All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH iproute2 net-next 0/3] Add support for IPv6 Segment Routing
@ 2017-04-14 12:36 David Lebrun
  2017-04-14 12:36 ` [PATCH iproute2 net-next 1/3] ip: add ip sr command to control SR-IPv6 internal structures David Lebrun
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: David Lebrun @ 2017-04-14 12:36 UTC (permalink / raw)
  To: netdev; +Cc: David Lebrun

This patch series adds support and documentation in iproute2 for
encapsulation with IPv6 SR, and for control of HMAC mappings.

Signed-off-by: David Lebrun <david.lebrun@uclouvain.be>

David Lebrun (3):
  ip: add ip sr command to control SR-IPv6 internal structures
  iproute: add support for SR-IPv6 lwtunnel encapsulation
  man: add documentation for IPv6 SR commands

 ip/Makefile            |   2 +-
 ip/ip.c                |   3 +-
 ip/ip_common.h         |   1 +
 ip/iproute.c           |   6 +-
 ip/iproute_lwtunnel.c  | 154 ++++++++++++++++++++++++++++++++
 ip/ipseg6.c            | 238 +++++++++++++++++++++++++++++++++++++++++++++++++
 man/man8/ip-route.8.in |  39 +++++++-
 man/man8/ip-sr.8       |  58 ++++++++++++
 8 files changed, 495 insertions(+), 6 deletions(-)
 create mode 100644 ip/ipseg6.c
 create mode 100644 man/man8/ip-sr.8

-- 
2.10.2

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH iproute2 net-next 1/3] ip: add ip sr command to control SR-IPv6 internal structures
  2017-04-14 12:36 [PATCH iproute2 net-next 0/3] Add support for IPv6 Segment Routing David Lebrun
@ 2017-04-14 12:36 ` David Lebrun
  2017-04-14 22:45   ` Stephen Hemminger
  2017-04-14 12:36 ` [PATCH iproute2 net-next 2/3] iproute: add support for SR-IPv6 lwtunnel encapsulation David Lebrun
  2017-04-14 12:36 ` [PATCH iproute2 net-next 3/3] man: add documentation for IPv6 SR commands David Lebrun
  2 siblings, 1 reply; 6+ messages in thread
From: David Lebrun @ 2017-04-14 12:36 UTC (permalink / raw)
  To: netdev; +Cc: David Lebrun

This patch adds commands to support the tunnel source properties
("ip sr tunsrc") and the HMAC key -> secret, algorithm binding
("ip sr hmac").

Signed-off-by: David Lebrun <david.lebrun@uclouvain.be>
---
 ip/Makefile    |   2 +-
 ip/ip.c        |   3 +-
 ip/ip_common.h |   1 +
 ip/ipseg6.c    | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 242 insertions(+), 2 deletions(-)
 create mode 100644 ip/ipseg6.c

diff --git a/ip/Makefile b/ip/Makefile
index 035d42c..e08c170 100644
--- a/ip/Makefile
+++ b/ip/Makefile
@@ -9,7 +9,7 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \
     link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o iplink_hsr.o \
     iplink_bridge.o iplink_bridge_slave.o ipfou.o iplink_ipvlan.o \
     iplink_geneve.o iplink_vrf.o iproute_lwtunnel.o ipmacsec.o ipila.o \
-    ipvrf.o iplink_xstats.o
+    ipvrf.o iplink_xstats.o ipseg6.o
 
