From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1205FC10F0E for ; Thu, 18 Apr 2019 17:08:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id CFC312171F for ; Thu, 18 Apr 2019 17:08:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com header.i=@herbertland-com.20150623.gappssmtp.com header.b="w2c1tnYT" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389617AbfDRRIo (ORCPT ); Thu, 18 Apr 2019 13:08:44 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:42839 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733192AbfDRRIo (ORCPT ); Thu, 18 Apr 2019 13:08:44 -0400 Received: by mail-pf1-f195.google.com with SMTP id w25so1385892pfi.9 for ; Thu, 18 Apr 2019 10:08:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id; bh=1PXl0jx/Prbq1TjnVJkWca6FmIVIgW4NbqYGrHRTzPI=; b=w2c1tnYTIzlFdE3L/MBJHWr98TljKOZ5Y3/zBhWDPOneeknSdpwUpZmgD/P7KQS/Wz 0+PbOagvw4IHBS4eF50MBglwc8bn2PBPg8Ux02l4TKN0AVv4XU8qLSlbLU8G5dii9VES swZ/Lp7Vei6sFXVQdjoXJNRf3FnDoVTwZr5xJpcj2B2C1zUBKPOhEjhs/wptjFcwkTIG 3H1mtkZEt2YFoQulQPyAc05DQzlm6S9WfSPxedvWaOH5wg8pLk8HDXvoY3El59oMvv2E WPsC8qN/guv9xSl1yAIwBfHVt2OtOsQFiMSRvtAprVXPkPXi6cSWwt8SItCUOJdtGnng Srwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=1PXl0jx/Prbq1TjnVJkWca6FmIVIgW4NbqYGrHRTzPI=; b=MKYeY5f+KZrV5UHnJFp5KoWqSjCXUczIqV73v9VVHgVjoftv8CHcOUeRLYRyJd6DQE cF6B5YXFKzvRt+cOHNPK2Yl25YR/NzXjAfnJm1UBT3slYQg3fR4UyRVJ8aDHtHWPhCE8 paHy3V1K33y8xjVRl2VfafBWNlI29jUQLWsRpsOOJZ6V8BkvH+jhrapj/ArsylwLG5eR B9eqxIZExoTPnjVGQnKly1kY/1cESCJmdwIL+2un6VMvK8dbmPwxM47Y1lnQ4w/cGvYL gZAnWyI0HzzmYmiz5XEodyTtIrA2mHr42+Cv04ltI+OoQ9ilI1+76uuPQA12c1DKT9pq AmqA== X-Gm-Message-State: APjAAAUaCyhtRORZ9ncjhq74LkYdiLrgNG8FC4sMMMrefA4F0god4fDW miBZnHU48wrLSRPKcgXaL+1LyRqAFF8= X-Google-Smtp-Source: APXvYqy6CHD3zDWNAi+wSn78nsRZQB6gBMaRltisFoVfXkrguRynq8b1wXGkGvva2qMOAU6l6+TUAQ== X-Received: by 2002:a65:5ac3:: with SMTP id d3mr91696599pgt.168.1555607323353; Thu, 18 Apr 2019 10:08:43 -0700 (PDT) Received: from localhost.localdomain (c-73-223-249-119.hsd1.ca.comcast.net. [73.223.249.119]) by smtp.gmail.com with ESMTPSA id w21sm3657517pfn.48.2019.04.18.10.08.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 18 Apr 2019 10:08:42 -0700 (PDT) From: Tom Herbert X-Google-Original-From: Tom Herbert To: davem@davemloft.net, netdev@vger.kernel.org Cc: Tom Herbert Subject: [PATCH v4 net-next 0/6] exthdrs: Make ext. headers & options useful - Part I Date: Thu, 18 Apr 2019 10:08:24 -0700 Message-Id: <1555607310-7819-1-git-send-email-tom@quantonium.net> X-Mailer: git-send-email 2.7.4 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Extension headers are the mechanism of extensibility for the IPv6 protocol, however to date they have only seen limited deployment. The reasons for that are because intermediate devices don't handle them well, and there haven't really be any useful extension headers defined. In particular, Destination and Hop-by-Hop options have not been deployed to any extent. The landscape may be changing as there are now a number of serious efforts to define and deploy extension headers. In particular, a number of uses for Hop-by-Hop Options are currently being proposed, Some of these are from router vendors so there is hope that they might start start to fix their brokenness. These proposals include IOAM, Path MTU, Firewall and Service Tickets, SRv6, CRH, etc. Assuming that IPv6 extension headers gain traction, that leaves a noticeable gap in IPv4 support. IPv4 