[v5,net-next,5/7] ip6tlvs: Add TX parameters

Message ID	1570139884-20183-6-git-send-email-tom@herbertland.com
State	Changes Requested
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Tom Herbert <tom@herbertland.com> To: davem@davemloft.net, netdev@vger.kernel.org Cc: Tom Herbert <tom@quantonium.net>, Tom Herbert <tom@herbertland.com> Subject: [PATCH v5 net-next 5/7] ip6tlvs: Add TX parameters Date: Thu, 3 Oct 2019 14:58:02 -0700 Message-Id: <1570139884-20183-6-git-send-email-tom@herbertland.com> In-Reply-To: <1570139884-20183-1-git-send-email-tom@herbertland.com> References: <1570139884-20183-1-git-send-email-tom@herbertland.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk
Series	ipv6: Extension header infrastructure \| expand [v5,net-next,0/7] ipv6: Extension header infrastructure [v5,net-next,1/7] ipeh: Create exthdrs_options.c and ipeh.h [v5,net-next,2/7] ipeh: Move generic EH functions to exthdrs_common.c [v5,net-next,3/7] ipeh: Generic TLV parser [v5,net-next,4/7] ip6tlvs: Registration of TLV handlers and parameters [v5,net-next,5/7] ip6tlvs: Add TX parameters [v5,net-next,6/7] ip6tlvs: Add netlink interface [v5,net-next,7/7] ip6tlvs: Validation of TX Destination and Hop-by-Hop options

Message ID

1570139884-20183-6-git-send-email-tom@herbertland.com

State

Changes Requested

Delegated to:

David Miller

Headers

From: Tom Herbert <tom@herbertland.com>
To: davem@davemloft.net, netdev@vger.kernel.org
Cc: Tom Herbert <tom@quantonium.net>, Tom Herbert <tom@herbertland.com>
Subject: [PATCH v5 net-next 5/7] ip6tlvs: Add TX parameters
Date: Thu,  3 Oct 2019 14:58:02 -0700
Message-Id: <1570139884-20183-6-git-send-email-tom@herbertland.com>
In-Reply-To: <1570139884-20183-1-git-send-email-tom@herbertland.com>
References: <1570139884-20183-1-git-send-email-tom@herbertland.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Series

ipv6: Extension header infrastructure | expand

Commit Message

Tom Herbert Oct. 3, 2019, 9:58 p.m. UTC

From: Tom Herbert <tom@quantonium.net>

Define a number of transmit parameters for TLV Parameter table
definitions. These will be used for validating TLVs that are set
on a socket.

Signed-off-by: Tom Herbert <tom@herbertland.com>
---
 include/net/ipeh.h         | 18 ++++++++++++++++
 include/uapi/linux/ipeh.h  |  8 +++++++
 net/ipv6/exthdrs_common.c  | 53 +++++++++++++++++++++++++++++++++++++++++++++-
 net/ipv6/exthdrs_options.c | 45 +++++++++++++++++++++++++++++++++++++++
 4 files changed, 123 insertions(+), 1 deletion(-)

Comments

Simon Horman Oct. 6, 2019, 1:25 p.m. UTC | #1

On Thu, Oct 03, 2019 at 02:58:02PM -0700, Tom Herbert wrote:
> From: Tom Herbert <tom@quantonium.net>
> 
> Define a number of transmit parameters for TLV Parameter table
> definitions. These will be used for validating TLVs that are set
> on a socket.
> 
> Signed-off-by: Tom Herbert <tom@herbertland.com>
> ---
>  include/net/ipeh.h         | 18 ++++++++++++++++
>  include/uapi/linux/ipeh.h  |  8 +++++++
>  net/ipv6/exthdrs_common.c  | 53 +++++++++++++++++++++++++++++++++++++++++++++-
>  net/ipv6/exthdrs_options.c | 45 +++++++++++++++++++++++++++++++++++++++
>  4 files changed, 123 insertions(+), 1 deletion(-)
> 
> diff --git a/include/net/ipeh.h b/include/net/ipeh.h
> index aaa2910..de6d9d0 100644
> --- a/include/net/ipeh.h
> +++ b/include/net/ipeh.h

...