 RTMONOBJ=rtmon.o
 
diff --git a/ip/ip.c b/ip/ip.c
index 07050b0..7c14a8e 100644
--- a/ip/ip.c
+++ b/ip/ip.c
@@ -52,7 +52,7 @@ static void usage(void)
 "where  OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |\n"
 "                   tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |\n"
 "                   netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila |\n"
-"                   vrf }\n"
+"                   vrf | sr }\n"
 "       OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |\n"
 "                    -h[uman-readable] | -iec |\n"
 "                    -f[amily] { inet | inet6 | ipx | dnet | mpls | bridge | link } |\n"
@@ -101,6 +101,7 @@ static const struct cmd {
 	{ "netns",	do_netns },
 	{ "netconf",	do_ipnetconf },
 	{ "vrf",	do_ipvrf},
+	{ "sr",		do_seg6 },
 	{ "help",	do_help },
 	{ 0 }
 };
diff --git a/ip/ip_common.h b/ip/ip_common.h
index 5a39623..202fc39 100644
--- a/ip/ip_common.h
+++ b/ip/ip_common.h
@@ -60,6 +60,7 @@ int do_iptoken(int argc, char **argv);
 int do_ipvrf(int argc, char **argv);
 void vrf_reset(void);
 int netns_identify_pid(const char *pidstr, char *name, int len);
+int do_seg6(int argc, char **argv);
 
