len, int dir)
 			break;
 
 		case NEXTHDR_ROUTING:
-			ipv6_rearrange_rthdr(iph, exthdr.rth);
+			if (!ipv6_rearrange_rthdr(iph, exthdr.rth)) {
+				net_dbg_ratelimited("bad routing header\n");
+				return -EINVAL;
+			}
+
 			break;
 
 		default:

From patchwork Thu May 30 21:50:21 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom Herbert <tom@herbertland.com>
X-Patchwork-Id: 1107948
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=herbertland.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=herbertland-com.20150623.gappssmtp.com
	header.i=@herbertland-com.20150623.gappssmtp.com
	header.b="eWLAcZ9o"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 45FM0k6d4Tz9s3l
	for <patchwork-incoming-netdev@ozlabs.org>;
	Fri, 31 May 2019 07:58:46 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1726723AbfE3V6p (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Thu, 30 May 2019 17:58:45 -0400
Received: from mail-it1-f194.google.com ([209.85.166.194]:51023 "EHLO
	mail-it1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726535AbfE3V6p (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 30 May 2019 17:58:45 -0400
Received: by mail-it1-f194.google.com with SMTP id a186so12566455itg.0
	for <netdev@vger.kernel.org>; Thu, 30 May 2019 14:58:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=herbertland-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=3fARnAA4saHrsr4JO3DkGH7joPaWQTWPgsS0UFtWefI=;
	b=eWLAcZ9oj5H7z1SChhhz+Q4J+v0AXhPw7NjyM40/fIs9hfEQ40lJOk/P1rdSIB4KyP
	Lu8eHvPjQ85xOhDIUXRbRNKyvW1kxDoWtbrUFUTt06pvcsQPWfH0NHx5R5OL8+bLzqMn
	uPfvP3W+yJg9R04N/sANwOmkDk3+Jxyx26nnmkvjKWRhOPCVGOEMou0DcQdsp98YkRns
	U82D/Zl0KnuXmD6zyoeWsaDgUCWIlGU4jU4+NTmQawAO0nYpC8BDA6mgnhATV+zIGj+/
	quHq1ueBLp19LUxQPpyfrKFB5bchTC7KcRQcseHzkxvz0d64+3MkbGY5k5bCnUY2/mBF
	B4cg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=3fARnAA4saHrsr4JO3DkGH7joPaWQTWPgsS0UFtWefI=;
	b=mcMXh25LVvLt57yJbdqm00Ire5b2IxQeOjnU/UhZ2KddwWULcKoec8uGAUIjKAWHVS
	mllGsfAMwzBqOrO/qE+KCZEf3qaeI/3mNRpzalfMW+mNPjRnoOmU3gWxk9UvnptXor9e
	Y2Bcxpzj2e6ZVUNGQSQdGbsoTZSdfg2WB7KMSmBscKulaMkDORysBOlX5tX53BoWE78C
	hHyNtE69wMi12+Go3ObfMn14DUZ7QNZtKngPiZd90M45G4KlJWLoJI/LRLvjKBj9lU6x
	Zlv/Ddg7tuOAKizv0gulHwO3LrRr3ouO8hbd6yf/ZNJegieNLbCviEyaTpw5iUdT/uJC
	0Iyg==
X-Gm-Message-State: APjAAAWOw3hik8GuIVkiNH2u0NafQ+PCw4yMtISyxeilGS4Z69FzlFh9
	lZCQUAfLs3TjhzrcMHlKO6n66A==
X-Google-Smtp-Source: 
 APXvYqxrgcBfueAgzxmKvNIXqoe5R667v9x553hrmNxLGI1Q7oOOEpbQ80sfJhfbnNPrXz1Iyz7kZw==
X-Received: by 2002:a24:764e:: with SMTP id z75mr4499342itb.52.1559253061762;
	Thu, 30 May 2019 14:51:01 -0700 (PDT)
Received: from localhost.localdomain
	(107-0-94-194-ip-static.hfc.comcastbusiness.net. [107.0.94.194])
	by smtp.gmail.com with ESMTPSA id
	j125sm1662391itb.27.2019.05.30.14.51.00
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Thu, 30 May 2019 14:51:01 -0700 (PDT)
From: Tom Herbert <tom@herbertland.com>
X-Google-Original-From: Tom Herbert <tom@quantonium.net>
To: davem@davemloft.net, netdev@vger.kernel.org, dlebrun@google.com
Cc: Tom Herbert <tom@quantonium.net>
Subject: [PATCH net-next 6/6] seg6: Add support to rearrange SRH for AH ICV
	calculation
Date: Thu, 30 May 2019 14:50:21 -0700
Message-Id: <1559253021-16772-7-git-send-email-tom@quantonium.net>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1559253021-16772-1-git-send-email-tom@quantonium.net>
References: <1559253021-16772-1-git-send-email-tom@quantonium.net>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Mutable fields related to segment routing are: destination address,
segments left, and modifiable TLVs (those whose high order bit is set).

Add support to rearrange a segment routing (type 4) routing header to
handle these mutability requirements. This is described in
draft-herbert-ipv6-srh-ah-00.

Signed-off-by: Tom Herbert <tom@quantonium.net>
---
 net/ipv6/ah6.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index 032491c..0c5ca29 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -27,6 +27,7 @@
 #include <net/icmp.h>
 #include <net/ipv6.h>
 #include <net/protocol.h>
+#include <net/seg6.h>
 #include <net/xfrm.h>
 
 #define IPV6HDR_BASELEN 8
@@ -141,6 +142,13 @@ static bool zero_out_mutable_opts(struct ipv6_opt_hdr *opthdr)
 	return __zero_out_mutable_opts(opthdr, 2, 0x20, IPV6_TLV_PAD1);
 }
 
+static bool zero_out_mutable_srh_opts(struct ipv6_sr_hdr *srh)
+{
+	return __zero_out_mutable_opts((struct ipv6_opt_hdr *)srh,
+				       seg6_tlv_offset(srh), 0x80,
+				       SR6_TLV_PAD1);
+}
+
 #if IS_ENABLED(CONFIG_IPV6_MIP6)
 /**
  *	ipv6_rearrange_destopt - rearrange IPv6 destination options header
@@ -243,6 +251,20 @@ static bool ipv6_rearrange_type0_rthdr(struct ipv6hdr *iph,
 	return true;
 }
 
+static bool ipv6_rearrange_type4_rthdr(struct ipv6hdr *iph,
+				       struct ipv6_rt_hdr *rthdr)
+{
+	struct ipv6_sr_hdr *srh = (struct ipv6_sr_hdr *)rthdr;
+
+	if (!zero_out_mutable_srh_opts(srh))
+		return false;
+
+	rthdr->segments_left = 0;
+	iph->daddr = srh->segments[0];
+
+	return true;
+}
+
 static bool ipv6_rearrange_rthdr(struct ipv6hdr *iph, struct ipv6_rt_hdr *rthdr)
 {
 	switch (rthdr->type) {
@@ -251,6 +273,8 @@ static bool ipv6_rearrange_rthdr(struct ipv6hdr *iph, struct ipv6_rt_hdr *rthdr)
 		/* fallthrough */
 	case IPV6_SRCRT_TYPE_0: /* Deprecated */
 		return ipv6_rearrange_type0_rthdr(iph, rthdr);
+	case IPV6_SRCRT_TYPE_4:
+		return ipv6_rearrange_type4_rthdr(iph, rthdr);
 	default:
 		/* Bad or unidentified routing header, we don't know how
 		 * to fix this header for security purposes. Return failure.