> @@ -54,6 +65,13 @@ struct tlv_param_table {
>  
>  extern struct tlv_param_table ipv6_tlv_param_table;
>  
> +/* Preferred TLV ordering for HBH and Dest options (placed by increasing order)
> + */
> +#define IPEH_TLV_PREF_ORDER_HAO			10
> +#define IPEH_TLV_PREF_ORDER_ROUTERALERT		20
> +#define IPEH_TLV_PREF_ORDER_JUMBO		30
> +#define IPEH_TLV_PREF_ORDER_CALIPSO		40
> +

Hi Tom,

Could you expand on why thse values were chosen?

I can see that this patch implements a specific use of
the 255 indexes available. But its not at all clear to me that
this use fits expected use-cases (because I don't know what they are).

...

Tom Herbert Dec. 14, 2019, 7:19 p.m. UTC | #2

On Sun, Oct 6, 2019 at 6:25 AM Simon Horman <simon.horman@netronome.com> wrote:
>
> On Thu, Oct 03, 2019 at 02:58:02PM -0700, Tom Herbert wrote:
> > From: Tom Herbert <tom@quantonium.net>
> >
> > Define a number of transmit parameters for TLV Parameter table
> > definitions. These will be used for validating TLVs that are set
> > on a socket.
> >
> > Signed-off-by: Tom Herbert <tom@herbertland.com>
> > ---
> >  include/net/ipeh.h         | 18 ++++++++++++++++
> >  include/uapi/linux/ipeh.h  |  8 +++++++
> >  net/ipv6/exthdrs_common.c  | 53 +++++++++++++++++++++++++++++++++++++++++++++-
> >  net/ipv6/exthdrs_options.c | 45 +++++++++++++++++++++++++++++++++++++++
> >  4 files changed, 123 insertions(+), 1 deletion(-)
> >
> > diff --git a/include/net/ipeh.h b/include/net/ipeh.h
> > index aaa2910..de6d9d0 100644
> > --- a/include/net/ipeh.h
> > +++ b/include/net/ipeh.h
>
> ...
>
> > @@ -54,6 +65,13 @@ struct tlv_param_table {
> >
> >  extern struct tlv_param_table ipv6_tlv_param_table;
> >
> > +/* Preferred TLV ordering for HBH and Dest options (placed by increasing order)
> > + */
> > +#define IPEH_TLV_PREF_ORDER_HAO                      10
> > +#define IPEH_TLV_PREF_ORDER_ROUTERALERT              20
> > +#define IPEH_TLV_PREF_ORDER_JUMBO            30
> > +#define IPEH_TLV_PREF_ORDER_CALIPSO          40
> > +
>
> Hi Tom,
>
> Could you expand on why thse values were chosen?
>
Pseudo random selection :-). The idea of having an ordering is to
constrain the use of TLVs (in some environments there may be TLV
ordering requirements or optimizations around specific ordering). Note
that the ordering only applies to validation of TLVs being set to
send, there are no ordering constraints in RX. Also, in the next patch
set where application can set individual HBH and DO options on a
socket, the ordering attribute is used to always produce the same
order on the wire regardless of the ordering that the application set
the options. For non-priviledeged applications especially, I believe
it's good to be conservative and apply reasonable constraints such as
ordering for TX (i.e. follow robustness principle).

> I can see that this patch implements a specific use of
> the 255 indexes available. But its not at all clear to me that
> this use fits expected use-cases (because I don't know what they are).
>
There are at more 253 non-padding option types. Fortunately the
protocol designers had the foresight to limit option type to a byte
and so it's reasonable to represent for lookup in simple arrays. Two
bytes for type would have been much more painful (compare lookup on
EtherType to IP protocol numbers for instance).

> ...

diff --git a/include/net/ipeh.h b/include/net/ipeh.h
index aaa2910..de6d9d0 100644
--- a/include/net/ipeh.h
+++ b/include/net/ipeh.h
@@ -20,6 +20,17 @@  struct tlv_rx_params {
 };
 
 struct tlv_tx_params {
+	unsigned char admin_perm : 2;
+	unsigned char user_perm : 2;
+	unsigned char class : 3;
+	unsigned char rsvd : 1;
+	unsigned char align_mult : 4;
+	unsigned char align_off : 4;
+	unsigned char data_len_mult : 4;
+	unsigned char data_len_off : 4;
+	unsigned char min_data_len;
+	unsigned char max_data_len;
+	unsigned short preferred_order;
 };
 
 struct tlv_params {
@@ -54,6 +65,13 @@  struct tlv_param_table {
 
 extern struct tlv_param_table ipv6_tlv_param_table;
 