 int iplink_get(unsigned int flags, char *name, __u32 filt_mask);
 int iplink_ifla_xstats(int argc, char **argv);
diff --git a/ip/ipseg6.c b/ip/ipseg6.c
new file mode 100644
index 0000000..0d4130e
--- /dev/null
+++ b/ip/ipseg6.c
@@ -0,0 +1,238 @@
+/*
+ * seg6.c "ip sr/seg6"
+ *
+ *	  This program is free software; you can redistribute it and/or
+ *	  modify it under the terms of the GNU General Public License
+ *	  version 2 as published by the Free Software Foundation;
+ *
+ * Author: David Lebrun <david.lebrun@uclouvain.be>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <sys/ioctl.h>
+#include <linux/if.h>
+
+#include <linux/genetlink.h>
+#include <linux/seg6_genl.h>
+#include <linux/seg6_hmac.h>
+
+#include "utils.h"
+#include "ip_common.h"
+#include "libgenl.h"
+
+#define HMAC_KEY_PROMPT "Enter secret for HMAC key ID (blank to delete): "
+
+static void usage(void)
+{
+	fprintf(stderr, "Usage: ip sr { COMMAND | help }\n");
+	fprintf(stderr, "	   ip sr hmac show\n");
+	fprintf(stderr, "	   ip sr hmac set KEYID ALGO\n");
+	fprintf(stderr, "	   ip sr tunsrc show\n");
+	fprintf(stderr, "	   ip sr tunsrc set ADDRESS\n");
+	fprintf(stderr, "where  ALGO := { sha1 | sha256 }\n");
+	exit(-1);
+}
+
+static struct rtnl_handle grth = { .fd = -1 };
+static int genl_family = -1;
+
+#define SEG6_REQUEST(_req, _bufsiz, _cmd, _flags) \
+	GENL_REQUEST(_req, _bufsiz, genl_family, 0, \
+				SEG6_GENL_VERSION, _cmd, _flags)
+
+static struct {
+	int cmd;
+	struct in6_addr addr;
+	__u32 keyid;
+	char *pass;
+	__u8 alg_id;
+} opts;
+
+static int process_msg(const struct sockaddr_nl *who, struct nlmsghdr *n,
+		       void *arg)
+{
+	struct rtattr *attrs[SEG6_ATTR_MAX + 1];
+	struct genlmsghdr *ghdr;
+	FILE *fp = (FILE *)arg;
+	int len = n->nlmsg_len;
+
+	if (n->nlmsg_type != genl_family)
+		return -1;
+
+	len -= NLMSG_LENGTH(GENL_HDRLEN);
+	if (len < 0)
+		return -1;
+
+	ghdr = NLMSG_DATA(n);
+
+	parse_rtattr(attrs, SEG6_ATTR_MAX, (void *)ghdr + GENL_HDRLEN, len);
+
+	switch (ghdr->cmd) {
+	case SEG6_CMD_DUMPHMAC:
+	{
+		char secret[64];
+		char *algstr;
+		__u8 slen = rta_getattr_u8(attrs[SEG6_ATTR_SECRETLEN]);
+		__u8 alg_id = rta_getattr_u8(attrs[SEG6_ATTR_ALGID]);
+
+		memset(secret, 0, 64);
+
+		if (slen > 63) {
+			fprintf(stderr, "HMAC secret length %d > 63, "
+					"truncated\n", slen);
+			slen = 63;
+		}
+		memcpy(secret, RTA_DATA(attrs[SEG6_ATTR_SECRET]), slen);
+
+		switch (alg_id) {
+		case SEG6_HMAC_ALGO_SHA1:
+			algstr = "sha1";
+			break;
+		case SEG6_HMAC_ALGO_SHA256:
+			algstr = "sha256";
+			break;
+		default:
+			algstr = "<unknown>";
+		}
+
+		fprintf(fp, "hmac %u ",
+			rta_getattr_u32(attrs[SEG6_ATTR_HMACKEYID]));
+		fprintf(fp, "algo %s ", algstr);
+		fprintf(fp, "secret \"%s\" ", secret);
+
+		fprintf(fp, "\n");
+		break;
+	}
+	case SEG6_CMD_GET_TUNSRC:
+	{
+		fprintf(fp, "tunsrc addr %s\n",
+			rt_addr_n2a(AF_INET6, 16,
+				    RTA_DATA(attrs[SEG6_ATTR_DST])));
+		break;
+	}
+	}
+
+	return 0;
+}
+
+static int seg6_do_cmd(void)
+{
+	SEG6_REQUEST(req, 1024, opts.cmd, NLM_F_REQUEST);
+	int repl = 0, dump = 0;
+
+	if (genl_family < 0) {
+		if (rtnl_open_byproto(&grth, 0, NETLINK_GENERIC) < 0) {
+			fprintf(stderr, "Cannot open generic netlink socket\n");
+			exit(1);
+		}
+		genl_family = genl_resolve_family(&grth, SEG6_GENL_NAME);
+		if (genl_family < 0)
+			exit(1);
+		req.n.nlmsg_type = genl_family;
+	}
+
+	switch (opts.cmd) {
+	case SEG6_CMD_SETHMAC:
+	{
+		addattr32(&req.n, sizeof(req), SEG6_ATTR_HMACKEYID, opts.keyid);
+		addattr8(&req.n, sizeof(req), SEG6_ATTR_SECRETLEN,
+			 strlen(opts.pass));
+		addattr8(&req.n, sizeof(req), SEG6_ATTR_ALGID, opts.alg_id);
+		if (strlen(opts.pass))
+			addattr_l(&req.n, sizeof(req), SEG6_ATTR_SECRET,
+				  opts.pass, strlen(opts.pass));
+		break;
+	}
+	case SEG6_CMD_SET_TUNSRC:
+		addattr_l(&req.n, sizeof(req), SEG6_ATTR_DST, &opts.addr,
+			  sizeof(struct in6_addr));
+		break;
+	case SEG6_CMD_DUMPHMAC:
+		dump = 1;
+		break;
+	case SEG6_CMD_GET_TUNSRC:
+		repl = 1;
+		break;
+	}
+
+	if (!repl && !dump) {
+		if (rtnl_talk(&grth, &req.n, NULL, 0) < 0)
+			return -1;
+	} else if (repl) {
+		if (rtnl_talk(&grth, &req.n, &req.n, sizeof(req)) < 0)
+			return -2;
+		if (process_msg(NULL, &req.n, stdout) < 0) {
+			fprintf(stderr, "Error parsing reply\n");
+			exit(1);
+		}
+	} else {
+		req.n.nlmsg_flags |= NLM_F_DUMP;
+		req.n.nlmsg_seq = grth.dump = ++grth.seq;
+		if (rtnl_send(&grth, &req, req.n.nlmsg_len) < 0) {
+			perror("Failed to send dump request");
+			exit(1);
+		}
+
+		if (rtnl_dump_filter(&grth, process_msg, stdout) < 0) {
+			fprintf(stderr, "Dump terminated\n");
+			exit(1);
+		}
+	}
+
+	return 0;
+}
+
+int do_seg6(int argc, char **argv)
+{
+	if (argc < 1 || matches(*argv, "help") == 0)
+		usage();
+
+	memset(&opts, 0, sizeof(opts));
+
+	if (matches(*argv, "hmac") == 0) {
+		NEXT_ARG();
+		if (matches(*argv, "show") == 0) {
+			opts.cmd = SEG6_CMD_DUMPHMAC;
+		} else if (matches(*argv, "set") == 0) {
+			NEXT_ARG();
+			if (get_u32(&opts.keyid, *argv, 0) || opts.keyid == 0)
+				invarg("hmac KEYID value is invalid", *argv);
+			NEXT_ARG();
+			if (strcmp(*argv, "sha1") == 0) {
+				opts.alg_id = SEG6_HMAC_ALGO_SHA1;
+			} else if (strcmp(*argv, "sha256") == 0) {
+				opts.alg_id = SEG6_HMAC_ALGO_SHA256;
+			} else {
+				invarg("hmac ALGO value is invalid", *argv);
+			}
+			opts.cmd = SEG6_CMD_SETHMAC;
+			opts.pass = getpass(HMAC_KEY_PROMPT);
+		} else {
+			invarg("unknown", *argv);
+		}
+	} else if (matches(*argv, "tunsrc") == 0) {
+		NEXT_ARG();
+		if (matches(*argv, "show") == 0) {
+			opts.cmd = SEG6_CMD_GET_TUNSRC;
+		} else if (matches(*argv, "set") == 0) {
+			NEXT_ARG();
+			opts.cmd = SEG6_CMD_SET_TUNSRC;
+			if (!inet_get_addr(*argv, NULL, &opts.addr))
+				invarg("tunsrc ADDRESS value is invalid",
+				       *argv);
+		} else {
+			invarg("unknown", *argv);
+		}
+	} else {
+		invarg("unknown", *argv);
+	}
+
+	return seg6_do_cmd();
+}
-- 
2.10.2

