Received: by 2002:a05:7412:7c14:b0:fa:6e18:a558 with SMTP id ii20csp404343rdb; Mon, 22 Jan 2024 07:46:46 -0800 (PST) X-Google-Smtp-Source: AGHT+IFk2gUyDIbmevbUZRU4dmC6G4sLoOcHCjOTkMvJ0ZeUYmnw1/NP/rtzGl9myTquzTooEx48 X-Received: by 2002:a17:90a:dc15:b0:28e:87a4:ebcc with SMTP id i21-20020a17090adc1500b0028e87a4ebccmr4647864pjv.4.1705938405691; Mon, 22 Jan 2024 07:46:45 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705938405; cv=pass; d=google.com; s=arc-20160816; b=vaujf7WfTQmKDYxqdvrawpHFLMeNv9EPh+SIJhQW6+1VlFsMJ5MQB6ZiFiKnwqPTEF 01agqdoWvBSHE6lKKrMJfwg4vePKxPgwCiYL3+7WKJVvOB/X1AaRK9AdHsPJgAG0TbW3 EkYXtObZCPQO/cuE1M2mcZcD9tbmraJrvR7cvAzhM7/k7NEvntzv05ASsfkckFOPS7ll el2BLkRsJo+1YlQpiHnBLJ46TAhMwQagcDbh/fJEpcJWhlr4Yiwz74y5D9KugYqmr8oQ sOV+8Wzq//0gVi8JOZxuIlqCw2OeiGOjii1rkEc/DNgWBhHnpRsbizG4Sa5PYUK38Lwt fY4w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:feedback-id:dkim-signature; bh=PotvrWwsMR7MuOH77N/IRKZsV4mkArNK04ios3YAzIE=; fh=hyIbCfwerJIK74evLmpbs6ybDVkHXLsgxS6HBBgK+n4=; b=GL2LsuEiCOZSyUKf7SyJOLf15mdpWBpfGjtI6sGu9MPNGGy3+qjw+LrVByX7EJIbFY aviO+hkbBx+X4iYlYu8PZ41OSBC+EmOWU/MpF2EbROh11mfIm21eo9u1+sz0ILwwMeM4 OjGBknVdUI8SlfGLesErVU4BuZ4nXWbrfbxj8nXw4ReI80i096m+W9h9jXnJYjDDoSJs NK50p9Lvy7LO7Sts2fkJkaoLsISQ0Ljv9VQcOw6nKsUqTpQD9CXuUwe1T4lNtpHuGuYM TEGd4+xOtUlSFEA2em2sYJnsrq01QHGKy4rq2+3OyoFBHnSr4TrMlK39Sf+yzwGuTP7X ja5Q== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=hsFuu2b2; arc=pass (i=1 dkim=pass dkdomain=messagingengine.com); spf=pass (google.com: domain of linux-kernel+bounces-32641-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-32641-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id ci7-20020a17090afc8700b002900b3297dcsi6817349pjb.69.2024.01.22.07.46.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 07:46:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-32641-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=hsFuu2b2; arc=pass (i=1 dkim=pass dkdomain=messagingengine.com); spf=pass (google.com: domain of linux-kernel+bounces-32641-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-32641-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id B64EE282EE9 for ; Mon, 22 Jan 2024 09:39:36 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 445D539FC9; Mon, 22 Jan 2024 09:39:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="hsFuu2b2" Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A6F8539FC5; Mon, 22 Jan 2024 09:39:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.111.4.28 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705916363; cv=none; b=LrmuiegyY12ZTVyLgOH9KrSsxHZ2tE8U3gvwXt1My609km4ISZUune88rjeAKRuDFACC8X8/isYC5dxvBWhjFiXCrTfYO8lRskB6rf5mI2ov4UWN00J8qKJBKUdeEFTUDCqlzDLOtQxwGva7M9NeKjardEvBSyMAITCPYOWR2d4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705916363; c=relaxed/simple; bh=//UbHTP66T/3Bbp+ALZPOi1OABLSsOFzh5n/KVWypkE=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=IXlFxWA9NCpB6TMKDFhGNVxizFFW5uqTD/Vqi6vDtQjotOVU7oSWhV6sCwqxUPt3BpahoZeBDSm8XZz479kaGvhsUwZgnSEGr/Zwd8RqUQc70MZJxsTxGUksKOXWbtMhwNsB7rTLYEAZiOw4ysysMD+MBqxhgDZ27QltRRp/Fjc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=idosch.org; spf=none smtp.mailfrom=idosch.org; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=hsFuu2b2; arc=none smtp.client-ip=66.111.4.28 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=idosch.