+/* Preferred TLV ordering for HBH and Dest options (placed by increasing order)
+ */
+#define IPEH_TLV_PREF_ORDER_HAO			10
+#define IPEH_TLV_PREF_ORDER_ROUTERALERT		20
+#define IPEH_TLV_PREF_ORDER_JUMBO		30
+#define IPEH_TLV_PREF_ORDER_CALIPSO		40
+
 int __ipeh_tlv_set(struct tlv_param_table *tlv_param_table,
 		   unsigned char type, const struct tlv_params *params,
 		   const struct tlv_ops *ops);
diff --git a/include/uapi/linux/ipeh.h b/include/uapi/linux/ipeh.h
index c4302b7..dbf0728 100644
--- a/include/uapi/linux/ipeh.h
+++ b/include/uapi/linux/ipeh.h
@@ -13,4 +13,12 @@ 
 				  IPEH_TLV_CLASS_FLAG_RTRDSTOPT |	\
 				  IPEH_TLV_CLASS_FLAG_DSTOPT)
 
+/* TLV permissions values */
+enum {
+	IPEH_TLV_PERM_NONE,
+	IPEH_TLV_PERM_WITH_CHECK,
+	IPEH_TLV_PERM_NO_CHECK,
+	IPEH_TLV_PERM_MAX = IPEH_TLV_PERM_NO_CHECK
+};
+
 #endif /* _UAPI_LINUX_IPEH_H */
diff --git a/net/ipv6/exthdrs_common.c b/net/ipv6/exthdrs_common.c
index 43737fc..feaa4a6 100644
--- a/net/ipv6/exthdrs_common.c
+++ b/net/ipv6/exthdrs_common.c
@@ -3,6 +3,7 @@ 
 /* Extension header and TLV library code that is not specific to IPv6. */
 #include <linux/export.h>
 #include <net/ipv6.h>
+#include <uapi/linux/ipeh.h>
 
 struct ipv6_txoptions *
 ipeh_dup_options(struct sock *sk, struct ipv6_txoptions *opt)
@@ -265,6 +266,13 @@  EXPORT_SYMBOL(ipeh_parse_tlv);
 
 /* Default (unset) values for TLV parameters */
 static const struct tlv_proc tlv_default_proc = {
+	.params.t = {
+		.admin_perm = IPEH_TLV_PERM_NO_CHECK,
+		.user_perm = IPEH_TLV_PERM_NONE,
+		.align_mult = (4 - 1), /* Default alignment: 4n + 2 */
+		.align_off = 2,
+		.max_data_len = 255,
+	},
 };
 
 static DEFINE_MUTEX(tlv_mutex);
@@ -284,16 +292,45 @@  static void tlv_param_table_release(struct rcu_head *rcu)
 }
 
 /* mutex held */
+static int check_order(struct tlv_param_table_data *tpt, unsigned char type,
+		       unsigned short order)
+{
+	int i;
+
+	if (!order)
+		return -EINVAL;
+
+	for (i = 2; i < 256; i++) {
+		struct tlv_type *ttype = &tpt->types[tpt->entries[i]];
+
+		if (!tpt->entries[i])
+			continue;
+
+		if (order == ttype->proc.params.t.preferred_order &&
+		    i != type)
+			return -EALREADY;
+	}
+
+	return 0;
+}
+
+/* mutex held */
 static int __tlv_set_one(struct tlv_param_table *tlv_param_table,
 			 unsigned char type, const struct tlv_params *params,
 			 const struct tlv_ops *ops)
 {
 	struct tlv_param_table_data *tpt, *told;
 	struct tlv_type *ttype;
+	int retv;
 
 	told = rcu_dereference_protected(tlv_param_table->data,
 					 lockdep_is_held(&tlv_mutex));
 
+	/* Check preferred order */
+	retv = check_order(told, type, params->t.preferred_order);
+	if (retv)
+		return retv;
+
 	/* Create new TLV table. If there is no exsiting entry then we are
 	 * adding a new one to the table, else we're modifying an entry.
 	 */
@@ -422,7 +459,7 @@  int ipeh_exthdrs_init(struct tlv_param_table *tlv_param_table,
 		      int num_init_params)
 {
 	struct tlv_param_table_data *tpt;
-	int pos = 0, i;
+	int pos = 0, i, j;
 	size_t tsize;
 
 	tsize = tlv_param_table_size(num_init_params + 1);
@@ -448,6 +485,20 @@  int ipeh_exthdrs_init(struct tlv_param_table *tlv_param_table,
 			goto err_inval;
 		}
 
