From patchwork Fri May 31 16:48:35 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom Herbert <tom@herbertland.com>
X-Patchwork-Id: 1108467
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=herbertland.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=herbertland-com.20150623.gappssmtp.com
	header.i=@herbertland-com.20150623.gappssmtp.com
	header.b="JqLNyMOB"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 45Fr644C26z9s3l
	for <patchwork-incoming-netdev@ozlabs.org>;
	Sat,  1 Jun 2019 02:50:04 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1726776AbfEaQuD (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Fri, 31 May 2019 12:50:03 -0400
Received: from mail-pg1-f194.google.com ([209.85.215.194]:35147 "EHLO
	mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726037AbfEaQuD (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 31 May 2019 12:50:03 -0400
Received: by mail-pg1-f194.google.com with SMTP id t1so829922pgc.2
	for <netdev@vger.kernel.org>; Fri, 31 May 2019 09:50:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=herbertland-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=HzedBuG3ixQbGHcMrcC/7vEC3Tt14CDLtTMgPmW4+aY=;
	b=JqLNyMOBfXNUlz+CdgDYi7wevt/96lC8CNOma67I77zy2qH7Q5TvTXND2+MG7C4V+w
	0W8zoBhQV3uBm7iRMsZ0MPxu+TVGLw8LCMgtD2A7bDb/zk3NTa52roQNGIMe1vwJYzjT
	PHPLT9dvlyjBRPhbqY0ZkkUEl+NWbM1rpO8RHWQbUg1mNoMvEiMqmhzy+5Ro+PTRDnlR
	B3aY0zfiQI+KXftSE6CTSMOLMlX0Ow6lDI1pgEjRs20SEvxNReH3rgnSBNDUCO4zw9Hi
	6I6bSGfbuTK3ivr8b5j+O0ICoeKU+rXAuyv1RqpuBpflmb1DPd0UVsYviTEeSN+0LurC
	HaHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=HzedBuG3ixQbGHcMrcC/7vEC3Tt14CDLtTMgPmW4+aY=;
	b=suCEAw1K28ol1vF5C0zUtebAt5YujJkoypVD/Wd5NCeHn28FfJxxdUYwc4qHW/P4QT
	GPOQ4JlI9rL2pSBE6Ee/3YkT7jHGq8DCnYXfFd9ncuDrHMNdvd3Tg+ZPyDM/VFEdPJot
	ZPrvN4pevfx2ntGu1pp6MCKc0r+yQKYIh4ucbJAs7+xMKt9p7H2s6rUw/iBjRYLtMZwW
	DO937GqsRZVYHpR0sB80dm2T19JFFhgItfwQvfqa0RKxl1PdfbmSGU2wqMDOwje7rCds
	IHq7Mje7woqypXMNwQYSWfWuKRFJ1zTKiDF/W6i4x/krDxzoLcJuzp0FEZwcYpJ6LwgL
	nF/g==
X-Gm-Message-State: APjAAAX5fKP8Nl9ERqXX2/hMGFhnVCQ0xVWQAec5zdgCQv7iArX1ACEe
	UMzbAQOuz81R9rs+046LQfpJH8lxnfA=
X-Google-Smtp-Source: 
 APXvYqyktH9q2FdBRv2CelSH7Y1+umVpQKZFtb2mfpow/uXS8vSoE3JEz/yrW4DmIYSbr83fEIPakA==
X-Received: by 2002:a63:7009:: with SMTP id l9mr1198942pgc.228.1559321402577;
	Fri, 31 May 2019 09:50:02 -0700 (PDT)
Received: from localhost.localdomain (c-73-223-249-119.hsd1.ca.comcast.net.
	[73.223.249.119]) by smtp.gmail.com with ESMTPSA id
	e66sm8696835pfe.50.2019.05.31.09.50.01
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Fri, 31 May 2019 09:50:02 -0700 (PDT)
From: Tom Herbert <tom@herbertland.com>
X-Google-Original-From: Tom Herbert <tom@quantonium.net>
To: davem@davemloft.net, netdev@vger.kernel.org, dlebrun@google.com,
	ahabdels.dev@gmail.com
Cc: Tom Herbert <tom@quantonium.net>
Subject: [RFC PATCH 1/6] seg6: Fix TLV definitions
Date: Fri, 31 May 2019 09:48:35 -0700
Message-Id: <1559321320-9444-2-git-send-email-tom@quantonium.net>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1559321320-9444-1-git-send-email-tom@quantonium.net>
References: <1559321320-9444-1-git-send-email-tom@quantonium.net>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

The definitions of TLVs in uapi/linux/seg6.h are incorrect and
incomplete. Fix this.

TLV constants are defined for PAD1, PADN, and HMAC (the three defined in
draft-ietf-6man-segment-routing-header-19). The other TLV are unused and
and are marked as obsoleted.

Signed-off-by: Tom Herbert <tom@quantonium.net>
---
 include/uapi/linux/seg6.h | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/include/uapi/linux/seg6.h b/include/uapi/linux/seg6.h
index 286e8d6..9117113 100644
--- a/include/uapi/linux/seg6.h
+++ b/include/uapi/linux/seg6.h
@@ -38,10 +38,13 @@ struct ipv6_sr_hdr {
 #define SR6_FLAG1_ALERT		(1 << 4)
 #define SR6_FLAG1_HMAC		(1 << 3)
 
-#define SR6_TLV_INGRESS		1
-#define SR6_TLV_EGRESS		2
-#define SR6_TLV_OPAQUE		3
-#define SR6_TLV_PADDING		4
+
+#define SR6_TLV_INGRESS		1	/* obsoleted */
+#define SR6_TLV_EGRESS		2	/* obsoleted */
+#define SR6_TLV_OPAQUE		3	/* obsoleted */
+
+#define SR6_TLV_PAD1		0
+#define SR6_TLV_PADDING		1
 #define SR6_TLV_HMAC		5
 
 #define sr_has_hmac(srh) ((srh)->flags & SR6_FLAG1_HMAC)