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [PATCH iproute2 net-next 2/3] iproute: add support for SR-IPv6 lwtunnel encapsulation
  2017-04-14 12:36 [PATCH iproute2 net-next 0/3] Add support for IPv6 Segment Routing David Lebrun
  2017-04-14 12:36 ` [PATCH iproute2 net-next 1/3] ip: add ip sr command to control SR-IPv6 internal structures David Lebrun
@ 2017-04-14 12:36 ` David Lebrun
  2017-04-14 22:46   ` Stephen Hemminger
  2017-04-14 12:36 ` [PATCH iproute2 net-next 3/3] man: add documentation for IPv6 SR commands David Lebrun
  2 siblings, 1 reply; 6+ messages in thread
From: David Lebrun @ 2017-04-14 12:36 UTC (permalink / raw)
  To: netdev; +Cc: David Lebrun

This patch adds support for SEG6 encapsulation type
("ip route add ... encap seg6 ...").

Signed-off-by: David Lebrun <david.lebrun@uclouvain.be>
---
 ip/iproute.c          |   6 +-
 ip/iproute_lwtunnel.c | 154 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 158 insertions(+), 2 deletions(-)

diff --git a/ip/iproute.c b/ip/iproute.c
index 5e23613..fef4022 100644
--- a/ip/iproute.c
+++ b/ip/iproute.c
@@ -98,8 +98,10 @@ static void usage(void)
 	fprintf(stderr, "TIME := NUMBER[s|ms]\n");
 	fprintf(stderr, "BOOL := [1|0]\n");
 	fprintf(stderr, "FEATURES := ecn\n");
-	fprintf(stderr, "ENCAPTYPE := [ mpls | ip | ip6 ]\n");
-	fprintf(stderr, "ENCAPHDR := [ MPLSLABEL ]\n");
+	fprintf(stderr, "ENCAPTYPE := [ mpls | ip | ip6 | seg6 ]\n");
+	fprintf(stderr, "ENCAPHDR := [ MPLSLABEL | SEG6HDR ]\n");
+	fprintf(stderr, "SEG6HDR := [ mode SEGMODE ] segs ADDR1,ADDRi,ADDRn [hmac HMACKEYID] [cleanup]\n");
+	fprintf(stderr, "SEGMODE := [ encap | inline ]\n");
 	exit(-1);
 }
 