options have long been considered a non-starter for deployment. An alternative being proposed is to enable use of IPv6 options with IPv4 (draft-herbert-ipv4-eh-00). This series of patch sets endeavours to make extension headers and related options useful and easy to use. The following items will be addressed: - Reorganize extension header files - Allow registration of TLV handlers - Elaborate on the TLV tables to include more characteristics - Add a netlink interface to set TLV parameters (such as alignment requirements, authorization to send, etc.) - Enhance validation of TLVs being sent. Validation is strict (unless overridden by admin) following that sending clause of the robustness principle - Allow non-privileged users to set Hop-by-Hop and Destination Options if authorized by the admin - Add an API that allows individual Hop-by-Hop and Destination Options to be set or removed for a connected socket. The backend end enforces permissions on what TLVs may be set and merges set TLVs per following the rules in the TLV parameter table (for instance, TLV parameters include a preferred sending order that merging adheres to) - Add an infrastructure to allow Hop-by-Hop and Destination Options to be processed in the context of a connected socket - Support for some of the aforementioned options - Enable IPv4 extension headers ------ In this series: - Create exhdrs_options.c. Move options specific processing to this file from exthdrs.c (for RA, Jumbo, Calipso, and HAO) - Move generic functions exthdrs_core.c. - Allow modules to register TLV handlers for Destination and HBH options. - Add parameters block to TLV type entries that describe characteristics related to the TLV. For the most part, these encode rules about sending each TLV (TLV alignment requirements for instance). - Add a netlink interface to manage parameters in the TLV table. - Add validation of HBH and Destination Options that are set on a socket or in ancillary data in sendmsg. The validation applies the rules that are encoded in the TLV parameters. - TLV parameters includes permissions that may allow non-privileged users to set specific TLVs on a socket HBH options or Destination options. Strong validation can be enabled for this to constrain what the non-privileged user is able to do. v2: - Don't rename extension header files with IPv6 specific code before code for IPv4 extension headers is present - Added patches for creating TLV parameters and validation v3: - Fix kbuild errors. Ensure build and operation when IPv6 is disabled. v4: - Remove patch that consolidated option cases in option cases in ip6_datagram_send_ctl per feedback Tested: Set Hop-by-Hop options on TCP/UDP socket and verified to be functional. Tom Herbert (6): exthdrs: Create exthdrs_options.c exthdrs: Move generic EH functions to exthdrs_core.c exthdrs: Registration of TLV handlers and parameters exthdrs: Add TX parameters ip6tlvs: Add netlink interface ip6tlvs: Validation of TX Destination and Hop-by-Hop options include/net/ipv6.h | 127 ++++++ include/uapi/linux/in6.h | 49 ++ net/ipv6/Makefile | 2 +- net/ipv6/datagram.c | 51 ++- net/ipv6/exthdrs.c | 388 ++-------------- net/ipv6/exthdrs_core.c | 1091 ++++++++++++++++++++++++++++++++++++++++++++ net/ipv6/exthdrs_options.c | 347 ++++++++++++++ net/ipv6/ipv6_sockglue.c | 43 +- 8 files changed, 1694 insertions(+), 404 deletions(-) create mode 100644 net/ipv6/exthdrs_options.c -- 2.7.4