Received: by 2002:a05:6358:f14:b0:e5:3b68:ec04 with SMTP id b20csp2960790rwj; Mon, 19 Dec 2022 11:00:29 -0800 (PST) X-Google-Smtp-Source: AA0mqf6g6COgnMS0UonZhhhvWi05UHwwWhmZrzh1M3gFUwfli83diPwoXaYWPMRoWcsD6B461wr7 X-Received: by 2002:a17:907:20b3:b0:7c1:51ee:a2ec with SMTP id pw19-20020a17090720b300b007c151eea2ecmr29628758ejb.46.1671476428821; Mon, 19 Dec 2022 11:00:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671476428; cv=none; d=google.com; s=arc-20160816; b=BltjUpE2E24yC+9U+ZEt1/jIwY2/DM2knEwgNmuejVozhEAP6YhldVlyWSTRcIOqXC 4nK6iLn6J8ms0iBDnn+xsLWrI8gu03QF7h9h5JRQ4viyUQDnVkcUnj25ngT4ijEulBTD bseLCKphKqS67ZMikCCc8zX4j6lVV69+ihghIpZmAEPVK0dY1hj5gmw8oeBfKo/o5d+F lksp7Rvk+1+o0huI5+ocrWUpP/uRzGcL/K1DYPvO8tJOahdg31mZeNewH7Jdsn2+HRic p2BvlyfCH/1I01gr4+bUBI2wFGCZKxcEGc8Nua2j48e1BNvg8T5nZK7EtLbKB7ezbbG2 nbXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=SNYwUfFTuoAl5hIOKZfjRFYuwooe+ZnU5TXmMtVw1Vw=; b=ifl0rbCs7tVah0qQ9VFMtpyqMuaci9ZD1JegXyQyKQ/70CfVp1M1iPLtQV1Ouk+D3/ qJjBkLhoyLE7/e5EA1WhFWYGuIPmpGH0+GDC+8DOC7XviIG7gF8qsBOIXklJT2ugPXGP 2CDxLoAkiCIoR+bzxO+NPkrqVnPV53ep19ZL/uV89PluBHuSZdN0zGMg8BOP5HpfuGZb dc5jR442LRN+byW2A54C+OZ5iG+OJTb138vOcloilkgLUj5Ihoo5PT4ANJq+4k0RF9NV fD+Vitci83tMXxWHP8Cw0ndBtO9xVFJVRnFNKZfNVLfywlmXOmy0YujIfWu5pahrPDsP Z6bw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=PCE1gF+1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sg8-20020a170907a40800b0081a9c3ca498si4214585ejc.314.2022.12.19.11.00.12; Mon, 19 Dec 2022 11:00:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=PCE1gF+1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232425AbiLSSln (ORCPT + 70 others); Mon, 19 Dec 2022 13:41:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54206 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231344AbiLSSlj (ORCPT ); Mon, 19 Dec 2022 13:41:39 -0500 Received: from mail-pg1-x54a.google.com (mail-pg1-x54a.google.com [IPv6:2607:f8b0:4864:20::54a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D36CF65DA for ; Mon, 19 Dec 2022 10:41:38 -0800 (PST) Received: by mail-pg1-x54a.google.com with SMTP id i19-20020a63e913000000b004705d1506a6so5974015pgh.13 for ; Mon, 19 Dec 2022 10:41:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=SNYwUfFTuoAl5hIOKZfjRFYuwooe+ZnU5TXmMtVw1Vw=; b=PCE1gF+1xjOltBu41UU9JPCPlViAY0cp05OJvxQyQmPrpc7dNlHqmkq7q85iScUgvx 59kbvpZ4IjfRtmma8ODffuMTsAdjF6mc9FKVnFuKmw3rIELY0aR224rULoZiXejfOyPf FqKdlLrrnzQ6/TCerumh1X/uvJfXZqds67yZn+AFQJl4989wHnRjAT2AzwxFsBTJNKfx cL6dAu+m1G6g1ck0y4oLro0/8KGrxIl8w+FuqOar5e0t0qvTFZly6zsHf3kBOU8TZs8R LLRlKdcxr8DoXqpBUn8ZIP3Srjfi+Eo3QZ34EJGob+nKn5A2MI7/q1aI8OxYh9LPoYPL oMfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=SNYwUfFTuoAl5hIOKZfjRFYuwooe+ZnU5TXmMtVw1Vw=; b=M3ZAjRvvb9b0frF5vZ7k7m0eYnkrArfC6LHXP1ZRRYk3mtdgIE44gl8in8e/TBo/7N u0sVpzVWgJ7sx5krYYws4GKCSXQNJcKJBjM3gpj6pd2tYyZk68zYkRZ4WBzJuXdZCPfE bTvdtrBw9Xp7O9O7cYuHW6QjQAsPna9oQUJrk4merGkr0g3xLTBqeXegGiZRPxAITrfE jCkvMPVBT3N5e0QqWMWMb/RcrqklIQ3TEW5jZ/7je7UQIe5bnZSRitylUHvqOdXP4Pqb bxI4ZsW+PYd0nlKukPIRDBLsKaG5znmuv3xbiNzGjl5k0dMISTZvdsjyUrN4+A0ov54Z yvxQ== X-Gm-Message-State: ANoB5pnh/bPPvnuwTlaM2oNw1f3g8sJRPiczqs/9OuLW+2YEyzYfqvlO VMGiXKBYvoGKCKM4RG2Pc+eaPKg= X-Received: from sdf.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5935]) (user=sdf job=sendgmr) by 2002:a17:902:74c3:b0:189:71ff:cfb5 with SMTP id f3-20020a17090274c300b0018971ffcfb5mr60929233plt.7.1671475298158; Mon, 19 Dec 2022 10:41:38 -0800 (PST) Date: Mon, 19 Dec 2022 10:41:36 -0800 In-Reply-To: <20221218051734.31411-1-cehrig@cloudflare.com> Mime-Version: 1.0 References: <20221218051734.31411-1-cehrig@cloudflare.com> Message-ID: Subject: Re: [PATCH bpf-next 1/2] bpf: Add flag BPF_F_NO_TUNNEL_KEY to bpf_skb_set_tunnel_key() From: sdf@google.com To: Christian Ehrig Cc: bpf@vger.kernel.org, Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Hao Luo , Jiri Olsa , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Mykola Lysenko , Shuah Khan , Joanne Koong , Kui-Feng Lee , Maxim Mikityanskiy , Kaixi Fan , Shmulik Ladkani , Paul Chaignon , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/18, Christian Ehrig wrote: > This patch allows to remove TUNNEL_KEY from the tunnel flags bitmap > when using bpf_skb_set_tunnel_key by providing a BPF_F_NO_TUNNEL_KEY > flag. On egress, the resulting tunnel header will not contain a tunnel > key if the protocol and implementation supports it. > At the moment bpf_tunnel_key wants a user to specify a numeric tunnel > key. This will wrap the inner packet into a tunnel header with the key > bit and value set accordingly. This is problematic when using a tunnel > protocol that supports optional tunnel keys and a receiving tunnel > device that is not expecting packets with the key bit set. The receiver > won't decapsulate and drop the packet. > RFC 2890 and RFC 2784 GRE tunnels are examples where this flag is > useful. It allows for generating packets, that can be decapsulated by > a GRE tunnel device not operating in collect metadata mode or not > expecting the key bit set. > Signed-off-by: Christian Ehrig Acked-by: Stanislav Fomichev > --- > include/uapi/linux/bpf.h | 4 ++++ > net/core/filter.c | 5 ++++- > tools/include/uapi/linux/bpf.h | 4 ++++ > 3 files changed, 12 insertions(+), 1 deletion(-) > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h > index 464ca3f01fe7..bc1a3d232ae4 100644 > --- a/include/uapi/linux/bpf.h > +++ b/include/uapi/linux/bpf.h > @@ -2001,6 +2001,9 @@ union bpf_attr { > * sending the packet. This flag was added for GRE > * encapsulation, but might be used with other protocols > * as well in the future. > + * **BPF_F_NO_TUNNEL_KEY** > + * Add a flag to tunnel metadata indicating that no tunnel > + * key should be set in the resulting tunnel header. > * > * Here is a typical usage on the transmit path: > * > @@ -5764,6 +5767,7 @@ enum { > BPF_F_ZERO_CSUM_TX = (1ULL << 1), > BPF_F_DONT_FRAGMENT = (1ULL << 2), > BPF_F_SEQ_NUMBER = (1ULL << 3), > + BPF_F_NO_TUNNEL_KEY = (1ULL << 4), > }; > /* BPF_FUNC_skb_get_tunnel_key flags. */ > diff --git a/net/core/filter.c b/net/core/filter.c > index 929358677183..c746e4d77214 100644 > --- a/net/core/filter.c > +++ b/net/core/filter.c > @@ -4615,7 +4615,8 @@ BPF_CALL_4(bpf_skb_set_tunnel_key, struct sk_buff > *, skb, > struct ip_tunnel_info *info; > if (unlikely(flags & ~(BPF_F_TUNINFO_IPV6 | BPF_F_ZERO_CSUM_TX | > - BPF_F_DONT_FRAGMENT | BPF_F_SEQ_NUMBER))) > + BPF_F_DONT_FRAGMENT | BPF_F_SEQ_NUMBER | > + BPF_F_NO_TUNNEL_KEY))) > return -EINVAL; > if (unlikely(size != sizeof(struct bpf_tunnel_key))) { > switch (size) { > @@ -4653,6 +4654,8 @@ BPF_CALL_4(bpf_skb_set_tunnel_key, struct sk_buff > *, skb, > info->key.tun_flags &= ~TUNNEL_CSUM; > if (flags & BPF_F_SEQ_NUMBER) > info->key.tun_flags |= TUNNEL_SEQ; > + if (flags & BPF_F_NO_TUNNEL_KEY) > + info->key.tun_flags &= ~TUNNEL_KEY; > info->key.tun_id = cpu_to_be64(from->tunnel_id); > info->key.tos = from->tunnel_tos; > diff --git a/tools/include/uapi/linux/bpf.h > b/tools/include/uapi/linux/bpf.h > index 464ca3f01fe7..bc1a3d232ae4 100644 > --- a/tools/include/uapi/linux/bpf.h > +++ b/tools/include/uapi/linux/bpf.h > @@ -2001,6 +2001,9 @@ union bpf_attr { > * sending the packet. This flag was added for GRE > * encapsulation, but might be used with other protocols > * as well in the future. > + * **BPF_F_NO_TUNNEL_KEY** > + * Add a flag to tunnel metadata indicating that no tunnel > + * key should be set in the resulting tunnel header. > * > * Here is a typical usage on the transmit path: > * > @@ -5764,6 +5767,7 @@ enum { > BPF_F_ZERO_CSUM_TX = (1ULL << 1), > BPF_F_DONT_FRAGMENT = (1ULL << 2), > BPF_F_SEQ_NUMBER = (1ULL << 3), > + BPF_F_NO_TUNNEL_KEY = (1ULL << 4), > }; > /* BPF_FUNC_skb_get_tunnel_key flags. */ > -- > 2.37.4