+		if (WARN_ON(!tpi->proc.params.t.preferred_order)) {
+			/* Preferred order must be non-zero */
+			goto err_inval;
+		}
+
+		for (j = 0; j < i; j++) {
+			const struct tlv_proc_init *tpix = &tlv_init_params[j];
+
+			if (WARN_ON(tpi->proc.params.t.preferred_order ==
+				    tpix->proc.params.t.preferred_order)) {
+				/* Preferred order must be unique */
+				goto err_inval;
+			}
+		}
 		tpt->types[pos].proc = tpi->proc;
 		tpt->entries[tpi->type] = pos;
 	}
diff --git a/net/ipv6/exthdrs_options.c b/net/ipv6/exthdrs_options.c
index d4b373e..3b50b58 100644
--- a/net/ipv6/exthdrs_options.c
+++ b/net/ipv6/exthdrs_options.c
@@ -183,6 +183,17 @@  static const struct tlv_proc_init tlv_ipv6_init_params[] __initconst = {
 
 		.proc.ops.func = ipv6_dest_hao,
 		.proc.params.r.class = IPEH_TLV_CLASS_FLAG_DSTOPT,
+
+		.proc.params.t = {
+			.preferred_order = IPEH_TLV_PREF_ORDER_HAO,
+			.admin_perm = IPEH_TLV_PERM_NO_CHECK,
+			.user_perm = IPEH_TLV_PERM_NONE,
+			.class = IPEH_TLV_CLASS_FLAG_DSTOPT,
+			.align_mult = (8 - 1), /* Align to 8n + 6 */
+			.align_off = 6,
+			.min_data_len = 16,
+			.max_data_len = 16,
+		},
 	},
 #endif
 	{
@@ -190,18 +201,52 @@  static const struct tlv_proc_init tlv_ipv6_init_params[] __initconst = {
 
 		.proc.ops.func = ipv6_hop_ra,
 		.proc.params.r.class = IPEH_TLV_CLASS_FLAG_HOPOPT,
+
+		.proc.params.t = {
+			.preferred_order = IPEH_TLV_PREF_ORDER_ROUTERALERT,
+			.admin_perm = IPEH_TLV_PERM_NO_CHECK,
+			.user_perm = IPEH_TLV_PERM_NONE,
+			.class = IPEH_TLV_CLASS_FLAG_HOPOPT,
+			.align_mult = (2 - 1), /* Align to 2n */
+			.min_data_len = 2,
+			.max_data_len = 2,
+		},
 	},
 	{
 		.type = IPV6_TLV_JUMBO,
 
 		.proc.ops.func	= ipv6_hop_jumbo,
 		.proc.params.r.class = IPEH_TLV_CLASS_FLAG_HOPOPT,
+
+		.proc.params.t = {
+			.preferred_order = IPEH_TLV_PREF_ORDER_JUMBO,
+			.admin_perm = IPEH_TLV_PERM_NO_CHECK,
+			.user_perm = IPEH_TLV_PERM_NONE,
+			.class = IPEH_TLV_CLASS_FLAG_HOPOPT,
+			.align_mult = (4 - 1), /* Align to 4n + 2 */
+			.align_off = 2,
+			.min_data_len = 4,
+			.max_data_len = 4,
+		},
 	},
 	{
 		.type = IPV6_TLV_CALIPSO,
 
 		.proc.ops.func = ipv6_hop_calipso,
 		.proc.params.r.class = IPEH_TLV_CLASS_FLAG_HOPOPT,
+
+		.proc.params.t = {
+			.preferred_order = IPEH_TLV_PREF_ORDER_CALIPSO,
+			.admin_perm = IPEH_TLV_PERM_NO_CHECK,
+			.user_perm = IPEH_TLV_PERM_NONE,
+			.class = IPEH_TLV_CLASS_FLAG_HOPOPT,
+			.align_mult = (4 - 1), /* Align to 4n + 2 */
+			.align_off = 2,
+			.min_data_len = 8,
+			.max_data_len = 252,
+			.data_len_mult = (4 - 1),
+					/* Length is multiple of 4 */
+		},
 	},
 };

[v5,net-next,5/7] ip6tlvs: Add TX parameters

Commit Message

Comments

Patch