diff --git a/ip/iproute_lwtunnel.c b/ip/iproute_lwtunnel.c
index 0fa1cab..85f586a 100644
--- a/ip/iproute_lwtunnel.c
+++ b/ip/iproute_lwtunnel.c
@@ -19,6 +19,13 @@
 #include <linux/ila.h>
 #include <linux/lwtunnel.h>
 #include <linux/mpls_iptunnel.h>
+
+#ifndef __USE_KERNEL_IPV6_DEFS
+#define __USE_KERNEL_IPV6_DEFS
+#endif
+#include <linux/seg6.h>
+#include <linux/seg6_iptunnel.h>
+#include <linux/seg6_hmac.h>
 #include <errno.h>
 
 #include "rt_names.h"
@@ -39,6 +46,8 @@ static const char *format_encap_type(int type)
 		return "ila";
 	case LWTUNNEL_ENCAP_BPF:
 		return "bpf";
+	case LWTUNNEL_ENCAP_SEG6:
+		return "seg6";
 	default:
 		return "unknown";
 	}
@@ -69,12 +78,49 @@ static int read_encap_type(const char *name)
 		return LWTUNNEL_ENCAP_ILA;
 	else if (strcmp(name, "bpf") == 0)
 		return LWTUNNEL_ENCAP_BPF;
+	else if (strcmp(name, "seg6") == 0)
+		return LWTUNNEL_ENCAP_SEG6;
 	else if (strcmp(name, "help") == 0)
 		encap_type_usage();
 
 	return LWTUNNEL_ENCAP_NONE;
 }
 
+static void print_encap_seg6(FILE *fp, struct rtattr *encap)
+{
+	struct rtattr *tb[SEG6_IPTUNNEL_MAX+1];
+	struct seg6_iptunnel_encap *tuninfo;
+	struct ipv6_sr_hdr *srh;
+	int i;
+
+	parse_rtattr_nested(tb, SEG6_IPTUNNEL_MAX, encap);
+
+	if (!tb[SEG6_IPTUNNEL_SRH])
+	return;
+
+	tuninfo = RTA_DATA(tb[SEG6_IPTUNNEL_SRH]);
+	fprintf(fp, "mode %s ",
+		(tuninfo->mode == SEG6_IPTUN_MODE_ENCAP) ? "encap" : "inline");
+
+	srh = tuninfo->srh;
+
+	fprintf(fp, "segs %d [ ", srh->first_segment + 1);
+
+	for (i = srh->first_segment; i >= 0; i--)
+		fprintf(fp, "%s ",
+			rt_addr_n2a(AF_INET6, 16, &srh->segments[i]));
+
+	fprintf(fp, "] ");
+
+	if (sr_has_hmac(srh)) {
+		unsigned int offset = ((srh->hdrlen + 1) << 3) - 40;
+		struct sr6_tlv_hmac *tlv;
+
+		tlv = (struct sr6_tlv_hmac *)((char *)srh + offset);
+		fprintf(fp, "hmac 0x%X ", ntohl(tlv->hmackeyid));
+	}
+}
+
 static void print_encap_mpls(FILE *fp, struct rtattr *encap)
 {
 	struct rtattr *tb[MPLS_IPTUNNEL_MAX+1];
@@ -238,9 +284,114 @@ void lwt_print_encap(FILE *fp, struct rtattr *encap_type,
 	case LWTUNNEL_ENCAP_BPF:
 		print_encap_bpf(fp, encap);
 		break;
+	case LWTUNNEL_ENCAP_SEG6:
+		print_encap_seg6(fp, encap);
+		break;
 	}
 }
 
