From patchwork Fri Jan 12 04:39:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ahmed Abdelsalam X-Patchwork-Id: 860703 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="dkypoeXC"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zKpNG225Cz9s9Y for ; Mon, 15 Jan 2018 20:44:30 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755303AbeAOJoE (ORCPT ); Mon, 15 Jan 2018 04:44:04 -0500 Received: from mail-wm0-f65.google.com ([74.125.82.65]:38149 "EHLO mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755027AbeAOJoA (ORCPT ); Mon, 15 Jan 2018 04:44:00 -0500 Received: by mail-wm0-f65.google.com with SMTP id 141so526552wme.3; Mon, 15 Jan 2018 01:43:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=tk+FAggGbY6463uOKD2etYnm4QrNkZ+BEMMpWEKnwqM=; b=dkypoeXCbhQYkOt/nGw7PX+9AdnbHRh2MfAtmUeL8qQWwYdH2stqfMSRMLNkMwjaFP M2shtJdyEC4gI4Jd8UoPjNZWwIFHnbtReSOzjYmB/mGCzWUJWG1B2xsovRu0pitvSCis v6r8g6QrPxItmdTOBGMnbL83qmAbxDk9U5T3DNHGfPAl+AIlFGdkeu6uC1hEtyILuy+r yZoLqWR63EE083WayaTH/O1kEgVpSWT11SbQLUl6xb1066Psx6Md1wxSCU5CqyZejcS0 DOU4W1wVuiba4EvkGE0g10X5rv5/46oLO4o+Sc9HsPigE/+nEYeZIXfghHotWi6gtWA7 DDbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=tk+FAggGbY6463uOKD2etYnm4QrNkZ+BEMMpWEKnwqM=; b=XRgyT7qegr1ZflJnWUoit1QcsUF/ZTdhsS9kTNXTAfPt6DL6aUeVSloy/jiHC8xykq 0i9w8zoESgq7dYlMu0aFpPhgAtBWt6sbNFQL34lDmXkFYBY8zn37vECSRduK+FYBnBS6 9KVCyB8yYPNxbkAUaNdlBX85ef6SS6bbh3mLdF67cCWvxwF8isQpV/osLNMKZASrBvXj OvPE61sZSXD6pS7+Ls5iyfwa5cfQ4WwJkQFEhQwmuZLd7FQcug11zLekQpLnK/wS8jWu mwCr07ePBmrAEP5SZw0P8H8PAT1u2KetJEVfOCHq1u1PeVyLJXJHMqDTC2Kc21dmIv9M Q+sw== X-Gm-Message-State: AKwxyte2w/23cojUElhJLUDb0tK/TXT7kPnwNaX2kgxSHm4E5E9vhy9W weHLeyZH/BP60bbfstGxr96/R1IH X-Google-Smtp-Source: ACJfBosabJfEm36ZI9SVhgnI1Q793AUwiq49uMDZlrcREJGDn27mlp+a3YaxawSdJ3FREDdcpmuQSQ== X-Received: by 10.28.229.194 with SMTP id c185mr9501801wmh.45.1516009438713; Mon, 15 Jan 2018 01:43:58 -0800 (PST) Received: from sr6.gssi.infn.it (wifi-guest-target.gssi.infn.it. [192.135.27.147]) by smtp.gmail.com with ESMTPSA id c11sm20258989wrc.8.2018.01.15.01.43.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Jan 2018 01:43:58 -0800 (PST) From: Ahmed Abdelsalam To: pablo@netfilter.org, davem@davemloft.net Cc: fw@strlen.de, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Ahmed Abdelsalam Subject: [iptables 1/2] extensions: add support for 'SEG6' target Date: Fri, 12 Jan 2018 05:39:58 +0100 Message-Id: <1515731999-6381-1-git-send-email-amsalam20@gmail.com> X-Mailer: git-send-email 2.1.4 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This patch adds a new exetension to iptables to supprt IPv6 segment routing 'SEG6' target. Signed-off-by: Ahmed Abdelsalam --- extensions/libip6t_SEG6.c | 122 +++++++++++++++++++++++++++++++ include/linux/netfilter_ipv6/ip6t_SEG6.h | 17 +++++ 2 files changed, 139 insertions(+) create mode 100644 extensions/libip6t_SEG6.c create mode 100644 include/linux/netfilter_ipv6/ip6t_SEG6.h diff --git a/extensions/libip6t_SEG6.c b/extensions/libip6t_SEG6.c new file mode 100644 index 0000000..1a47160 --- /dev/null +++ b/extensions/libip6t_SEG6.c @@ -0,0 +1,122 @@ +/* + * Shared library add-on to iptables to add SEG6 target support + * + * Author: + * Ahmed Abdelsalam + */ + +#include +#include +#include +#include + +struct seg6_names { + const char *name; + enum ip6t_seg6_action action; + const char *desc; +}; + +enum { + O_SEG6_ACTION = 0, +}; + +static const struct seg6_names seg6_table[] = { + {"go-next", IP6T_SEG6_GO_NEXT, "SEG6 go next"}, + {"skip-next", IP6T_SEG6_SKIP_NEXT, "SEG6 skip next"}, + {"go-last", IP6T_SEG6_GO_LAST, "SEG6 go last"} +}; + +static void +print_seg6_action(void) +{ + unsigned int i; + + printf("Valid SEG6 action:\n"); + for (i = 0; i < ARRAY_SIZE(seg6_table); ++i) { + printf(" %-25s\t%s\n", seg6_table[i].name, + seg6_table[i].desc); + } + printf("\n"); +} + +static void SEG6_help(void) +{ + printf( +"SEG6 target options:\n" +"--seg6-action action perform statless action on SRv6 packets\n"); + + print_seg6_action(); +} + +static const struct xt_option_entry SEG6_opts[] = { + {.name = "seg6-action", .id = O_SEG6_ACTION, .type = XTTYPE_STRING}, + XTOPT_TABLEEND, +}; + +static void SEG6_init(struct xt_entry_target *t) +{ + struct ip6t_seg6_info *seg6 = (struct ip6t_seg6_info *)t->data; + + /* default */ + seg6->action = IP6T_SEG6_GO_NEXT; +} + +static void SEG6_parse(struct xt_option_call *cb) +{ + struct ip6t_seg6_info *seg6 = cb->data; + unsigned int i; + + xtables_option_parse(cb); + for (i = 0; i < ARRAY_SIZE(seg6_table); ++i) + if (strncasecmp(seg6_table[i].name, cb->arg, + strlen(cb->arg)) == 0) { + seg6->action = seg6_table[i].action; + return; + } + xtables_error(PARAMETER_PROBLEM, "unknown seg6 action \"%s\"", cb->arg); +} + +static void SEG6_print(const void *ip, const struct xt_entry_target *target, + int numeric) +{ + const struct ip6t_seg6_info *seg6 + = (const struct ip6t_seg6_info *)target->data; + unsigned int i; + + for (i = 0; i < ARRAY_SIZE(seg6_table); ++i) + if (seg6_table[i].action == seg6->action) + break; + printf(" seg6-action %s", seg6_table[i].name); +} + +static void SEG6_save(const void *ip, const struct xt_entry_target *target) +{ + const struct ip6t_seg6_info *seg6 + = (const struct ip6t_seg6_info *)target->data; + unsigned int i; + + for (i = 0; i < ARRAY_SIZE(seg6_table); ++i) + if (seg6_table[i].action == seg6->action) + break; + + printf(" --seg6-action %s", seg6_table[i].name); +} + +static struct xtables_target seg6_tg6_reg = { + .name = "SEG6", + .version = XTABLES_VERSION, + .family = NFPROTO_IPV6, + .size = XT_ALIGN(sizeof(struct ip6t_seg6_info)), + .userspacesize = XT_ALIGN(sizeof(struct ip6t_seg6_info)), + .help = SEG6_help, + .init = SEG6_init, + .print = SEG6_print, + .save = SEG6_save, + .x6_parse = SEG6_parse, + .x6_options = SEG6_opts, +}; + +void _init(void) +{ + xtables_register_target(&seg6_tg6_reg); +} diff --git a/include/linux/netfilter_ipv6/ip6t_SEG6.h b/include/linux/netfilter_ipv6/ip6t_SEG6.h new file mode 100644 index 0000000..cdfdf4e --- /dev/null +++ b/include/linux/netfilter_ipv6/ip6t_SEG6.h @@ -0,0 +1,17 @@ +#ifndef _IP6T_SEG6_H +#define _IP6T_SEG6_H + +#include + +/* seg6 action options */ +enum ip6t_seg6_action { + IP6T_SEG6_GO_NEXT, + IP6T_SEG6_SKIP_NEXT, + IP6T_SEG6_GO_LAST, +}; + +struct ip6t_seg6_info { + __u32 action; /* SEG6 action */ +}; + +#endif /*_IP6T_SEG6_H*/ From patchwork