ip: vxlan: Support IFLA_VXLAN_RESERVED_BITS

A new attribute, IFLA_VXLAN_RESERVED_BITS, was added in Linux kernel
commit 6c11379b104e ("vxlan: Add an attribute to make VXLAN header
validation configurable") (See the link below for the full patchset).

The payload is a 64-bit binary field that covers the VXLAN header. The set
bits indicate which bits in a VXLAN packet header should be allowed to
carry 1's. Support the new attribute through a CLI keyword "reserved_bits".

Link: https://patch.msgid.link/173378643250.273075.13832548579412179113.git-patchwork-notify@kernel.org
Signed-off-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>

diff --git a/ip/iplink_vxlan.c b/ip/iplink_vxlan.c
index 7781d60bbb52fd4473ee89175bae0769af3c0bcb..9649a8eb6166e59b32f8229707a0f040ad6a13a7 100644 (file)
--- a/ip/iplink_vxlan.c
+++ b/ip/iplink_vxlan.c
@@ -52,6 +52,7 @@ static void print_explain(FILE *f)
                "               [ dev PHYS_DEV ]\n"
                "               [ dstport PORT ]\n"
                "               [ srcport MIN MAX ]\n"
+               "               [ reserved_bits VALUE ]\n"
                "               [ [no]learning ]\n"
                "               [ [no]proxy ]\n"
                "               [ [no]rsc ]\n"
@@ -337,6 +338,17 @@ static int vxlan_parse_opt(struct link_util *lu, int argc, char **argv,
                        check_duparg(&attrs, IFLA_VXLAN_LOCALBYPASS,
                                     *argv, *argv);
                        addattr8(n, 1024, IFLA_VXLAN_LOCALBYPASS, 0);
+               } else if (strcmp(*argv, "reserved_bits") == 0) {
+                       NEXT_ARG();
+                       __be64 bits;
+
+                       check_duparg(&attrs, IFLA_VXLAN_RESERVED_BITS,
+                                    *argv, *argv);
+                       if (get_be64(&bits, *argv, 0))
+                               invarg("reserved_bits", *argv);
+                       addattr_l(n, 1024, IFLA_VXLAN_RESERVED_BITS,
+                                 &bits, sizeof(bits));
+
                } else if (!matches(*argv, "external")) {
                        check_duparg(&attrs, IFLA_VXLAN_COLLECT_METADATA,
                                     *argv, *argv);
@@ -601,6 +613,14 @@ static void vxlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
            ((maxaddr = rta_getattr_u32(tb[IFLA_VXLAN_LIMIT])) != 0))
                print_uint(PRINT_ANY, "limit", "maxaddr %u ", maxaddr);
 
+       if (tb[IFLA_VXLAN_RESERVED_BITS]) {
+               __be64 reserved_bits =
+                       rta_getattr_u64(tb[IFLA_VXLAN_RESERVED_BITS]);
+
+               print_0xhex(PRINT_ANY, "reserved_bits",
+                           "reserved_bits %#llx ", ntohll(reserved_bits));
+       }
+
        if (tb[IFLA_VXLAN_GBP])
                print_null(PRINT_ANY, "gbp", "gbp ", NULL);
        if (tb[IFLA_VXLAN_GPE])

diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index 64b5ba21c222e12b9b0f6e087f85bddf7e374a4b..d0f3055685b9848fc3b89d010661eda961cf9d80 100644 (file)
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -632,6 +632,8 @@ the following additional arguments are supported:
 ] [
 .BI srcport " MIN MAX "
 ] [
+.BI reserved_bits " VALUE "
+] [
 .RB [ no ] learning
 ] [
 .RB [ no ] proxy
@@ -725,6 +727,13 @@ bit is not set.
 - specifies the range of port numbers to use as UDP
 source ports to communicate to the remote VXLAN tunnel endpoint.
 
+.sp
+.BI reserved_bits " VALUE "
+- by default the kernel rejects packets that have bits set outside of the fields
+required by the features enabled on the VXLAN netdevice. \fBreserved_bits\fR is
+a 64-bit quantity specifying which bits it should be possible to set in a VXLAN
+header. Each bit set in the value is a tolerated bit set in a packet.
+
 .sp
 .RB [ no ] learning
 - specifies if unknown source link layer addresses and IP addresses