From 01c411238c06e07ea5fa038f0ba9eaca8a53c419 Mon Sep 17 00:00:00 2001 From: Ido Schimmel Date: Thu, 12 Jun 2025 15:23:20 +0300 Subject: [PATCH 1/4] seg6: Extend seg6_lookup_any_nexthop() with an oif argument seg6_lookup_any_nexthop() is called by the different endpoint behaviors (e.g., End, End.X) to resolve an IPv6 route. Extend the function with an output interface argument so that it could be used to resolve a route with a certain output interface. This will be used by subsequent patches that will extend the End.X behavior with an output interface as an optional argument. ip6_route_input_lookup() cannot be used when an output interface is specified as it ignores this parameter. Similarly, calling ip6_pol_route() when a table ID was not specified (e.g., End.X behavior) is wrong. Therefore, when an output interface is specified without a table ID, resolve the route using ip6_route_output() which will take the output interface into account. Note that no endpoint behavior currently passes both a table ID and an output interface, so the oif argument passed to ip6_pol_route() is always zero and there are no functional changes in this regard. Signed-off-by: Ido Schimmel Reviewed-by: Andrea Mayer Link: https://patch.msgid.link/20250612122323.584113-2-idosch@nvidia.com Signed-off-by: Jakub Kicinski --- net/ipv6/seg6_local.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/net/ipv6/seg6_local.c b/net/ipv6/seg6_local.c index a11a02b4ba95..8bce7512df97 100644 --- a/net/ipv6/seg6_local.c +++ b/net/ipv6/seg6_local.c @@ -270,7 +270,7 @@ static void advance_nextseg(struct ipv6_sr_hdr *srh, struct in6_addr *daddr) static int seg6_lookup_any_nexthop(struct sk_buff *skb, struct in6_addr *nhaddr, - u32 tbl_id, bool local_delivery) + u32 tbl_id, bool local_delivery, int oif) { struct net *net = dev_net(skb->dev); struct ipv6hdr *hdr = ipv6_hdr(skb); @@ -282,6 +282,7 @@ seg6_lookup_any_nexthop(struct sk_buff *skb, struct in6_addr *nhaddr, memset(&fl6, 0, sizeof(fl6)); fl6.flowi6_iif = skb->dev->ifindex; + fl6.flowi6_oif = oif; fl6.daddr = nhaddr ? *nhaddr : hdr->daddr; fl6.saddr = hdr->saddr; fl6.flowlabel = ip6_flowinfo(hdr); @@ -291,17 +292,19 @@ seg6_lookup_any_nexthop(struct sk_buff *skb, struct in6_addr *nhaddr, if (nhaddr) fl6.flowi6_flags = FLOWI_FLAG_KNOWN_NH; - if (!tbl_id) { + if (!tbl_id && !oif) { dst = ip6_route_input_lookup(net, skb->dev, &fl6, skb, flags); - } else { + } else if (tbl_id) { struct fib6_table *table; table = fib6_get_table(net, tbl_id); if (!table) goto out; - rt = ip6_pol_route(net, table, 0, &fl6, skb, flags); + rt = ip6_pol_route(net, table, oif, &fl6, skb, flags); dst = &rt->dst; + } else { + dst = ip6_route_output(net, NULL, &fl6); } /* we want to discard traffic destined for local packet processing, @@ -330,7 +333,7 @@ seg6_lookup_any_nexthop(struct sk_buff *skb, struct in6_addr *nhaddr, int seg6_lookup_nexthop(struct sk_buff *skb, struct in6_addr *nhaddr, u32 tbl_id) { - return seg6_lookup_any_nexthop(skb, nhaddr, tbl_id, false); + return seg6_lookup_any_nexthop(skb, nhaddr, tbl_id, false, 0); } static __u8 seg6_flv_lcblock_octects(const struct seg6_flavors_info *finfo) @@ -1277,7 +1280,7 @@ static int input_action_end_dt6(struct sk_buff *skb, /* note: this time we do not need to specify the table because the VRF * takes care of selecting the correct table. */ - seg6_lookup_any_nexthop(skb, NULL, 0, true); + seg6_lookup_any_nexthop(skb, NULL, 