From: Xin Long <lucien.xin@gmail.com>
To: network dev <netdev@vger.kernel.org>, netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH nf-next 0/7] netfilter: nft_tunnel: reinforce key opts support
Date: Sun, 8 Dec 2019 12:41:30 +0800 [thread overview]
Message-ID: <cover.1575779993.git.lucien.xin@gmail.com> (raw)
This patchset improves quite a few places to make vxlan/erspan
opts in nft_tunnel work with userspace nftables/libnftnl, and
also keep consistent with the support for vxlan/erspan opts in
act_tunnel_key, cls_flower and ip_tunnel_core.
Meanwhile, add support for geneve opts in nft_tunnel. One patch
for nftables and one for libnftnl will be posted here for the
testing. With them, nft_tunnel can be set and used by:
# nft add table ip filter
# nft add chain ip filter input { type filter hook input priority 0 \; }
# nft add tunnel filter vxlan_01 { type vxlan\; id 2\; \
ip saddr 192.168.1.1\; ip daddr 192.168.1.2\; \
sport 9000\; dport 9001\; dscp 1234\; ttl 64\; flags 1\; \
opts \"ffff\"\; }
# nft add tunnel filter erspan_01 { type erspan\; id 2\; \
ip saddr 192.168.1.1\; ip daddr 192.168.1.2\; \
sport 9000\; dport 9001\; dscp 1234\; ttl 64\; flags 1\; \
opts \"1:1:0:0\"\; }
# nft add tunnel filter erspan_02 { type erspan\; id 2\; \
ip saddr 192.168.1.1\; ip daddr 192.168.1.2\; \
sport 9000\; dport 9001\; dscp 1234\; ttl 64\; flags 1\; \
opts \"2:0:1:1\"\; }
# nft add tunnel filter geneve_01 { type geneve\; id 2\; \
ip saddr 192.168.1.1\; ip daddr 192.168.1.2\; \
sport 9000\; dport 9001\; dscp 1234\; ttl 64\; flags 1\; \
opts \"1:1:1212121234567890\"\; }
# nft add tunnel filter geneve_02 { type geneve\; id 2\; \
ip saddr 192.168.1.1\; ip daddr 192.168.1.2\; \
sport 9000\; dport 9001\; dscp 1234\; ttl 64\; flags 1\; \
opts \"1:1:34567890,2:2:12121212,3:3:1212121234567890\"\; }
# nft list tunnels table filter
# nft add rule filter input ip protocol udp tunnel name geneve_02
# nft add rule filter input meta l4proto udp tunnel id 2 drop
# nft add rule filter input meta l4proto udp tunnel path 0 drop
# nft list chain filter input -a
Xin Long (7):
netfilter: nft_tunnel: parse ERSPAN_VERSION attr as u8
netfilter: nft_tunnel: parse VXLAN_GBP attr as u32 in nft_tunnel
netfilter: nft_tunnel: no need to call htons() when dumping ports
netfilter: nft_tunnel: also dump ERSPAN_VERSION
netfilter: nft_tunnel: also dump OPTS_ERSPAN/VXLAN
netfilter: nft_tunnel: add the missing nla_nest_cancel()
netfilter: nft_tunnel: add support for geneve opts
include/uapi/linux/netfilter/nf_tables.h | 10 ++
net/netfilter/nft_tunnel.c | 170 +++++++++++++++++++++++++------
2 files changed, 151 insertions(+), 29 deletions(-)
--
2.1.0
next reply other threads:[~2019-12-08 4:42 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-08 4:41 Xin Long [this message]
2019-12-08 4:41 ` [PATCH nf-next 1/7] netfilter: nft_tunnel: parse ERSPAN_VERSION attr as u8 Xin Long
2019-12-09 20:03 ` Simon Horman
2019-12-10 4:05 ` Xin Long
2019-12-13 9:30 ` Simon Horman
2019-12-17 21:39 ` Pablo Neira Ayuso
2019-12-11 21:51 ` Pablo Neira Ayuso
2019-12-12 3:20 ` Xin Long
2019-12-12 12:33 ` Pablo Neira Ayuso
2019-12-08 4:41 ` [PATCH nf-next 2/7] netfilter: nft_tunnel: parse VXLAN_GBP attr as u32 in nft_tunnel Xin Long
2019-12-11 21:52 ` Pablo Neira Ayuso
2019-12-08 4:41 ` [PATCH nf-next 3/7] netfilter: nft_tunnel: no need to call htons() when dumping ports Xin Long
2019-12-11 21:53 ` Pablo Neira Ayuso
2019-12-11 22:06 ` Pablo Neira Ayuso
2019-12-11 22:06 ` Pablo Neira Ayuso
2019-12-11 21:57 ` Pablo Neira Ayuso
2019-12-08 4:41 ` [PATCH nf-next 4/7] netfilter: nft_tunnel: also dump ERSPAN_VERSION Xin Long
2019-12-11 21:53 ` Pablo Neira Ayuso
2019-12-08 4:41 ` [PATCH nf-next 5/7] netfilter: nft_tunnel: also dump OPTS_ERSPAN/VXLAN Xin Long
2019-12-11 21:55 ` Pablo Neira Ayuso
2019-12-08 4:41 ` [PATCH nf-next 6/7] netfilter: nft_tunnel: add the missing nla_nest_cancel() Xin Long
2019-12-11 21:55 ` Pablo Neira Ayuso
2019-12-08 4:41 ` [PATCH nf-next 7/7] netfilter: nft_tunnel: add support for geneve opts Xin Long
2019-12-08 4:51 ` [PATCH nf-next 0/7] netfilter: nft_tunnel: reinforce key opts support Xin Long
2019-12-12 3:02 ` Xin Long
2019-12-12 12:39 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1575779993.git.lucien.xin@gmail.com \
--to=lucien.xin@gmail.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.