From patchwork Fri May 31 16:48:36 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom Herbert <tom@herbertland.com>
X-Patchwork-Id: 1108468
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=herbertland.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=herbertland-com.20150623.gappssmtp.com
	header.i=@herbertland-com.20150623.gappssmtp.com
	header.b="p2F0m8vP"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 45Fr674gXNz9s3l
	for <patchwork-incoming-netdev@ozlabs.org>;
	Sat,  1 Jun 2019 02:50:07 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1726842AbfEaQuG (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Fri, 31 May 2019 12:50:06 -0400
Received: from mail-pf1-f195.google.com ([209.85.210.195]:33008 "EHLO
	mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726037AbfEaQuF (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 31 May 2019 12:50:05 -0400
Received: by mail-pf1-f195.google.com with SMTP id x10so1434604pfi.0
	for <netdev@vger.kernel.org>; Fri, 31 May 2019 09:50:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=herbertland-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=YJmpws5TGF/hnX4HmYz7C4rytybEFExKaeoFkpkkjDM=;
	b=p2F0m8vPVdIj+11/uYf392GRhrtF3WwLT9hZpOljhBjpVYzTVU9jQ4ivMPlgs2l706
	IKpwUKKTIqHTjgb2W/25+wytW+l0ORoeUtDc8TpxKBHVwKroO2P8SfNqZwSDh0MVeedD
	hWCbw7fahA2BXAZhjaIafQCkU2sbgEXQwSTOFgD8yoEwaZ71+wtxfrqA5uyK3rYn6wa5
	QPpR80hdg41Hrk97xfYQr/zjy+devosoBahN6SlbGQRMSgYddx9fOxXEVTZ3w213/0+N
	t2l2chV3/2fwEhqRZcLl5kQBWKoWciWmkIpkysWOgKIWcoJ6h7+Tdj7kM/Pv5NDh5YhT
	2ikA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=YJmpws5TGF/hnX4HmYz7C4rytybEFExKaeoFkpkkjDM=;
	b=WReQj2Ush74bNF7Or2jnPI6h/naAnF3Dvaa+DJgGQLH7GCORMGothrAW8bHJG/oXCv
	3MBvb2fBPcqU/9P4vXKLKAf4waRKSOLVE9asrRClcCesH4EAKZ+VZ0SI3TOro4RVeurp
	iRTnt701+Fbb6hpnoFToSWiVlv8Do2h/LYOWN2CmMU8AQUTGmUColitnBiKw+Zm8So5y
	7gqC1Olp47WpgyWEZk+slP9oI0CU1tqrFGNuim/cBXKIzki5+rWVqLWo5+/NRnoX9zgh
	X6wEdEnCa06CmDyUmay079v4i5d+igcsaHKNy3DQhCypp5WRMU0dTQPW8ei7EiBeRFnR
	ZgQg==
X-Gm-Message-State: APjAAAUH1myzoeMo9CfRMha2umLG5RjpeiIuRkHtkZeIz+P2IZ+tShEr
	WpkJZh9aQ7iEpCbLxFUJa7A/vA==
X-Google-Smtp-Source: 
 APXvYqwGh5ed/OYPhZ4Lkgi4xulMHlXOKD9TiyV52ZL19xIIusqpW58y1M2D1OKZ7hopj9KUlIkPIg==
X-Received: by 2002:a65:5206:: with SMTP id
	o6mr10636247pgp.248.1559321405076;
	Fri, 31 May 2019 09:50:05 -0700 (PDT)
Received: from localhost.localdomain (c-73-223-249-119.hsd1.ca.comcast.net.
	[73.223.249.119]) by smtp.gmail.com with ESMTPSA id
	e66sm8696835pfe.50.2019.05.31.09.50.03
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Fri, 31 May 2019 09:50:04 -0700 (PDT)
From: Tom Herbert <tom@herbertland.com>
X-Google-Original-From: Tom Herbert <tom@quantonium.net>
To: davem@davemloft.net, netdev@vger.kernel.org, dlebrun@google.com,
	ahabdels.dev@gmail.com
Cc: Tom Herbert <tom@quantonium.net>
Subject: [RFC PATCH 2/6] seg6: Implement a TLV parsing loop
Date: Fri, 31 May 2019 09:48:36 -0700
Message-Id: <1559321320-9444-3-git-send-email-tom@quantonium.net>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1559321320-9444-1-git-send-email-tom@quantonium.net>
References: <1559321320-9444-1-git-send-email-tom@quantonium.net>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Implement a TLV parsing loop for segment routing. The code is uniform
with other instances of TLV parsing loops in the stack (e.g. parsing of
Hop-by-Hop and Destination Options).

seg_validate_srh calls this function. Note, this fixes a bug in the
original parsing code that PAD1 was not supported.

Signed-off-by: Tom Herbert <tom@quantonium.net>
---
 include/net/seg6.h |  6 ++++++
 net/ipv6/seg6.c    | 60 +++++++++++++++++++++++++++++++-----------------------
 2 files changed, 40 insertions(+), 26 deletions(-)

diff --git a/include/net/seg6.h b/include/net/seg6.h
index 8b2dc68..563d4a6 100644
--- a/include/net/seg6.h
+++ b/include/net/seg6.h
@@ -38,6 +38,11 @@ static inline void update_csum_diff16(struct sk_buff *skb, __be32 *from,
 	skb->csum = ~csum_partial((char *)diff, sizeof(diff), ~skb->csum);
 }
 
+static inline unsigned int seg6_tlv_offset(struct ipv6_sr_hdr *srh)
+{
+	return sizeof(*srh) + ((srh->first_segment + 1) << 4);
+}
+
 struct seg6_pernet_data {
 	struct mutex lock;
 	struct in6_addr __rcu *tun_src;
@@ -62,6 +67,7 @@ extern void seg6_iptunnel_exit(void);
 extern int seg6_local_init(void);
 extern void seg6_local_exit(void);
 
+extern bool __seg6_parse_srh(struct ipv6_sr_hdr *srh);
 extern bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len);
 extern int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh,
 			     int proto);
diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c
index 0c5479e..e461357 100644
--- a/net/ipv6/seg6.c
+++ b/net/ipv6/seg6.c
@@ -30,44 +30,52 @@
 #include <net/seg6_hmac.h>
 #endif
 
-bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len)
+bool __seg6_parse_srh(struct ipv6_sr_hdr *srh)
 {
-	int trailing;
-	unsigned int tlv_offset;
+	int len = ipv6_optlen((struct ipv6_opt_hdr *)srh);
+	unsigned char *opt = (unsigned char *)srh;
+	unsigned int off;
 
-	if (srh->type != IPV6_SRCRT_TYPE_4)
-		return false;
+	off = seg6_tlv_offset(srh);
+	len -= off;
 
-	if (((srh->hdrlen + 1) << 3) != len)
-		return false;
+	while (len > 0) {
+		struct sr6_tlv *tlv;
+		unsigned int optlen;
 