+static int parse_encap_seg6(struct rtattr *rta, size_t len, int *argcp,
+			    char ***argvp)
+{
+	int mode_ok = 0, segs_ok = 0, hmac_ok = 0;
+	struct seg6_iptunnel_encap *tuninfo;
+	struct ipv6_sr_hdr *srh;
+	char **argv = *argvp;
+	char segbuf[1024];
+	int argc = *argcp;
+	int encap = -1;
+	__u32 hmac = 0;
+	int nsegs = 0;
+	int srhlen;
+	char *s;
+	int i;
+
+	while (argc > 0) {
+		if (strcmp(*argv, "mode") == 0) {
+			NEXT_ARG();
+			if (mode_ok++)
+				duparg2("mode", *argv);
+			if (strcmp(*argv, "encap") == 0)
+				encap = 1;
+			else if (strcmp(*argv, "inline") == 0)
+				encap = 0;
+			else
+				invarg("\"mode\" value is invalid\n", *argv);
+		} else if (strcmp(*argv, "segs") == 0) {
+			NEXT_ARG();
+			if (segs_ok++)
+				duparg2("segs", *argv);
+			if (encap == -1)
+				invarg("\"segs\" provided before \"mode\"\n",
+				       *argv);
+
+			strncpy(segbuf, *argv, 1024);
+			segbuf[1023] = 0;
+		} else if (strcmp(*argv, "hmac") == 0) {
+			NEXT_ARG();
+			if (hmac_ok++)
+				duparg2("hmac", *argv);
+			get_u32(&hmac, *argv, 0);
+		} else {
+			break;
+		}
+		argc--; argv++;
+	}
+
+	s = segbuf;
+	for (i = 0; *s; *s++ == ',' ? i++ : *s);
+	nsegs = i + 1;
+
+	if (!encap)
+		nsegs++;
+
+	srhlen = 8 + 16*nsegs;
+
+	if (hmac)
+		srhlen += 40;
+
+	tuninfo = malloc(sizeof(*tuninfo) + srhlen);
+	memset(tuninfo, 0, sizeof(*tuninfo) + srhlen);
+
+	if (encap)
+		tuninfo->mode = SEG6_IPTUN_MODE_ENCAP;
+	else
+		tuninfo->mode = SEG6_IPTUN_MODE_INLINE;
+
+	srh = tuninfo->srh;
+	srh->hdrlen = (srhlen >> 3) - 1;
+	srh->type = 4;
+	srh->segments_left = nsegs - 1;
+	srh->first_segment = nsegs - 1;
+
+	if (hmac)
+		srh->flags |= SR6_FLAG1_HMAC;
+
+	i = srh->first_segment;
+	for (s = strtok(segbuf, ","); s; s = strtok(NULL, ",")) {
+		inet_get_addr(s, NULL, &srh->segments[i]);
+		i--;
+	}
+
+	if (hmac) {
+		struct sr6_tlv_hmac *tlv;
+
+		tlv = (struct sr6_tlv_hmac *)((char *)srh + srhlen - 40);
+		tlv->tlvhdr.type = SR6_TLV_HMAC;
+		tlv->tlvhdr.len = 38;
+		tlv->hmackeyid = htonl(hmac);
+	}
+
+	rta_addattr_l(rta, len, SEG6_IPTUNNEL_SRH, tuninfo,
+		      sizeof(*tuninfo) + srhlen);
+	free(tuninfo);
+
+	*argcp = argc + 1;
+	*argvp = argv - 1;
+
+	return 0;
+}
+
 static int parse_encap_mpls(struct rtattr *rta, size_t len,
 			    int *argcp, char ***argvp)
 {
@@ -573,6 +724,9 @@ int lwt_parse_encap(struct rtattr *rta, size_t len, int *argcp, char ***argvp)
 		if (parse_encap_bpf(rta, len, &argc, &argv) < 0)
 			exit(-1);
 		break;
+	case LWTUNNEL_ENCAP_SEG6:
+		parse_encap_seg6(rta, len, &argc, &argv);
+		break;
 	default:
 		fprintf(stderr, "Error: unsupported encap type\n");
 		break;
-- 
2.10.2

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [PATCH iproute2 net-next 3/3] man: add documentation for IPv6 SR commands
  2017-04-14 12:36 [PATCH iproute2 net-next 0/3] Add support for IPv6 Segment Routing David Lebrun
  2017-04-14 12:36 ` [PATCH iproute2 net-next 1/3] ip: add ip sr command to control SR-IPv6 internal structures David Lebrun
  2017-04-14 12:36 ` [PATCH iproute2 net-next 2/3] iproute: add support for SR-IPv6 lwtunnel encapsulation David Lebrun
@ 2017-04-14 12:36 ` David Lebrun
  2 siblings, 0 replies; 6+ messages in thread
From: David Lebrun @ 2017-04-14 12:36 UTC (permalink / raw)
  To: netdev; +Cc: David Lebrun

This patch adds information about seg6 encapsulation in the ip-route
manual, as well as the ip-sr manual page.

