leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c1c7e44b4f
linux/net/ipv6
History
Ahmed Abdelsalam c1c7e44b4f netfilter: ip6t_srh: extend SRH matching for previous, next and last SID 
IPv6 Segment Routing Header (SRH) contains a list of SIDs to be crossed
by SR encapsulated packet. Each SID is encoded as an IPv6 prefix.

When a Firewall receives an SR encapsulated packet, it should be able
to identify which node previously processed the packet (previous SID),
which node is going to process the packet next (next SID), and which
node is the last to process the packet (last SID) which represent the
final destination of the packet in case of inline SR mode.

An example use-case of using these features could be SID list that
includes two firewalls. When the second firewall receives a packet,
it can check whether the packet has been processed by the first firewall
or not. Based on that check, it decides to apply all rules, apply just
subset of the rules, or totally skip all rules and forward the packet to
the next SID.

This patch extends SRH match to support matching previous SID, next SID,
and last SID.

Signed-off-by: Ahmed Abdelsalam <amsalam20@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2018-05-06 23:33:03 +02:00
..
ila net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
netfilter netfilter: ip6t_srh: extend SRH matching for previous, next and last SID 2018-05-06 23:33:03 +02:00
addrconf_core.c net: ipv6: Make inet6addr_validator a blocking notifier 2017-10-20 13:15:07 +01:00
addrconf.c net/ipv6: Flip FIB entries to fib6_info 2018-04-17 23:41:18 -04:00
addrlabel.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
af_inet6.c net/ipv6: Make __inet6_bind static 2018-04-17 13:19:22 -04:00
ah6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-11-15 11:56:19 -08:00
anycast.c net/ipv6: Flip FIB entries to fib6_info 2018-04-17 23:41:18 -04:00
calipso.c net, calipso: convert calipso_doi.refcount from atomic_t to refcount_t 2017-07-04 22:35:16 +01:00
datagram.c ipv6: add a wrapper for ip6_dst_store() with flowi6 checks 2018-04-04 11:31:57 -04:00
esp6_offload.c esp: check the NETIF_F_HW_ESP_TX_CSUM bit before segmenting 2018-02-27 10:46:01 +01:00
esp6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-17 00:10:42 -05:00
exthdrs_core.c inet: whitespace cleanup 2018-02-28 11:43:28 -05:00
exthdrs_offload.c
exthdrs.c ipv6: Count interface receive statistics on the ingress netdev 2018-04-17 13:39:51 -04:00
fib6_notifier.c net: Add module reference to FIB notifiers 2017-09-01 20:33:42 -07:00
fib6_rules.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
fou6.c fou: make local function static 2017-05-21 13:42:36 -04:00
icmp.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
inet6_connection_sock.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-01-28 10:33:06 -05:00
inet6_hashtables.c inet: Add a 2nd listener hashtable (port+addr) 2017-12-03 10:18:28 -05:00
ip6_checksum.c udplite: fix partial checksum initialization 2018-02-16 15:57:42 -05:00
ip6_fib.c net/ipv6: Remove unused code and variables for rt6_info 2018-04-17 23:41:18 -04:00
ip6_flowlabel.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
ip6_gre.c ip6_gre: better validate user provided tunnel names 2018-04-05 15:16:15 -04:00
ip6_icmp.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ip6_input.c ipv6: Count interface receive statistics on the ingress netdev 2018-04-17 13:39:51 -04:00
ip6_offload.c gso: fix payload length when gso_size is zero 2017-10-08 10:12:15 -07:00
ip6_offload.h
ip6_output.c ipv6: make ip6_dst_mtu_forward inline 2018-04-21 19:20:04 +02:00
ip6_tunnel.c ip6_tunnel: better validate user provided tunnel names 2018-04-05 15:16:15 -04:00
ip6_udp_tunnel.c ip6_udp_tunnel: remove unused IPCB related codes 2016-11-02 15:18:36 -04:00
ip6_vti.c vti6: better validate user provided tunnel names 2018-04-05 15:16:15 -04:00
ip6mr.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
ipcomp6.c net: inet: Support UID-based routing in IP protocols. 2016-11-04 14:45:23 -04:00
ipv6_sockglue.c inet: whitespace cleanup 2018-02-28 11:43:28 -05:00
Kconfig ipmr,ipmr6: Define a uniform vif_device 2018-03-01 13:13:23 -05:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mcast_snoop.c
mcast.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
mip6.c ktime: Get rid of ktime_equal() 2016-12-25 17:21:23 +01:00
ndisc.c net/ipv6: Flip FIB entries to fib6_info 2018-04-17 23:41:18 -04:00
netfilter.c netfilter: use skb_to_full_sk in ip6_route_me_harder 2018-02-25 20:51:13 +01:00
output_core.c net: accept UFO datagrams from tuntap and packet 2017-11-24 01:37:35 +09:00
ping.c ipv6: allow to cache dst for a connected sk in ip6_sk_dst_lookup_flow() 2018-04-04 11:31:57 -04:00
proc.c inet: frags: break the 2GB limit for frags storage 2018-03-31 23:25:39 -04:00
protocol.c net: Add sysctl to toggle early demux for tcp and udp 2017-03-24 13:17:07 -07:00
raw.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
reassembly.c ipv6: frags: fix a lockdep false positive 2018-04-18 23:19:39 -04:00
route.c net/ipv6: Remove unused code and variables for rt6_info 2018-04-17 23:41:18 -04:00
seg6_hmac.c ipv6: sr: Use ARRAY_SIZE macro 2017-09-01 18:35:23 -07:00
seg6_iptunnel.c ipv6: sr: fix seg6 encap performances with TSO enabled 2018-03-30 14:14:33 -04:00
seg6_local.c net/ipv6: Pass skb to route lookup 2018-03-04 13:04:22 -05:00
seg6.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
sit.c ipv6: sit: better validate user provided tunnel names 2018-04-05 15:16:15 -04:00
syncookies.c net/ipv4: disable SMC TCP option with SYN Cookies 2018-03-25 20:53:54 -04:00
sysctl_net_ipv6.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
tcp_ipv6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2018-03-31 23:33:04 -04:00
tcpv6_offload.c gso: validate gso_type in GSO handlers 2018-01-22 16:01:30 -05:00
tunnel6.c
udp_impl.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
udp_offload.c gso: validate gso_type in GSO handlers 2018-01-22 16:01:30 -05:00
udp.c ipv6: udp: set dst cache for a connected sk if current not valid 2018-04-04 11:31:57 -04:00
udplite.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
xfrm6_input.c xfrm: Reinject transport-mode packets through tasklet 2017-12-19 08:23:21 +01:00
xfrm6_mode_beet.c networking: make skb_pull & friends return void pointers 2017-06-16 11:48:39 -04:00
xfrm6_mode_ro.c ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() 2017-06-02 13:57:27 -04:00
xfrm6_mode_transport.c ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() 2017-06-02 13:57:27 -04:00
xfrm6_mode_tunnel.c xfrm: Verify MAC header exists before overwriting eth_hdr(skb)->h_proto 2018-03-07 10:54:29 +01:00
xfrm6_output.c net: xfrm: use skb_gso_validate_network_len() to check gso sizes 2018-03-04 17:49:17 -05:00
xfrm6_policy.c net/ipv6: Remove unused code and variables for rt6_info 2018-04-17 23:41:18 -04:00
xfrm6_protocol.c xfrm: input: constify xfrm_input_afinfo 2017-02-09 10:22:17 +01:00
xfrm6_state.c inet: whitespace cleanup 2018-02-28 11:43:28 -05:00
xfrm6_tunnel.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00