-	if (srh->segments_left > srh->first_segment)
-		return false;
+		switch (opt[off]) {
+		case SR6_TLV_PAD1:
+			optlen = 1;
+			break;
+		default:
+			if (len < sizeof(*tlv))
+				return false;
 
-	tlv_offset = sizeof(*srh) + ((srh->first_segment + 1) << 4);
+			tlv = (struct sr6_tlv *)&opt[off];
+			optlen = sizeof(*tlv) + tlv->len;
 
-	trailing = len - tlv_offset;
-	if (trailing < 0)
-		return false;
+			break;
+		}
 
-	while (trailing) {
-		struct sr6_tlv *tlv;
-		unsigned int tlv_len;
+		off += optlen;
+		len -= optlen;
+	}
 
-		if (trailing < sizeof(*tlv))
-			return false;
+	return !len;
+}
 
-		tlv = (struct sr6_tlv *)((unsigned char *)srh + tlv_offset);
-		tlv_len = sizeof(*tlv) + tlv->len;
+bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len)
+{
+	if (srh->type != IPV6_SRCRT_TYPE_4)
+		return false;
 
-		trailing -= tlv_len;
-		if (trailing < 0)
-			return false;
+	if (ipv6_optlen((struct ipv6_opt_hdr *)srh) != len)
+		return false;
 
-		tlv_offset += tlv_len;
-	}
+	if (srh->segments_left > srh->first_segment)
+		return false;
 
-	return true;
+	return __seg6_parse_srh(srh);
 }
 
 static struct genl_family seg6_genl_family;

From patchwork Fri May 31 16:48:37 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom Herbert <tom@herbertland.com>
X-Patchwork-Id: 1108469
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=herbertland.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=herbertland-com.20150623.gappssmtp.com
	header.i=@herbertland-com.20150623.gappssmtp.com
	header.b="pZPUTdoq"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 45Fr6B6vs4z9s3l
	for <patchwork-incoming-netdev@ozlabs.org>;
	Sat,  1 Jun 2019 02:50:10 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1726925AbfEaQuJ (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Fri, 31 May 2019 12:50:09 -0400
Received: from mail-pf1-f195.google.com ([209.85.210.195]:35739 "EHLO
	mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726037AbfEaQuJ (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 31 May 2019 12:50:09 -0400
Received: by mail-pf1-f195.google.com with SMTP id d126so6565795pfd.2
	for <netdev@vger.kernel.org>; Fri, 31 May 2019 09:50:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=herbertland-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=atbujOdDEZN67PK1uQ7CnCNFshCZPtSe7bRXOMuZsjw=;
	b=pZPUTdoq3oCmhnc+SXRARAxmwxTyiTgJoymXXm6df3np/D6hZ3UzAiVuEObJN53lON
	vzCDd5tSEeyisdgKl8ERfPcupMU2ANzaWJ+lktkzPq3lVRvC1F8MYAFILgY3+aqf6xAk
	T8MNnT+dUlCz9zPWTiYEDEBTTMeRi7lOb0UDyzjV2bs8av5NWIYzNFUq4y/EKV6U+ZDT
	6/sSM5uLbQd/4coLxVdoboVwjL1yGFN/PSpORkphhljekKWcraQ/W+cp5cZ5XwZvLxr/
	5vd4/9S0jAYNaN/vVdapRXCk5/MRtfq7B77rgZPHW7nzS69Gvc9mDNe5kk/HNluwzpnT
	K4cw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=atbujOdDEZN67PK1uQ7CnCNFshCZPtSe7bRXOMuZsjw=;
	b=R+vVBOD7OrAXovOA2VMWLAKqmHF/d63DvjU9F8Bn5ts6l2BsH0UN3HfEAtsvQxyoGv
	0WEFvtHKDfaAs9JBl7dRwh1jFa4pY37O1/eiSWQqlfUVU3PYCpuMfVROjuKtRyHH2aru
	ccXdNtrg/irG7JU5KHt2BInO+o8rBx8NrSC29HXLCZwmco1WzBNovDE7dfFp+GslcDtG
	AQFi86PyqxQU07hmnxqW9RnwVcUGGrJ/AVceB+i6IYze72/cbs1fnEbu5iycH6fHiM7p
	BmSgSX9TBNypOn/XDg8Dw29iFGJpG0/zJLNq+YDpsd/9U4cGWO1Avk8m9y+/62TxQnI2
	vYVw==
X-Gm-Message-State: APjAAAV3VD6pN3qBOia3pbccsxGPzgQQAOZtDufZ2B/xpdAUjOHdBAE1
	47o1VfBbF4vuyp/ZE7oWPVQcUxO4taA=
X-Google-Smtp-Source: 
 APXvYqy4jBpooKGrKx6hrIM4p6SB+7xzW6hTVFTxuDeWbsMAZgC64YWs//6A9vDAIIvpfQeS2mpZ0Q==
X-Received: by 2002:a17:90a:9f04:: with SMTP id
	n4mr10468227pjp.95.1559321408071;
	Fri, 31 May 2019 09:50:08 -0700 (PDT)
Received: from localhost.localdomain (c-73-223-249-119.hsd1.ca.comcast.net.
	[73.223.249.119]) by smtp.gmail.com with ESMTPSA id
	e66sm8696835pfe.50.2019.05.31.09.50.07
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Fri, 31 May 2019 09:50:07 -0700 (PDT)
From: Tom Herbert <tom@herbertland.com>
X-Google-Original-From: Tom Herbert <tom@quantonium.net>
To: davem@davemloft.net, netdev@vger.kernel.org, dlebrun@google.com,
	ahabdels.dev@gmail.com
Cc: Tom Herbert <tom@quantonium.net>
Subject: [RFC PATCH 3/6] seg6: Obsolete unused SRH flags
Date: Fri, 31 May 2019 09:48:37 -0700
Message-Id: <1559321320-9444-4-git-send-email-tom@quantonium.net>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1559321320-9444-1-git-send-email-tom@quantonium.net>
References: <1559321320-9444-1-git-send-email-tom@quantonium.net>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Currently no flags are defined for segment routing in
draft-ietf-6man-segment-routing-header-19. Mark them as being
obsolete.

The HMAC flag is the only one used by the stack. This needs
additional consideration.

Rewrite sr_has_hmac in uapi/linux/seg6.h to properly parse a
segment routing header as opposed to relying on the now obsolete
code.

