Received: by 2002:a05:7412:7c14:b0:fa:6e18:a558 with SMTP id ii20csp404343rdb;
        Mon, 22 Jan 2024 07:46:46 -0800 (PST)
X-Google-Smtp-Source: AGHT+IFk2gUyDIbmevbUZRU4dmC6G4sLoOcHCjOTkMvJ0ZeUYmnw1/NP/rtzGl9myTquzTooEx48
X-Received: by 2002:a17:90a:dc15:b0:28e:87a4:ebcc with SMTP id i21-20020a17090adc1500b0028e87a4ebccmr4647864pjv.4.1705938405691;
        Mon, 22 Jan 2024 07:46:45 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1705938405; cv=pass;
        d=google.com; s=arc-20160816;
        b=vaujf7WfTQmKDYxqdvrawpHFLMeNv9EPh+SIJhQW6+1VlFsMJ5MQB6ZiFiKnwqPTEF
         01agqdoWvBSHE6lKKrMJfwg4vePKxPgwCiYL3+7WKJVvOB/X1AaRK9AdHsPJgAG0TbW3
         EkYXtObZCPQO/cuE1M2mcZcD9tbmraJrvR7cvAzhM7/k7NEvntzv05ASsfkckFOPS7ll
         el2BLkRsJo+1YlQpiHnBLJ46TAhMwQagcDbh/fJEpcJWhlr4Yiwz74y5D9KugYqmr8oQ
         sOV+8Wzq//0gVi8JOZxuIlqCw2OeiGOjii1rkEc/DNgWBhHnpRsbizG4Sa5PYUK38Lwt
         fY4w==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:feedback-id:dkim-signature;
        bh=PotvrWwsMR7MuOH77N/IRKZsV4mkArNK04ios3YAzIE=;
        fh=hyIbCfwerJIK74evLmpbs6ybDVkHXLsgxS6HBBgK+n4=;
        b=GL2LsuEiCOZSyUKf7SyJOLf15mdpWBpfGjtI6sGu9MPNGGy3+qjw+LrVByX7EJIbFY
         aviO+hkbBx+X4iYlYu8PZ41OSBC+EmOWU/MpF2EbROh11mfIm21eo9u1+sz0ILwwMeM4
         OjGBknVdUI8SlfGLesErVU4BuZ4nXWbrfbxj8nXw4ReI80i096m+W9h9jXnJYjDDoSJs
         NK50p9Lvy7LO7Sts2fkJkaoLsISQ0Ljv9VQcOw6nKsUqTpQD9CXuUwe1T4lNtpHuGuYM
         TEGd4+xOtUlSFEA2em2sYJnsrq01QHGKy4rq2+3OyoFBHnSr4TrMlK39Sf+yzwGuTP7X
         ja5Q==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=hsFuu2b2;
       arc=pass (i=1 dkim=pass dkdomain=messagingengine.com);
       spf=pass (google.com: domain of linux-kernel+bounces-32641-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-32641-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-kernel+bounces-32641-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1])
        by mx.google.com with ESMTPS id ci7-20020a17090afc8700b002900b3297dcsi6817349pjb.69.2024.01.22.07.46.45
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 22 Jan 2024 07:46:45 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-32641-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=hsFuu2b2;
       arc=pass (i=1 dkim=pass dkdomain=messagingengine.com);
       spf=pass (google.com: domain of linux-kernel+bounces-32641-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-32641-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id B64EE282EE9
	for <linux.lists.archive@gmail.com>; Mon, 22 Jan 2024 09:39:36 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 445D539FC9;
	Mon, 22 Jan 2024 09:39:24 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="hsFuu2b2"
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A6F8539FC5;
	Mon, 22 Jan 2024 09:39:21 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.111.4.28
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1705916363; cv=none; b=LrmuiegyY12ZTVyLgOH9KrSsxHZ2tE8U3gvwXt1My609km4ISZUune88rjeAKRuDFACC8X8/isYC5dxvBWhjFiXCrTfYO8lRskB6rf5mI2ov4UWN00J8qKJBKUdeEFTUDCqlzDLOtQxwGva7M9NeKjardEvBSyMAITCPYOWR2d4=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1705916363; c=relaxed/simple;
	bh=//UbHTP66T/3Bbp+ALZPOi1OABLSsOFzh5n/KVWypkE=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=IXlFxWA9NCpB6TMKDFhGNVxizFFW5uqTD/Vqi6vDtQjotOVU7oSWhV6sCwqxUPt3BpahoZeBDSm8XZz479kaGvhsUwZgnSEGr/Zwd8RqUQc70MZJxsTxGUksKOXWbtMhwNsB7rTLYEAZiOw4ysysMD+MBqxhgDZ27QltRRp/Fjc=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=idosch.org; spf=none smtp.mailfrom=idosch.org; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=hsFuu2b2; arc=none smtp.client-ip=66.111.4.28
Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=idosch.org
Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=idosch.org
Received: from compute7.internal (compute7.nyi.internal [10.202.2.48])
	by mailout.nyi.internal (Postfix) with ESMTP id 85D785C00C4;
	Mon, 22 Jan 2024 04:39:20 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162])
  by compute7.internal (MEProxy); Mon, 22 Jan 2024 04:39:20 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm3; t=1705916360; x=1706002760; bh=PotvrWwsMR7MuOH77N/IRKZsV4mk
	ArNK04ios3YAzIE=; b=hsFuu2b2twCbknwE+EuDoJTW9qkJ2mGnsHoYDbZ8NLCc
	KiG9Ia2LrUf57XxrJycupOOrY1TX4jLx2XgtavqXsXr0xKTe2nJzENY5mFT1G2t/
	jXD4XSinaIQmBv+TQwVKQgrHKgF+osHgV+g/7oiPb2gPrLjFOL4UVbU3IBkkPWVU
	RO5Rv/vAp2EtOgrRXtUAqwjj8f/8/Lcuclim/hrUeIyYWIfr3xCj51cK5sA9kTi2
	9I8i0KUzdM2VxFT10OVrgPtC94KsGucrknT/arg1XrNjvmwtT+RlunaRH+WZ1kCd
	sB0qemqQQtIXbw5pxsvF/4dWp91/oZBiLcjmqaYgRA==
X-ME-Sender: <xms:yDeuZb6TPPVuOY5yfTIFF3yXTScpTerW5Bf8K5dXSwy5OM6nCrZiXQ>
    <xme:yDeuZQ64pRbjeNOmKtjSAi-9J25szfF4C9ppmCQwAvo_UcuCvo70i6mEE6kJZg0lK
    VcQff4rExP0osI>
X-ME-Received: <xmr:yDeuZSdKNFCe-1iSyVs1VM4Ckkr_AdTqLeV7eygihpOdkRgXRIzgERGNCQIB>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrvdekiedgtdehucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
    cujfgurhepfffhvfevuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepkfguohcu
    ufgthhhimhhmvghluceoihguohhstghhsehiughoshgthhdrohhrgheqnecuggftrfgrth
    htvghrnhepvddufeevkeehueegfedtvdevfefgudeifeduieefgfelkeehgeelgeejjeeg
    gefhnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepih
    guohhstghhsehiughoshgthhdrohhrgh
X-ME-Proxy: <xmx:yDeuZcIIupMje_iHZoxF1OdxwQ2zZW31ChpAcZ5atPYIm-UwYZvtHA>
    <xmx:yDeuZfLKL5WyuJkX-rkwz6vGtoQzugMiqlVMZ99rGSFjEvEExQ2XtA>
    <xmx:yDeuZVxxrelR5apV_1K4F8678Zp6Tss3QnIlZiRXj65wRt6gAq0wFg>
    <xmx:yDeuZcFQzG5cGj0Mp7cLyCABKiWM084MABd998OhUsRMK3JLFz5fFA>
Feedback-ID: i494840e7:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon,
 22 Jan 2024 04:39:19 -0500 (EST)
Date: Mon, 22 Jan 2024 11:39:16 +0200
From: Ido Schimmel <idosch@idosch.org>
To: Jakub Kicinski <kuba@kernel.org>
Cc: Thomas Lamprecht <t.lamprecht@proxmox.com>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>, Paolo Abeni <pabeni@redhat.com>,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: vxlan: how to expose opt-in RFC conformity with unprocessed
 header flags
Message-ID: <Za43xKoWDtL6MxCn@shredder>
References: <db8b9e19-ad75-44d3-bfb2-46590d426ff5@proxmox.com>
 <20240116082357.22daf549@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20240116082357.22daf549@kernel.org>

