From 9642a79381793daedc1d58b3ac4c3c61a2ec38f1 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Fri, 16 Mar 2018 17:39:29 +0100
Subject: src: fix routing header support

We can't use nft_exthdr_op to encode routing header, it breaks
ipv6 extension header support.

When encountering RT header, userspace did now set a new ipv6 exthdr mode,
but old kernel doesn't know about this, so this failed with -EOPNOTSUPP.

Revert that part and use NFT_EXTHDR_OP_IPV6.
When decoding a routing extension header, try the various route
types until we find a match.

Note this patch isn't complete:

'srh tag 127' creates following expressions:
  [ exthdr load 2b @ 43 + 6 => reg 1 ]
  [ cmp eq reg 1 0x00007f00 ]

It should instead insert a dependency test ("rt type 4"):
  [ exthdr load 1b @ 43 + 2 => reg 1 ]
  [ cmp eq reg 1 0x00000004 ]
  [ exthdr load 2b @ 43 + 6 => reg 1 ]
  [ cmp eq reg 1 0x00007e00 ]

nft should then use this to infer the routing header type.

While add it, document the srh option.

Fixes: 1400288f6d39d ("src: handle rt0 and rt2 properly")
Reported-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Ahmed Abdelsalam <amsalam20@gmail.com>
---
 doc/nft.xml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'doc/nft.xml')

diff --git a/doc/nft.xml b/doc/nft.xml
index 07f4f277..962e2933 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -4074,6 +4074,15 @@ input meta iifname enp2s0 arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh
 					<arg>type</arg>
 				</group>
 			</cmdsynopsis>
+			<cmdsynopsis>
+				<command>srh</command>
+				<group choice="req">
+					<arg>flags</arg>
+					<arg>tag</arg>
+					<arg>sid</arg>
+					<arg>seg-left</arg>
+				</group>
+			</cmdsynopsis>
 			<cmdsynopsis>
 				<command>tcp option</command>
 				<group choice="req">
@@ -4154,6 +4163,10 @@ input meta iifname enp2s0 arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4 @nh
 								<entry>mh</entry>
 								<entry>Mobility Header</entry>
 							</row>
+							<row>
+								<entry>srh</entry>
+								<entry>Segment Routing Header</entry>
+							</row>
 						</tbody>
 					</tgroup>
 				</table>
-- 
cgit v1.2.3