Implement seg6_find_hmac_tlv for internal stack use. That function
parses (via __seg6_parse_srh) a TLV list and returns the pointer to
an HMAC TLV if one exists. The parsing function also eliminates the
assumption in seg6_get_tlv_hmac that the HMAC TLV must be the first TLV.

Signed-off-by: Tom Herbert <tom@quantonium.net>
---
 include/net/seg6.h        | 12 +++++++++++-
 include/uapi/linux/seg6.h | 49 ++++++++++++++++++++++++++++++++++++++++-------
 net/ipv6/exthdrs.c        |  2 +-
 net/ipv6/seg6.c           | 12 ++++++++++--
 net/ipv6/seg6_hmac.c      |  8 +++-----
 net/ipv6/seg6_iptunnel.c  |  4 ++--
 6 files changed, 69 insertions(+), 18 deletions(-)

diff --git a/include/net/seg6.h b/include/net/seg6.h
index 563d4a6..47e7c90 100644
--- a/include/net/seg6.h
+++ b/include/net/seg6.h
@@ -17,6 +17,7 @@
 #include <linux/net.h>
 #include <linux/ipv6.h>
 #include <linux/seg6.h>
+#include <linux/seg6_hmac.h>
 #include <linux/rhashtable-types.h>
 
 static inline void update_csum_diff4(struct sk_buff *skb, __be32 from,
@@ -67,11 +68,20 @@ extern void seg6_iptunnel_exit(void);
 extern int seg6_local_init(void);
 extern void seg6_local_exit(void);
 
-extern bool __seg6_parse_srh(struct ipv6_sr_hdr *srh);
+extern bool __seg6_parse_srh(struct ipv6_sr_hdr *srh,
+			     struct sr6_tlv_hmac **hmacp);
 extern bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len);
 extern int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh,
 			     int proto);
 extern int seg6_do_srh_inline(struct sk_buff *skb, struct ipv6_sr_hdr *osrh);
 extern int seg6_lookup_nexthop(struct sk_buff *skb, struct in6_addr *nhaddr,
 			       u32 tbl_id);
+
+static inline struct sr6_tlv_hmac *seg6_find_hmac_tlv(struct ipv6_sr_hdr *srh)
+{
+	struct sr6_tlv_hmac *hmacp = NULL;
+
+	return __seg6_parse_srh(srh, &hmacp) ? hmacp : NULL;
+}
+
 #endif
diff --git a/include/uapi/linux/seg6.h b/include/uapi/linux/seg6.h
index 9117113..890420b0 100644
--- a/include/uapi/linux/seg6.h
+++ b/include/uapi/linux/seg6.h
@@ -33,11 +33,10 @@ struct ipv6_sr_hdr {
 	struct in6_addr segments[0];
 };
 
-#define SR6_FLAG1_PROTECTED	(1 << 6)
-#define SR6_FLAG1_OAM		(1 << 5)
-#define SR6_FLAG1_ALERT		(1 << 4)
-#define SR6_FLAG1_HMAC		(1 << 3)
-
+#define SR6_FLAG1_PROTECTED	(1 << 6)	/* obsoleted */
+#define SR6_FLAG1_OAM		(1 << 5)	/* obsoleted */
+#define SR6_FLAG1_ALERT		(1 << 4)	/* obsoleted */
+#define SR6_FLAG1_HMAC		(1 << 3)	/* obsoleted */
 
 #define SR6_TLV_INGRESS		1	/* obsoleted */
 #define SR6_TLV_EGRESS		2	/* obsoleted */
@@ -47,12 +46,48 @@ struct ipv6_sr_hdr {
 #define SR6_TLV_PADDING		1
 #define SR6_TLV_HMAC		5
 
-#define sr_has_hmac(srh) ((srh)->flags & SR6_FLAG1_HMAC)
-
 struct sr6_tlv {
 	__u8 type;
 	__u8 len;
 	__u8 data[0];
 };
 
+static inline bool __sr_has_hmac(struct ipv6_sr_hdr *srh)
+{
+	unsigned char *opt = (unsigned char *)srh;
+	int len = (srh->hdrlen + 1) << 8;
+	unsigned int off;
+
+	off = sizeof(*srh) + ((srh->first_segment + 1) << 4);
+	len -= off;
+
+	while (len > 0) {
+		struct sr6_tlv *tlv;
+		unsigned int optlen;
+
+		switch (opt[off]) {
+		case SR6_TLV_PAD1:
+			optlen = 1;
+			break;
+		case SR6_TLV_HMAC:
+			return true;
+		default:
+			if (len < sizeof(*tlv))
+				return false;
+
+			tlv = (struct sr6_tlv *)&opt[off];
+			optlen = sizeof(*tlv) + tlv->len;
+
+			break;
+		}
+
+		off += optlen;
+		len -= optlen;
+	}
+
+	return false;
+}
+
+#define sr_has_hmac(srh) __sr_has_hmac(srh)
+
 #endif
diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
index 20291c2..112e2fd 100644
--- a/net/ipv6/exthdrs.c
+++ b/net/ipv6/exthdrs.c
@@ -922,7 +922,7 @@ static void ipv6_push_rthdr4(struct sk_buff *skb, u8 *proto,
 	}
 
 #ifdef CONFIG_IPV6_SEG6_HMAC
-	if (sr_has_hmac(sr_phdr)) {
+	if (seg6_find_hmac_tlv(sr_phdr)) {
 		struct net *net = NULL;
 
 		if (skb->dev)
diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c
index e461357..1e782a6 100644
--- a/net/ipv6/seg6.c
+++ b/net/ipv6/seg6.c
@@ -30,7 +30,7 @@
 #include <net/seg6_hmac.h>
 #endif
 
-bool __seg6_parse_srh(struct ipv6_sr_hdr *srh)
+bool __seg6_parse_srh(struct ipv6_sr_hdr *srh, struct sr6_tlv_hmac **hmacp)
 {
 	int len = ipv6_optlen((struct ipv6_opt_hdr *)srh);
 	unsigned char *opt = (unsigned char *)srh;
@@ -39,6 +39,8 @@ bool __seg6_parse_srh(struct ipv6_sr_hdr *srh)
 	off = seg6_tlv_offset(srh);
 	len -= off;
 
