From: Petr Machata <petrm@nvidia.com>
Date: Mon, 20 Jan 2025 15:43:06 +0000 (+0100)
Subject: ip: vxlan: Support IFLA_VXLAN_RESERVED_BITS
X-Git-Tag: v6.14.0~8^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1db4f568789b57a5fd0a66679787d33fca986ab2;p=thirdparty%2Fiproute2.git

ip: vxlan: Support IFLA_VXLAN_RESERVED_BITS

A new attribute, IFLA_VXLAN_RESERVED_BITS, was added in Linux kernel
commit 6c11379b104e ("vxlan: Add an attribute to make VXLAN header
validation configurable") (See the link below for the full patchset).

The payload is a 64-bit binary field that covers the VXLAN header. The set
bits indicate which bits in a VXLAN packet header should be allowed to
carry 1's. Support the new attribute through a CLI keyword "reserved_bits".

Link: https://patch.msgid.link/173378643250.273075.13832548579412179113.git-patchwork-notify@kernel.org
Signed-off-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
---

diff --git a/ip/iplink_vxlan.c b/ip/iplink_vxlan.c
index 7781d60b..9649a8eb 100644
--- a/ip/iplink_vxlan.c
+++ b/ip/iplink_vxlan.c
@@ -52,6 +52,7 @@ static void print_explain(FILE *f)
 		"		[ dev PHYS_DEV ]\n"
 		"		[ dstport PORT ]\n"
 		"		[ srcport MIN MAX ]\n"
+		"		[ reserved_bits VALUE ]\n"
 		"		[ [no]learning ]\n"
 		"		[ [no]proxy ]\n"
 		"		[ [no]rsc ]\n"
@@ -337,6 +338,17 @@ static int vxlan_parse_opt(struct link_util *lu, int argc, char **argv,
 			check_duparg(&attrs, IFLA_VXLAN_LOCALBYPASS,
 				     *argv, *argv);
 			addattr8(n, 1024, IFLA_VXLAN_LOCALBYPASS, 0);
+		} else if (strcmp(*argv, "reserved_bits") == 0) {
+			NEXT_ARG();
+			__be64 bits;
+
+			check_duparg(&attrs, IFLA_VXLAN_RESERVED_BITS,
+				     *argv, *argv);
+			if (get_be64(&bits, *argv, 0))
+				invarg("reserved_bits", *argv);
+			addattr_l(n, 1024, IFLA_VXLAN_RESERVED_BITS,
+				  &bits, sizeof(bits));
+
 		} else if (!matches(*argv, "external")) {
 			check_duparg(&attrs, IFLA_VXLAN_COLLECT_METADATA,
 				     *argv, *argv);
@@ -601,6 +613,14 @@ static void vxlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
 	    ((maxaddr = rta_getattr_u32(tb[IFLA_VXLAN_LIMIT])) != 0))
 		print_uint(PRINT_ANY, "limit", "maxaddr %u ", maxaddr);
 
+	if (tb[IFLA_VXLAN_RESERVED_BITS]) {
+		__be64 reserved_bits =
+			rta_getattr_u64(tb[IFLA_VXLAN_RESERVED_BITS]);
+
+		print_0xhex(PRINT_ANY, "reserved_bits",
+			    "reserved_bits %#llx ", ntohll(reserved_bits));
+	}
+
 	if (tb[IFLA_VXLAN_GBP])
 		print_null(PRINT_ANY, "gbp", "gbp ", NULL);
 	if (tb[IFLA_VXLAN_GPE])
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index 64b5ba21..d0f30556 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -632,6 +632,8 @@ the following additional arguments are supported:
 ] [
 .BI srcport " MIN MAX "
 ] [
+.BI reserved_bits " VALUE "
+] [
 .RB [ no ] learning
 ] [
 .RB [ no ] proxy
@@ -725,6 +727,13 @@ bit is not set.
 - specifies the range of port numbers to use as UDP
 source ports to communicate to the remote VXLAN tunnel endpoint.
 
+.sp
+.BI reserved_bits " VALUE "
+- by default the kernel rejects packets that have bits set outside of the fields
+required by the features enabled on the VXLAN netdevice. \fBreserved_bits\fR is
+a 64-bit quantity specifying which bits it should be possible to set in a VXLAN
+header. Each bit set in the value is a tolerated bit set in a packet.
+
 .sp
 .RB [ no ] learning
 - specifies if unknown source link layer addresses and IP addresses