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=idosch.org Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailout.nyi.internal (Postfix) with ESMTP id 85D785C00C4; Mon, 22 Jan 2024 04:39:20 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Mon, 22 Jan 2024 04:39:20 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1705916360; x=1706002760; bh=PotvrWwsMR7MuOH77N/IRKZsV4mk ArNK04ios3YAzIE=; b=hsFuu2b2twCbknwE+EuDoJTW9qkJ2mGnsHoYDbZ8NLCc KiG9Ia2LrUf57XxrJycupOOrY1TX4jLx2XgtavqXsXr0xKTe2nJzENY5mFT1G2t/ jXD4XSinaIQmBv+TQwVKQgrHKgF+osHgV+g/7oiPb2gPrLjFOL4UVbU3IBkkPWVU RO5Rv/vAp2EtOgrRXtUAqwjj8f/8/Lcuclim/hrUeIyYWIfr3xCj51cK5sA9kTi2 9I8i0KUzdM2VxFT10OVrgPtC94KsGucrknT/arg1XrNjvmwtT+RlunaRH+WZ1kCd sB0qemqQQtIXbw5pxsvF/4dWp91/oZBiLcjmqaYgRA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrvdekiedgtdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepkfguohcu ufgthhhimhhmvghluceoihguohhstghhsehiughoshgthhdrohhrgheqnecuggftrfgrth htvghrnhepvddufeevkeehueegfedtvdevfefgudeifeduieefgfelkeehgeelgeejjeeg gefhnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepih guohhstghhsehiughoshgthhdrohhrgh X-ME-Proxy: Feedback-ID: i494840e7:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 22 Jan 2024 04:39:19 -0500 (EST) Date: Mon, 22 Jan 2024 11:39:16 +0200 From: Ido Schimmel To: Jakub Kicinski Cc: Thomas Lamprecht , "David S. Miller" , Eric Dumazet , Paolo Abeni , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: vxlan: how to expose opt-in RFC conformity with unprocessed header flags Message-ID: References: <20240116082357.22daf549@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240116082357.22daf549@kernel.org> On Tue, Jan 16, 2024 at 08:23:57AM -0800, Jakub Kicinski wrote: > On Fri, 12 Jan 2024 16:13:22 +0100 Thomas Lamprecht wrote: > > What would be the accepted way to add a switch of making this RFC conform in > > an opt-in way? A module parameter? A sysfs entry? Through netlink? > > Thru netlink. +1 > My intuition would be to try to add a "ignore bits" mask, rather than > "RFC compliance knob" because RFCs may have shorter lifespan than > kernel's uAPI guarantees.. Newer Spectrum chips have a 64 bit mask that covers the entire VXLAN header. If a bit is set in the mask and the corresponding bit in the VXLAN header is not zero, the packet is dropped / trapped. Another option, assuming the interface that receives the encapsulated packets is known, is to clear the reserved bits in the VXLAN header using pedit. This seems to work: tc -n ns2 qdisc add dev veth1 clsact tc -n ns2 filter add dev veth1 ingress pref 1 proto ip flower ip_proto udp \ dst_port 4789 \ action pedit munge offset 28 u8 set 0x08 Tested by setting the reserved bits on the other side and making sure ping works: tc -n ns1 qdisc add dev veth0 clsact tc -n ns1 filter add dev veth0 egress pref 1 proto ip flower ip_proto udp \ dst_port 4789 \ action pedit munge offset 28 u8 set 0xff The advantage is that no kernel changes are required whereas the netlink solution will have to be maintained forever, even after the other side is fixed.