+	*hmacp = NULL;
+
 	while (len > 0) {
 		struct sr6_tlv *tlv;
 		unsigned int optlen;
@@ -47,6 +49,10 @@ bool __seg6_parse_srh(struct ipv6_sr_hdr *srh)
 		case SR6_TLV_PAD1:
 			optlen = 1;
 			break;
+		case SR6_TLV_HMAC:
+			if (!*hmacp)
+				*hmacp = (struct sr6_tlv_hmac *)&opt[off];
+			/* Fall through */
 		default:
 			if (len < sizeof(*tlv))
 				return false;
@@ -66,6 +72,8 @@ bool __seg6_parse_srh(struct ipv6_sr_hdr *srh)
 
 bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len)
 {
+	struct sr6_tlv_hmac *hmacp;
+
 	if (srh->type != IPV6_SRCRT_TYPE_4)
 		return false;
 
@@ -75,7 +83,7 @@ bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len)
 	if (srh->segments_left > srh->first_segment)
 		return false;
 
-	return __seg6_parse_srh(srh);
+	return __seg6_parse_srh(srh, &hmacp);
 }
 
 static struct genl_family seg6_genl_family;
diff --git a/net/ipv6/seg6_hmac.c b/net/ipv6/seg6_hmac.c
index 8546f94..92b398c 100644
--- a/net/ipv6/seg6_hmac.c
+++ b/net/ipv6/seg6_hmac.c
@@ -95,13 +95,11 @@ static struct sr6_tlv_hmac *seg6_get_tlv_hmac(struct ipv6_sr_hdr *srh)
 	if (srh->hdrlen < (srh->first_segment + 1) * 2 + 5)
 		return NULL;
 
-	if (!sr_has_hmac(srh))
+	tlv = seg6_find_hmac_tlv(srh);
+	if (!tlv)
 		return NULL;
 
-	tlv = (struct sr6_tlv_hmac *)
-	      ((char *)srh + ((srh->hdrlen + 1) << 3) - 40);
-
-	if (tlv->tlvhdr.type != SR6_TLV_HMAC || tlv->tlvhdr.len != 38)
+	if (tlv->tlvhdr.len != sizeof(*tlv) - 2)
 		return NULL;
 
 	return tlv;
diff --git a/net/ipv6/seg6_iptunnel.c b/net/ipv6/seg6_iptunnel.c
index 7a525fd..5344bee 100644
--- a/net/ipv6/seg6_iptunnel.c
+++ b/net/ipv6/seg6_iptunnel.c
@@ -161,7 +161,7 @@ int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh, int proto)
 	set_tun_src(net, dst->dev, &hdr->daddr, &hdr->saddr);
 
 #ifdef CONFIG_IPV6_SEG6_HMAC
-	if (sr_has_hmac(isrh)) {
+	if (seg6_find_hmac_tlv(isrh)) {
 		err = seg6_push_hmac(net, &hdr->saddr, isrh);
 		if (unlikely(err))
 			return err;
@@ -211,7 +211,7 @@ int seg6_do_srh_inline(struct sk_buff *skb, struct ipv6_sr_hdr *osrh)
 	hdr->daddr = isrh->segments[isrh->first_segment];
 
 #ifdef CONFIG_IPV6_SEG6_HMAC
-	if (sr_has_hmac(isrh)) {
+	if (seg6_find_hmac_tlv(isrh)) {
 		struct net *net = dev_net(skb_dst(skb)->dev);
 
 		err = seg6_push_hmac(net, &hdr->saddr, isrh);

From patchwork Fri May 31 16:48:38 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom Herbert <tom@herbertland.com>
X-Patchwork-Id: 1108470
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=herbertland.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=herbertland-com.20150623.gappssmtp.com
	header.i=@herbertland-com.20150623.gappssmtp.com
	header.b="r/H+l9vW"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 45Fr6D3XGzz9s3l
	for <patchwork-incoming-netdev@ozlabs.org>;
	Sat,  1 Jun 2019 02:50:12 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1726947AbfEaQuL (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Fri, 31 May 2019 12:50:11 -0400
Received: from mail-pg1-f195.google.com ([209.85.215.195]:46357 "EHLO
	mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726037AbfEaQuK (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 31 May 2019 12:50:10 -0400
Received: by mail-pg1-f195.google.com with SMTP id v9so4335552pgr.13
	for <netdev@vger.kernel.org>; Fri, 31 May 2019 09:50:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=herbertland-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=oFcvdmtXVUaKqxe4PEx9Avhamk6baJlnrhRipIuUu34=;
	b=r/H+l9vWKTcXhjkPYtB9+uvQHt3rfYh+MKUmTglSSC82c0HMtUssv4Yjplje4yxAWN
	YyL+e5ogUKFuqB4qaDrhsQ1ojul/kBskU3zQapDBCxX8cv6IlwB6KwXJJIC6oIjKLXT1
	XtmCFy0j4PbR6Kw2Gv9YE2vVBqJyBeZn3hNpjpB1Ygacgljh55reJqa82/5WMrZmL+sI
	tZCmz1FmKVzA8HibqU3B2Ic108So4hC6sBSAgoDj1OiLC+18w19951RbkTNIKz7NbCQW
	ZRZW8UoumTuR5SQqWMEPpWUSgVIokJJ7LGfnaHPdounSDtbrAI8GZVkttkmPrQsM9bwl
	cGHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=oFcvdmtXVUaKqxe4PEx9Avhamk6baJlnrhRipIuUu34=;
	b=lwK8fcc5FwvKZdkgqMnSG78L2KEgzFZb037z6uJAiZoIcGgDjwCdfWxXccqk09cQfT
	tKQ4WP/jW9KerchI3N9ssCo4QVaM3xnAE4Qd0r6RHZZ+QEu6+wOgoTE53eJo95x0wcNA
	lnuPWtJjtx+ZyrOnpFQqMMcazxsqGwgf6ANJLSk8wnGw1XFGMYBwFQxLQy8AkWITw7Gg
	nWFHQehGUrF+AJaXakApu34Hh8NpBtMdxjs2opjM7iTP3InIrCCZGTXgk5fbdlWdzHL2
	NQ2jEMwsitJGi9TIsue7Y1w3FDmP5s4CZ4cep2QyHtrJKr/0zwkMctivGUuSvxbeFDSr
	hc/g==
X-Gm-Message-State: APjAAAUVRCzVxtxjQUDxVt2/YPZxVHuKQz8HMbQCIPj3RDgXqwpPHVms
	Nj/ewV4ofdr3Wf/1yvXE93qGYg==
X-Google-Smtp-Source: 
 APXvYqxujAre+G/8vddu9j55ms23Wp6DOo0YLth4UDRQtRcYUO3lYmuRYrmEHNSa9KJw8yivpeCRaw==
X-Received: by 2002:aa7:9e51:: with SMTP id
	z17mr11595030pfq.212.1559321409659;
	Fri, 31 May 2019 09:50:09 -0700 (PDT)
Received: from localhost.localdomain (c-73-223-249-119.hsd1.ca.comcast.net.
	[73.223.249.119]) by smtp.gmail.com with ESMTPSA id
	e66sm8696835pfe.50.2019.05.31.09.50.08
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Fri, 31 May 2019 09:50:09 -0700 (PDT)
From: Tom Herbert <tom@herbertland.com>
X-Google-Original-From: Tom Herbert <tom@quantonium.net>
To: davem@davemloft.net, netdev@vger.kernel.org, dlebrun@google.com,
	ahabdels.dev@gmail.com
Cc: Tom Herbert <tom@quantonium.net>
Subject: [RFC PATCH 4/6] ah6: Create function __zero_out_mutable_opts
Date: Fri, 31 May 2019 09:48:38 -0700
Message-Id: <1559321320-9444-5-git-send-email-tom@quantonium.net>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1559321320-9444-1-git-send-email-tom@quantonium.net>
References: <1559321320-9444-1-git-send-email-tom@quantonium.net>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