On Tue, Jan 16, 2024 at 08:23:57AM -0800, Jakub Kicinski wrote:
> On Fri, 12 Jan 2024 16:13:22 +0100 Thomas Lamprecht wrote:
> > What would be the accepted way to add a switch of making this RFC conform in
> > an opt-in way? A module parameter? A sysfs entry? Through netlink?
> 
> Thru netlink. 

+1 

> My intuition would be to try to add a "ignore bits" mask, rather than
> "RFC compliance knob" because RFCs may have shorter lifespan than
> kernel's uAPI guarantees..

Newer Spectrum chips have a 64 bit mask that covers the entire VXLAN
header. If a bit is set in the mask and the corresponding bit in the
VXLAN header is not zero, the packet is dropped / trapped.

Another option, assuming the interface that receives the encapsulated
packets is known, is to clear the reserved bits in the VXLAN header
using pedit. This seems to work:

tc -n ns2 qdisc add dev veth1 clsact
tc -n ns2 filter add dev veth1 ingress pref 1 proto ip flower ip_proto udp \
        dst_port 4789 \
        action pedit munge offset 28 u8 set 0x08

Tested by setting the reserved bits on the other side and making sure
ping works:

tc -n ns1 qdisc add dev veth0 clsact
tc -n ns1 filter add dev veth0 egress pref 1 proto ip flower ip_proto udp \
        dst_port 4789 \
        action pedit munge offset 28 u8 set 0xff

The advantage is that no kernel changes are required whereas the netlink
solution will have to be maintained forever, even after the other side
is fixed.