Commit 7b8135f4 authored by Roopa Prabhu's avatar Roopa Prabhu Committed by David S. Miller
Browse files

rtnetlink: add new rtm tunnel api for tunnel id filtering 



This patch adds new rtm tunnel msg and api for tunnel id
filtering in dst_metadata devices. First dst_metadata
device to use the api is vxlan driver with AF_BRIDGE
family.

This and later changes add ability in vxlan driver to do
tunnel id filtering (or vni filtering) on dst_metadata
devices. This is similar to vlan api in the vlan filtering bridge.

this patch includes selinux nlmsg_route_perms support for RTM_*TUNNEL
api from Benjamin Poirier.

Signed-off-by: default avatarRoopa Prabhu <roopa@nvidia.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent efe0f94b

include/uapi/linux/if_link.h

+26 −0
Original line number Diff line number Diff line
@@ -713,7 +713,32 @@ enum ipvlan_mode { 
#define IPVLAN_F_PRIVATE	0x01

#define IPVLAN_F_VEPA		0x02



/* Tunnel RTM header */

struct tunnel_msg {

	__u8 family;

	__u8 reserved1;

	__u16 reserved2;

	__u32 ifindex;

};



/* VXLAN section */

enum {

	VXLAN_VNIFILTER_ENTRY_UNSPEC,

	VXLAN_VNIFILTER_ENTRY_START,

	VXLAN_VNIFILTER_ENTRY_END,

	VXLAN_VNIFILTER_ENTRY_GROUP,

	VXLAN_VNIFILTER_ENTRY_GROUP6,

	__VXLAN_VNIFILTER_ENTRY_MAX

};

#define VXLAN_VNIFILTER_ENTRY_MAX	(__VXLAN_VNIFILTER_ENTRY_MAX - 1)



enum {

	VXLAN_VNIFILTER_UNSPEC,

	VXLAN_VNIFILTER_ENTRY,

	__VXLAN_VNIFILTER_MAX

};

#define VXLAN_VNIFILTER_MAX	(__VXLAN_VNIFILTER_MAX - 1)



enum {

	IFLA_VXLAN_UNSPEC,

	IFLA_VXLAN_ID,
@@ -745,6 +770,7 @@ enum { 
	IFLA_VXLAN_GPE,

	IFLA_VXLAN_TTL_INHERIT,

	IFLA_VXLAN_DF,

	IFLA_VXLAN_VNIFILTER, /* only applicable with COLLECT_METADATA mode */

	__IFLA_VXLAN_MAX

};

#define IFLA_VXLAN_MAX	(__IFLA_VXLAN_MAX - 1)

include/uapi/linux/rtnetlink.h

+9 −0
Original line number Diff line number Diff line
@@ -185,6 +185,13 @@ enum { 
	RTM_GETNEXTHOPBUCKET,

#define RTM_GETNEXTHOPBUCKET	RTM_GETNEXTHOPBUCKET



	RTM_NEWTUNNEL = 120,

#define RTM_NEWTUNNEL	RTM_NEWTUNNEL

	RTM_DELTUNNEL,

#define RTM_DELTUNNEL	RTM_DELTUNNEL

	RTM_GETTUNNEL,

#define RTM_GETTUNNEL	RTM_GETTUNNEL



	__RTM_MAX,

#define RTM_MAX		(((__RTM_MAX + 3) & ~3) - 1)

};
@@ -756,6 +763,8 @@ enum rtnetlink_groups { 
#define RTNLGRP_BRVLAN		RTNLGRP_BRVLAN

	RTNLGRP_MCTP_IFADDR,

#define RTNLGRP_MCTP_IFADDR	RTNLGRP_MCTP_IFADDR

	RTNLGRP_TUNNEL,

#define RTNLGRP_TUNNEL		RTNLGRP_TUNNEL

	__RTNLGRP_MAX

};

#define RTNLGRP_MAX	(__RTNLGRP_MAX - 1)

security/selinux/nlmsgtab.c

+4 −1
Original line number Diff line number Diff line
@@ -91,6 +91,9 @@ static const struct nlmsg_perm nlmsg_route_perms[] = 
	{ RTM_NEWNEXTHOPBUCKET,	NETLINK_ROUTE_SOCKET__NLMSG_WRITE },

	{ RTM_DELNEXTHOPBUCKET,	NETLINK_ROUTE_SOCKET__NLMSG_WRITE },

	{ RTM_GETNEXTHOPBUCKET,	NETLINK_ROUTE_SOCKET__NLMSG_READ  },

	{ RTM_NEWTUNNEL,	NETLINK_ROUTE_SOCKET__NLMSG_WRITE },

	{ RTM_DELTUNNEL,	NETLINK_ROUTE_SOCKET__NLMSG_WRITE },

	{ RTM_GETTUNNEL,	NETLINK_ROUTE_SOCKET__NLMSG_READ  },

};



static const struct nlmsg_perm nlmsg_tcpdiag_perms[] =
@@ -176,7 +179,7 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm) 
		 * structures at the top of this file with the new mappings

		 * before updating the BUILD_BUG_ON() macro!

		 */

		BUILD_BUG_ON(RTM_MAX != (RTM_NEWNEXTHOPBUCKET + 3));

		BUILD_BUG_ON(RTM_MAX != (RTM_NEWTUNNEL + 3));

		err = nlmsg_perm(nlmsg_type, perm, nlmsg_route_perms,

				 sizeof(nlmsg_route_perms));

		break;