Fri Jan 12 04:39:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ahmed Abdelsalam X-Patchwork-Id: 860706 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="m6r8bKIe"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zKpNl1cQ3z9s9Y for ; Mon, 15 Jan 2018 20:44:55 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755321AbeAOJoh (ORCPT ); Mon, 15 Jan 2018 04:44:37 -0500 Received: from mail-wr0-f196.google.com ([209.85.128.196]:34335 "EHLO mail-wr0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755084AbeAOJoC (ORCPT ); Mon, 15 Jan 2018 04:44:02 -0500 Received: by mail-wr0-f196.google.com with SMTP id 36so11025289wrh.1; Mon, 15 Jan 2018 01:44:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=EmHLKKGRiJOjA2Vnon1v9QIhrP7BYZPxeWu/SvkRFwo=; b=m6r8bKIebx5B5+Zs7QaLBoyDZJLnG6djTgtZcxCP8SKQKCVZMQskH1MPNC/o1vxm18 pPcOKU1ADCA4V3mL+QWbi8jUPFNEC74tYJEVxRbxj680Ej3dFugWo7Zg/gzAG8fuIUcK 58gjdeLkvSZQpWP+2jHGaDLWmXBl+jlNMFLGf0HpwH31LB0qM6CDHN4T0Q8lK4bMZ+Cy WOn1daObtyy49qmwa0Kp2ET97Wm2bmrK/0Yb4wpwAygEJ6xu3J3uCBpDl9RYeL/Lg896 sKR4ErNm2mw0tkstKB+GmYZW5SxqOPF4WbWSLT5h3pJ8442FC3G35WAQc43V0RfgPKoy DkGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=EmHLKKGRiJOjA2Vnon1v9QIhrP7BYZPxeWu/SvkRFwo=; b=nzoGWBaH8f84AuuETYgTNwqztHQpNw8J+zUJg/1W8xHsInLW2r4zi6PvXWSFn/eAE9 eZCgtTADYhdI2tB16Xr53Q0IMxwZ9CnO5Lbuiq4jUiNOMSNKmZzSvBq4XhzvSSoqxssm GvsQlP8FJ7A+RNq9WEhRdHUcrwDW/4TjMQNCpsy+Fr5KWJSaLaff2lwATeba3ks931vy tm8PpvyONCK5r9AvXcvICJKeQqUNfTy/jnzEtXtbFdzsTwHjYfiF1+h39pBsCILbWOg3 RoXV04olDJmm2TPB6Eh58xwERW5N4Ysp2Xvnmh1IyaQ4ogFEkCh1Vd+YhN+KrLwpddOg wVzQ== X-Gm-Message-State: AKwxytcFtsVjuQQzOOazzXhDdfAE15UbEaXDn7sgZg4HFNwW8cfcg9JO 6u2ujOnq4dY/IDIMM/g6w1A= X-Google-Smtp-Source: ACJfBotWSk6OlNJYBEsJfnGXtogwxjO7YasqaTyueHEWinhGDAovAlwjClV5uRlJsbawaSym+4Bpeg== X-Received: by 10.223.170.141 with SMTP id h13mr2134278wrc.170.1516009440860; Mon, 15 Jan 2018 01:44:00 -0800 (PST) Received: from sr6.gssi.infn.it (wifi-guest-target.gssi.infn.it. [192.135.27.147]) by smtp.gmail.com with ESMTPSA id c11sm20258989wrc.8.2018.01.15.01.43.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Jan 2018 01:44:00 -0800 (PST) From: Ahmed Abdelsalam To: pablo@netfilter.org, davem@davemloft.net Cc: fw@strlen.de, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Ahmed Abdelsalam Subject: [iptables 2/2] extensions: add some test cases for 'SEG6' target Date: Fri, 12 Jan 2018 05:39:59 +0100 Message-Id: <1515731999-6381-2-git-send-email-amsalam20@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1515731999-6381-1-git-send-email-amsalam20@gmail.com> References: <1515731999-6381-1-git-send-email-amsalam20@gmail.com> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This patch adds some test cases for 'SEG6' target. Signed-off-by: Ahmed Abdelsalam --- extensions/libip6t_SEG6.t | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 extensions/libip6t_SEG6.t diff --git a/extensions/libip6t_SEG6.t b/extensions/libip6t_SEG6.t new file mode 100644 index 0000000..8dc30cb --- /dev/null +++ b/extensions/libip6t_SEG6.t @@ -0,0 +1,5 @@ +:INPUT,FORWARD,OUTPUT +-j SEG6 --seg6-action go-next;=;OK +-j SEG6 --seg6-action skip-next;=;OK +-j SEG6 --seg6-action go-last;=;OK +-j SEG6;=;OK