This is an adaptation of zero_out_mutable_opts that takes three
additional arguments: offset of the TLVs, a mask to locate the
mutable bit in the TLV type, and the type value for single byte
padding.

zero_out_mutable_opts calls the new function and sets the arguments
appropriate to Hop-by-Hop and Destination Options. The function will
be used to support zeroing out mutable SRH TLVs' data with the
appropriate arguments for SRH TLVs.

Signed-off-by: Tom Herbert <tom@quantonium.net>
---
 net/ipv6/ah6.c | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index 68b9e92..1e80157 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -102,32 +102,28 @@ static inline struct scatterlist *ah_req_sg(struct crypto_ahash *ahash,
 			     __alignof__(struct scatterlist));
 }
 
-static bool zero_out_mutable_opts(struct ipv6_opt_hdr *opthdr)
+static bool __zero_out_mutable_opts(struct ipv6_opt_hdr *opthdr, int off,
+				    unsigned char mut_bit, unsigned char pad1)
 {
 	u8 *opt = (u8 *)opthdr;
 	int len = ipv6_optlen(opthdr);
-	int off = 0;
 	int optlen = 0;
 
-	off += 2;
-	len -= 2;
+	len -= off;
 
 	while (len > 0) {
-
-		switch (opt[off]) {
-
-		case IPV6_TLV_PAD1:
+		if (opt[off] == pad1) {
 			optlen = 1;
-			break;
-		default:
+		} else {
 			if (len < 2)
 				goto bad;
-			optlen = opt[off+1]+2;
+
+			optlen = opt[off + 1] + 2;
 			if (len < optlen)
 				goto bad;
-			if (opt[off] & 0x20)
-				memset(&opt[off+2], 0, opt[off+1]);
-			break;
+
+			if (opt[off] & mut_bit)
+				memset(&opt[off + 2], 0, opt[off + 1]);
 		}
 
 		off += optlen;
@@ -140,6 +136,11 @@ static bool zero_out_mutable_opts(struct ipv6_opt_hdr *opthdr)
 	return false;
 }
 
+static bool zero_out_mutable_opts(struct ipv6_opt_hdr *opthdr)
+{
+	return __zero_out_mutable_opts(opthdr, 2, 0x20, IPV6_TLV_PAD1);
+}
+
 #if IS_ENABLED(CONFIG_IPV6_MIP6)
 /**
  *	ipv6_rearrange_destopt - rearrange IPv6 destination options header

From patchwork Fri May 31 16:48:39 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom Herbert <tom@herbertland.com>
X-Patchwork-Id: 1108471
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=herbertland.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=herbertland-com.20150623.gappssmtp.com
	header.i=@herbertland-com.20150623.gappssmtp.com
	header.b="m34g5cKa"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 45Fr6G6FZcz9s3l
	for <patchwork-incoming-netdev@ozlabs.org>;
	Sat,  1 Jun 2019 02:50:14 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1726968AbfEaQuO (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Fri, 31 May 2019 12:50:14 -0400
Received: from mail-pg1-f193.google.com ([209.85.215.193]:33077 "EHLO
	mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726037AbfEaQuM (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 31 May 2019 12:50:12 -0400
Received: by mail-pg1-f193.google.com with SMTP id h17so4373816pgv.0
	for <netdev@vger.kernel.org>; Fri, 31 May 2019 09:50:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=herbertland-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=vpCDadP+lypEq2qDT0dWFaVIhZacvzoPNWNfggfQPmk=;
	b=m34g5cKaekcZotfuEZ1MA04b5YwWQBHBjA+REf7/XN311W6O36ViTZ1RUWMG6zeKmH
	IjwiESHBv5NidjHUaqzwU+yr8SrzwA6xfumpsJqAwe7Gt02oEzrlWyDFDTVJT39bjQ17
	Cyt6M6c01c91V6yKF4bqsb8HgGp16aLscwQJ0g80+kkpxaTNG0ewQZd4utcthmnXk+Ft
	5AkX5Xj16VN/b80FzeLNJd1PtVUXpUz1LYJ3Y29iXI0IAFqGqS7hPGB/SU367wj0dlrn
	7Cvs5gsnjm5Y9GLdgb3aitmh9mHgc4dF0KlweHT9iF8wcndVqmk/i5Vq4RgsomFkL+yn
	a/Jw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=vpCDadP+lypEq2qDT0dWFaVIhZacvzoPNWNfggfQPmk=;
	b=X0jXnC/ahd7QvnUM2h29cVDrO+REjjSOuZm7L4UBzeIWephEGUxuEV+ozAsWqXdImM
	5Jl7lD7gPgqw/ESn2bldBVoRyk74LMmxaZu8p5l1g9pM4mQKygBRP9rt/b5nGCaoVkVv
	VyPUYUf3HBKN+9Jjba7fVG3nSZI3s63tXjp2ZRzZrvFtcHhXw01wS7INx9JcU68VgXhG
	jBrdtIEfkBUBN81nnd8AtCuSDsKuyxn1Scvd9DuD18i5cQzsuPEjihFc5GeHuYrXsx00
	Is78ZyJCh6aajhlaEBp7KJ7wKh/TEmpoOvIeu57YRPro4XJFVVgPDvEo4ftEHly2P0hB
	62Vw==
X-Gm-Message-State: APjAAAWv4YZI2ULSkW21qlJKvC67wbjchNBbjLh8fHvbkeX02r+qxg0e
	IHeBAQdV0jwnlr3kOjasAekYjg==
X-Google-Smtp-Source: 
 APXvYqzg095K9eao8MVjfk1AX44tekMVeCFV8RoruRa5F72jche4aNZqs8QLi/0yV6PVgtAZR3EePQ==
X-Received: by 2002:a62:3741:: with SMTP id
	e62mr11382064pfa.213.1559321411307;
	Fri, 31 May 2019 09:50:11 -0700 (PDT)
Received: from localhost.localdomain (c-73-223-249-119.hsd1.ca.comcast.net.
	[73.223.249.119]) by smtp.gmail.com with ESMTPSA id
	e66sm8696835pfe.50.2019.05.31.09.50.10
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Fri, 31 May 2019 09:50:10 -0700 (PDT)
From: Tom Herbert <tom@herbertland.com>
X-Google-Original-From: Tom Herbert <tom@quantonium.net>
To: davem@davemloft.net, netdev@vger.kernel.org, dlebrun@google.com,
	ahabdels.dev@gmail.com
Cc: Tom Herbert <tom@quantonium.net>
Subject: [RFC PATCH 5/6] ah6: Be explicit about which routing types are
	processed.
Date: Fri, 31 May 2019 09:48:39 -0700
Message-Id: <1559321320-9444-6-git-send-email-tom@quantonium.net>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1559321320-9444-1-git-send-email-tom@quantonium.net>
References: <1559321320-9444-1-git-send-email-tom@quantonium.net>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

