From: Xin Long <lucien.xin@gmail.com>
To: network dev <netdev@vger.kernel.org>, linux-sctp@vger.kernel.org
Cc: davem@davemloft.net, kuba@kernel.org,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
Neil Horman <nhorman@tuxdriver.com>,
David Ahern <dsahern@gmail.com>,
Carlo Carraro <colrack@gmail.com>
Subject: [PATCHv2 net-next 0/7] sctp: support vrf processing
Date: Wed, 16 Nov 2022 15:01:15 -0500 [thread overview]
Message-ID: <cover.1668628394.git.lucien.xin@gmail.com> (raw)
This patchset adds the VRF processing in SCTP. Simliar to TCP/UDP,
it includes socket bind and socket/association lookup changes.
For socket bind change, it allows sockets to bind to a VRF device
and allows multiple sockets with the same IP and PORT to bind to
different interfaces in patch 1-3.
For socket/association lookup change, it adds dif and sdif check
in both asoc and ep lookup in patch 4 and 5, and when binding to
nodev, users can decide if accept the packets received from one
l3mdev by setup a sysctl option in patch 6.
Note with VRF support, in a netns, an association will be decided
by src ip + src port + dst ip + dst port + bound_dev_if, and it's
possible for ss to have:
# ss --sctp -n
State Local Address:Port Peer Address:Port
ESTAB 192.168.1.2%vrf-s1:1234
`- ESTAB 192.168.1.2%veth1:1234 192.168.1.1:1234
ESTAB 192.168.1.2%vrf-s2:1234
`- ESTAB 192.168.1.2%veth2:1234 192.168.1.1:1234
See the selftest in patch 7 for more usage.
Also, thanks Carlo for testing this patch series on their use.
v1->v2:
- In Patch 5, move sctp_sk_bound_dev_eq() definition to net/sctp/
input.c to avoid a build error when IP_SCTP is disabled, as Paolo
suggested.
- In Patch 7, avoid one sleep by disabling the IPv6 dad, and remove
another sleep by using ss to check if the server's ready, and also
delete two unncessary sleeps in sctp_hello.c, as Paolo suggested.
Xin Long (7):
sctp: verify the bind address with the tb_id from l3mdev
sctp: check ipv6 addr with sk_bound_dev if set
sctp: check sk_bound_dev_if when matching ep in get_port
sctp: add skb_sdif in struct sctp_af
sctp: add dif and sdif check in asoc and ep lookup
sctp: add sysctl net.sctp.l3mdev_accept
selftests: add a selftest for sctp vrf
Documentation/networking/ip-sysctl.rst | 9 ++
include/net/netns/sctp.h | 4 +
include/net/sctp/sctp.h | 6 +-
include/net/sctp/structs.h | 9 +-
net/sctp/diag.c | 3 +-
net/sctp/endpointola.c | 13 +-
net/sctp/input.c | 108 +++++++-------
net/sctp/ipv6.c | 22 ++-
net/sctp/protocol.c | 19 ++-
net/sctp/socket.c | 9 +-
net/sctp/sysctl.c | 11 ++
tools/testing/selftests/net/Makefile | 2 +
tools/testing/selftests/net/sctp_hello.c | 137 +++++++++++++++++
tools/testing/selftests/net/sctp_vrf.sh | 178 +++++++++++++++++++++++
14 files changed, 461 insertions(+), 69 deletions(-)
create mode 100644 tools/testing/selftests/net/sctp_hello.c
create mode 100755 tools/testing/selftests/net/sctp_vrf.sh
--
2.31.1
next reply other threads:[~2022-11-16 20:01 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-16 20:01 Xin Long [this message]
2022-11-16 20:01 ` [PATCHv2 net-next 1/7] sctp: verify the bind address with the tb_id from l3mdev Xin Long
2022-11-16 20:01 ` [PATCHv2 net-next 2/7] sctp: check ipv6 addr with sk_bound_dev if set Xin Long
2022-11-16 20:01 ` [PATCHv2 net-next 3/7] sctp: check sk_bound_dev_if when matching ep in get_port Xin Long
2022-11-16 20:01 ` [PATCHv2 net-next 4/7] sctp: add skb_sdif in struct sctp_af Xin Long
2022-11-16 20:01 ` [PATCHv2 net-next 5/7] sctp: add dif and sdif check in asoc and ep lookup Xin Long
2022-11-16 20:01 ` [PATCHv2 net-next 6/7] sctp: add sysctl net.sctp.l3mdev_accept Xin Long
2022-11-16 20:01 ` [PATCHv2 net-next 7/7] selftests: add a selftest for sctp vrf Xin Long
2022-11-18 12:00 ` [PATCHv2 net-next 0/7] sctp: support vrf processing patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1668628394.git.lucien.xin@gmail.com \
--to=lucien.xin@gmail.com \
--cc=colrack@gmail.com \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=linux-sctp@vger.kernel.org \
--cc=marcelo.leitner@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).