Signed-off-by: David Lebrun <david.lebrun@uclouvain.be>
---
 man/man8/ip-route.8.in | 39 +++++++++++++++++++++++++++++++--
 man/man8/ip-sr.8       | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 95 insertions(+), 2 deletions(-)
 create mode 100644 man/man8/ip-sr.8

diff --git a/man/man8/ip-route.8.in b/man/man8/ip-route.8.in
index d6e0664..d432a33 100644
--- a/man/man8/ip-route.8.in
+++ b/man/man8/ip-route.8.in
@@ -174,7 +174,7 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]"
 
 .ti -8
 .IR ENCAP " := [ "
-.IR MPLS " | " IP | " BPF " ] "
+.IR MPLS " | " IP " | " BPF " | " SEG6 " ] "
 
 .ti -8
 .IR ENCAP_MPLS " := "
@@ -193,7 +193,6 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]"
 .B  ttl
 .IR TTL " ]"
 
-
 .ti -8
 .IR ENCAP_BPF " := "
 .BR bpf " [ "
@@ -206,6 +205,16 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]"
 .B headroom
 .IR SIZE " ]"
 
+.ti -8
+.IR ENCAP_SEG6 " := "
+.B seg6
+.BR mode " [ "
+.BR encap " | " inline " ] "
+.B segs
+.IR SEGMENTS " [ "
+.B hmac
+.IR KEYID " ]"
+
 .SH DESCRIPTION
 .B ip route
 is used to manipulate entries in the kernel routing tables.
@@ -652,6 +661,8 @@ is a string specifying the supported encapsulation type. Namely:
 .BI bpf
 - Execution of BPF program
 .sp
+.BI seg6
+- encapsulation type IPv6 Segment Routing
 
 .in -8
 .I ENCAPHDR
@@ -703,6 +714,25 @@ is a set of encapsulation attributes specific to the
 .in -2
 .sp
 
+.B seg6
+.in +2
+.B mode inline
+- Directly insert Segment Routing Header after IPv6 header
+.sp
+
+.B mode encap
+- Encapsulate packet in an outer IPv6 header with SRH
+.sp
+
+.I SEGMENTS
+- List of comma-separated IPv6 addresses
+.sp
+
+.I KEYID
+- Numerical value in decimal representation. See \fBip-sr\fR(8).
+.in -2
+.sp
+
 .in -8
 