The current code assumes that all routing headers can be processed
as type 0 when rearranging the routing header for AH verification.
Change this to be explicit. Type 0 and type 2 are supported and are
processed the same way with regards to AH.

Also check if rearranging routing header fails. Update reference
in comment to more current RFC.

Signed-off-by: Tom Herbert <tom@quantonium.net>
---
 net/ipv6/ah6.c | 37 +++++++++++++++++++++++++++++--------
 1 file changed, 29 insertions(+), 8 deletions(-)

diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index 1e80157..032491c 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -145,7 +145,7 @@ static bool zero_out_mutable_opts(struct ipv6_opt_hdr *opthdr)
 /**
  *	ipv6_rearrange_destopt - rearrange IPv6 destination options header
  *	@iph: IPv6 header
- *	@destopt: destionation options header
+ *	@destopt: destination options header
  */
 static void ipv6_rearrange_destopt(struct ipv6hdr *iph, struct ipv6_opt_hdr *destopt)
 {
@@ -204,15 +204,16 @@ static void ipv6_rearrange_destopt(struct ipv6hdr *iph, struct ipv6_opt_hdr *des
 #endif
 
 /**
- *	ipv6_rearrange_rthdr - rearrange IPv6 routing header
+ *	ipv6_rearrange_type0_rthdr - rearrange type 0 IPv6 routing header
  *	@iph: IPv6 header
  *	@rthdr: routing header
  *
  *	Rearrange the destination address in @iph and the addresses in @rthdr
  *	so that they appear in the order they will at the final destination.
- *	See Appendix A2 of RFC 2402 for details.
+ *	See Appendix A2 of RFC 4302 for details.
  */
-static void ipv6_rearrange_rthdr(struct ipv6hdr *iph, struct ipv6_rt_hdr *rthdr)
+static bool ipv6_rearrange_type0_rthdr(struct ipv6hdr *iph,
+				       struct ipv6_rt_hdr *rthdr)
 {
 	int segments, segments_left;
 	struct in6_addr *addrs;
@@ -220,15 +221,13 @@ static void ipv6_rearrange_rthdr(struct ipv6hdr *iph, struct ipv6_rt_hdr *rthdr)
 
 	segments_left = rthdr->segments_left;
 	if (segments_left == 0)
-		return;
+		return true;
 	rthdr->segments_left = 0;
 
 	/* The value of rthdr->hdrlen has been verified either by the system
 	 * call if it is locally generated, or by ipv6_rthdr_rcv() for incoming
 	 * packets.  So we can assume that it is even and that segments is
 	 * greater than or equal to segments_left.
-	 *
-	 * For the same reason we can assume that this option is of type 0.
 	 */
 	segments = rthdr->hdrlen >> 1;
 
@@ -240,6 +239,24 @@ static void ipv6_rearrange_rthdr(struct ipv6hdr *iph, struct ipv6_rt_hdr *rthdr)
 
 	addrs[0] = iph->daddr;
 	iph->daddr = final_addr;
+
+	return true;
+}
+
+static bool ipv6_rearrange_rthdr(struct ipv6hdr *iph, struct ipv6_rt_hdr *rthdr)
+{
+	switch (rthdr->type) {
+	case IPV6_SRCRT_TYPE_2:
+		/* Simplified format of type 0 so same processing */
+		/* fallthrough */
+	case IPV6_SRCRT_TYPE_0: /* Deprecated */
+		return ipv6_rearrange_type0_rthdr(iph, rthdr);
+	default:
+		/* Bad or unidentified routing header, we don't know how
+		 * to fix this header for security purposes. Return failure.
+		 */
+		return false;
+	}
 }
 
 static int ipv6_clear_mutable_options(struct ipv6hdr *iph, int len, int dir)
@@ -271,7 +288,11 @@ static int ipv6_clear_mutable_options(struct ipv6hdr *iph, int len, int dir)
 			break;
 
 		case NEXTHDR_ROUTING:
-			ipv6_rearrange_rthdr(iph, exthdr.rth);
+			if (!ipv6_rearrange_rthdr(iph, exthdr.rth)) {
+				net_dbg_ratelimited("bad routing header\n");
+				return -EINVAL;
+			}
+
 			break;
 
 		default:

From patchwork Fri May 31 16:48:40 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom Herbert <tom@herbertland.com>
X-Patchwork-Id: 1108472
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=herbertland.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=herbertland-com.20150623.gappssmtp.com
	header.i=@herbertland-com.20150623.gappssmtp.com
	header.b="i3NGirUg"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 45Fr6J3Ym2z9s3l
	for <patchwork-incoming-netdev@ozlabs.org>;
	Sat,  1 Jun 2019 02:50:16 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1727015AbfEaQuP (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Fri, 31 May 2019 12:50:15 -0400
Received: from mail-pf1-f193.google.com ([209.85.210.193]:36843 "EHLO
	mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726964AbfEaQuO (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 31 May 2019 12:50:14 -0400
Received: by mail-pf1-f193.google.com with SMTP id u22so6552837pfm.3
	for <netdev@vger.kernel.org>; Fri, 31 May 2019 09:50:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=herbertland-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=3fARnAA4saHrsr4JO3DkGH7joPaWQTWPgsS0UFtWefI=;
	b=i3NGirUgdB+JgKnMWfZ/mkvmGpAE5gc6hiOT3qLhO0sy7/Ja5/92MVGG1Ke3yWGwKI
	671UPmRePhO4zo9RtAMbIwejNkK+ygeMi4F/gOFbrwiNVdexiVvFU+vtq2x2PIarG5Ad
	JLopBj5TNCqfha+gW6mmaNMVAVUcW3a5f0SBkSe6bYJIn0mVmzj5MDIjF/mgSXP9X3w4
	BrdNOD2vosYsZqp9PM1IcsaWJh/jRyQXPGtONVepMienY8rbyrXuFOVz7uWKQbHgOmKC
	ymJoprqw3OdHmDxqIWoFIxX59/Eu/JzOPj0If8wvPzeoCh5Xjn7nptJq0RneEwJ0Zk+L
	+Z4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=3fARnAA4saHrsr4JO3DkGH7joPaWQTWPgsS0UFtWefI=;
	b=kW8CdOHZNCbgPDCyf9NPQO/11LgHJiKOJ7BWWSXFv3bEpNmGiLi0YRCIO4E69qOxwh
	S8eOR/fHRGHbd0W1ggCL4tK/8GcFPka0pxrfklP0zLeQrwaLTiaRu6SI5IUth1UGm+AA
	Iygo2Br9EVG6/7dwwMLJaTgURdALz59h1/enBzz0HUC65SNpfWS4H8/YsMwUZuZs460z
	CYWUIKjyXhNR3vs1szItE07GW2c+NpOo7MJWNJVTM0NG99BD1MqFdqePkIa0q8xZcTb7
	GVm7oZOKiJEFJKuQmmfHlmn/JQphYIfz1YVKhJkd3Up1c9YoWeK2MrAqJGF0Pah27z61
	k4Xw==
X-Gm-Message-State: APjAAAWlPIIHVyU/VeSAbmbpzJkhWeGMHa1ka2kAbbzCAyM9bHUQWWNg
	/AX9n7WSoOhGzSWs0pFZ5grGyA==
X-Google-Smtp-Source: 
 APXvYqzrUQBM1vWA9tLZWnUXRjpfeZws7KRnero/WT7imxiIwPSaQMnBm9luGjAB4b/OF28xUKNgrg==
X-Received: by 2002:a17:90a:8c82:: with SMTP id
	b2mr10400285pjo.97.1559321413223;
	Fri, 31 May 2019 09:50:13 -0700 (PDT)
Received: from localhost.localdomain (c-73-223-249-119.hsd1.ca.comcast.net.
	[73.223.249.119]) by smtp.gmail.com with ESMTPSA id
	e66sm8696835pfe.50.2019.05.31.09.50.12
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Fri, 31 May 2019 09:50:12 -0700 (PDT)
From: Tom Herbert <tom@herbertland.com>
X-Google-Original-From: Tom Herbert <tom@quantonium.net>
To: davem@davemloft.net, netdev@vger.kernel.org, dlebrun@google.com,
	ahabdels.dev@gmail.com
Cc: Tom Herbert <tom@quantonium.net>
Subject: [RFC PATCH 6/6] seg6: Add support to rearrange SRH for AH ICV
	calculation
Date: Fri, 31 May 2019 09:48:40 -0700
Message-Id: <1559321320-9444-7-git-send-email-tom@quantonium.net>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1559321320-9444-1-git-send-email-tom@quantonium.net>
References: <1559321320-9444-1-git-send-email-tom@quantonium.net>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Mutable fields related to segment routing are: destination address,
segments left, and modifiable TLVs (those whose high order bit is set).

Add support to rearrange a segment routing (type 4) routing header to
handle these mutability requirements. This is described in
draft-herbert-ipv6-srh-ah-00.

Signed-off-by: Tom Herbert <tom@quantonium.net>
---
 net/ipv6/ah6.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index 032491c..0c5ca29 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -27,6 +27,7 @@
 #include <net/icmp.h>
 #include <net/ipv6.h>
 #include <net/protocol.h>
+#include <net/seg6.h>
 #include <net/xfrm.h>
 
 #define IPV6HDR_BASELEN 8
@@ -141,6 +142,13 @@ static bool zero_out_mutable_opts(struct ipv6_opt_hdr *opthdr)
 	return __zero_out_mutable_opts(opthdr, 2, 0x20, IPV6_TLV_PAD1);
 }
 
+static bool zero_out_mutable_srh_opts(struct ipv6_sr_hdr *srh)
+{
+	return __zero_out_mutable_opts((struct ipv6_opt_hdr *)srh,
+				       seg6_tlv_offset(srh), 0x80,
+				       SR6_TLV_PAD1);
+}
+
 #if IS_ENABLED(CONFIG_IPV6_MIP6)
 /**
  *	ipv6_rearrange_destopt - rearrange IPv6 destination options header
@@ -243,6 +251,20 @@ static bool ipv6_rearrange_type0_rthdr(struct ipv6hdr *iph,
 	return true;
 }
 
+static bool ipv6_rearrange_type4_rthdr(struct ipv6hdr *iph,
+				       struct ipv6_rt_hdr *rthdr)
+{
+	struct ipv6_sr_hdr *srh = (struct ipv6_sr_hdr *)rthdr;
+
+	if (!zero_out_mutable_srh_opts(srh))
+		return false;
+
+	rthdr->segments_left = 0;
+	iph->daddr = srh->segments[0];
+
+	return true;
+}
+
 static bool ipv6_rearrange_rthdr(struct ipv6hdr *iph, struct ipv6_rt_hdr *rthdr)
 {
 	switch (rthdr->type) {
@@ -251,6 +273,8 @@ static bool ipv6_rearrange_rthdr(struct ipv6hdr *iph, struct ipv6_rt_hdr *rthdr)
 		/* fallthrough */
 	case IPV6_SRCRT_TYPE_0: /* Deprecated */
 		return ipv6_rearrange_type0_rthdr(iph, rthdr);
+	case IPV6_SRCRT_TYPE_4:
+		return ipv6_rearrange_type4_rthdr(iph, rthdr);
 	default:
 		/* Bad or unidentified routing header, we don't know how
 		 * to fix this header for security purposes. Return failure.