 .TP
@@ -986,6 +1016,11 @@ ip route add 10.1.1.0/30 encap mpls 200/300 via 10.1.1.1 dev eth0
 .RS 4
 Adds an ipv4 route with mpls encapsulation attributes attached to it.
 .RE
+.PP
+ip -6 route add 2001:db8:1::/64 encap seg6 mode encap segs 2001:db8:42::1,2001:db8:ffff::2 dev eth0
+.RS 4
+Adds an IPv6 route with SRv6 encapsulation and two segments attached.
+.RE
 .SH SEE ALSO
 .br
 .BR ip (8)
diff --git a/man/man8/ip-sr.8 b/man/man8/ip-sr.8
new file mode 100644
index 0000000..6be1cc5
--- /dev/null
+++ b/man/man8/ip-sr.8
@@ -0,0 +1,58 @@
+.TH IP\-SR 8 "14 Apr 2017" "iproute2" "Linux"
+.SH "NAME"
+ip-sr \- IPv6 Segment Routing management
+.SH SYNOPSIS
+.sp
+.ad l
+.in +8
+.ti -8
+.B ip sr
+.RI " { " COMMAND " | "
+.BR help " }"
+.sp
+.ti -8
+
+.ti -8
+.B ip sr hmac show
+
+.ti -8
+.B ip sr hmac set
+.I KEYID ALGO
+
+.ti -8
+.B ip sr tunsrc show
+
+.ti -8
+.B ip sr tunsrc set
+.I ADDRESS
+
+.SH DESCRIPTION
+The \fBip sr\fR command is used to configure IPv6 Segment Routing (SRv6)
+internal parameters.
+.PP
+Those parameters include the mapping between an HMAC key ID and its associated
+hashing algorithm and secret, and the IPv6 address to use as source for encapsulated
+packets.
+.PP
+The \fBip sr hmac set\fR command prompts for a passphrase that will be used as the
+HMAC secret for the corresponding key ID. A blank passphrase removes the mapping.
+The currently supported algorithms for \fIALGO\fR are \fBsha1\fR and \fBsha256\fR.
+.PP
+If the tunnel source is set to the address :: (which is the default), then an address
+of the egress interface will be selected. As this operation may hinder performances,
+it is recommended to set a non-default address.
+
+.SH EXAMPLES
+.PP
+.SS Configure an HMAC mapping for key ID 42 and hashing algorithm SHA-256
+.nf
+# ip sr hmac set 42 sha256
+.PP
+.SS Set the tunnel source address to 2001:db8::1
+.nf
+# ip sr tunsrc set 2001:db8::1
+.SH SEE ALSO
+.br
+.BR ip-route (8)
+.SH AUTHOR
+David Lebrun <david.lebrun@uclouvain.be>
-- 
2.10.2

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH iproute2 net-next 1/3] ip: add ip sr command to control SR-IPv6 internal structures
  2017-04-14 12:36 ` [PATCH iproute2 net-next 1/3] ip: add ip sr command to control SR-IPv6 internal structures David Lebrun
@ 2017-04-14 22:45   ` Stephen Hemminger
  0 siblings, 0 replies; 6+ messages in thread
From: Stephen Hemminger @ 2017-04-14 22:45 UTC (permalink / raw)
  To: David Lebrun; +Cc: netdev

On Fri, 14 Apr 2017 14:36:21 +0200
David Lebrun <david.lebrun@uclouvain.be> wrote:

> +static struct {
> +	int cmd;
Why not unsigned? you only assign positive values
> +	struct in6_addr addr;
> +	__u32 keyid;
> +	char *pass;
Why not const char *? or do you free the value on exit?
> +	__u8 alg_id;
> +} opts;
> +

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH iproute2 net-next 2/3] iproute: add support for SR-IPv6 lwtunnel encapsulation
  2017-04-14 12:36 ` [PATCH iproute2 net-next 2/3] iproute: add support for SR-IPv6 lwtunnel encapsulation David Lebrun
@ 2017-04-14 22:46   ` Stephen Hemminger
  0 siblings, 0 replies; 6+ messages in thread
From: Stephen Hemminger @ 2017-04-14 22:46 UTC (permalink / raw)
  To: David Lebrun; +Cc: netdev

On Fri, 14 Apr 2017 14:36:22 +0200
David Lebrun <david.lebrun@uclouvain.be> wrote:

> +	if (!tb[SEG6_IPTUNNEL_SRH])
> +	return

Bad indentation?

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2017-04-14 22:46 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-14 12:36 [PATCH iproute2 net-next 0/3] Add support for IPv6 Segment Routing David Lebrun
2017-04-14 12:36 ` [PATCH iproute2 net-next 1/3] ip: add ip sr command to control SR-IPv6 internal structures David Lebrun
2017-04-14 22:45   ` Stephen Hemminger
2017-04-14 12:36 ` [PATCH iproute2 net-next 2/3] iproute: add support for SR-IPv6 lwtunnel encapsulation David Lebrun
2017-04-14 22:46   ` Stephen Hemminger
2017-04-14 12:36 ` [PATCH iproute2 net-next 3/3] man: add documentation for IPv6 SR commands David Lebrun

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.