0, true, 0); return dst_input(skb); @@ -1285,7 +1288,7 @@ static int input_action_end_dt6(struct sk_buff *skb, #endif skb_set_transport_header(skb, sizeof(struct ipv6hdr)); - seg6_lookup_any_nexthop(skb, NULL, slwt->table, true); + seg6_lookup_any_nexthop(skb, NULL, slwt->table, true, 0); return dst_input(skb); From 3159671855d4e169d24d2cc2a083bf657f9d9bc2 Mon Sep 17 00:00:00 2001 From: Ido Schimmel Date: Thu, 12 Jun 2025 15:23:21 +0300 Subject: [PATCH 2/4] seg6: Call seg6_lookup_any_nexthop() from End.X behavior seg6_lookup_nexthop() is a wrapper around seg6_lookup_any_nexthop(). Change End.X behavior to invoke seg6_lookup_any_nexthop() directly so that we would not need to expose the new output interface argument outside of the seg6local module. No functional changes intended. Signed-off-by: Ido Schimmel Reviewed-by: Andrea Mayer Link: https://patch.msgid.link/20250612122323.584113-3-idosch@nvidia.com Signed-off-by: Jakub Kicinski --- net/ipv6/seg6_local.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv6/seg6_local.c b/net/ipv6/seg6_local.c index 8bce7512df97..c00b78f3abad 100644 --- a/net/ipv6/seg6_local.c +++ b/net/ipv6/seg6_local.c @@ -421,7 +421,7 @@ static int end_next_csid_core(struct sk_buff *skb, struct seg6_local_lwt *slwt) static int input_action_end_x_finish(struct sk_buff *skb, struct seg6_local_lwt *slwt) { - seg6_lookup_nexthop(skb, &slwt->nh6, 0); + seg6_lookup_any_nexthop(skb, &slwt->nh6, 0, false, 0); return dst_input(skb); } From a2840d4e25270cabff92ba10146cda00d5b92ec0 Mon Sep 17 00:00:00 2001 From: Ido Schimmel Date: Thu, 12 Jun 2025 15:23:22 +0300 Subject: [PATCH 3/4] seg6: Allow End.X behavior to accept an oif Extend the End.X behavior to accept an output interface as an optional attribute and make use of it when resolving a route. This is needed when user space wants to use a link-local address as the nexthop address. Before: # ip route add 2001:db8:1::/64 encap seg6local action End.X nh6 fe80::1 oif eth0 dev sr6 # ip route add 2001:db8:2::/64 encap seg6local action End.X nh6 2001:db8:10::1 dev sr6 $ ip -6 route show 2001:db8:1::/64 encap seg6local action End.X nh6 fe80::1 dev sr6 metric 1024 pref medium 2001:db8:2::/64 encap seg6local action End.X nh6 2001:db8:10::1 dev sr6 metric 1024 pref medium After: # ip route add 2001:db8:1::/64 encap seg6local action End.X nh6 fe80::1 oif eth0 dev sr6 # ip route add 2001:db8:2::/64 encap seg6local action End.X nh6 2001:db8:10::1 dev sr6 $ ip -6 route show 2001:db8:1::/64 encap seg6local action End.X nh6 fe80::1 oif eth0 dev sr6 metric 1024 pref medium 2001:db8:2::/64 encap seg6local action End.X nh6 2001:db8:10::1 dev sr6 metric 1024 pref medium Note that the oif attribute is not dumped to user space when it was not specified (as an oif of 0) since each entry keeps track of the optional attributes that it parsed during configuration (see struct seg6_local_lwt::parsed_optattrs). Signed-off-by: Ido Schimmel Reviewed-by: Andrea Mayer Link: https://patch.msgid.link/20250612122323.584113-4-idosch@nvidia.com Signed-off-by: Jakub Kicinski --- net/ipv6/seg6_local.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/ipv6/seg6_local.c b/net/ipv6/seg6_local.c index c00b78f3abad..dfa825ee870e 100644 --- a/net/ipv6/seg6_local.c +++ b/net/ipv6/seg6_local.c @@ -421,7 +421,7 @@ static int end_next_csid_core(struct sk_buff *skb, struct seg6_local_lwt *slwt) static int input_action_end_x_finish(struct sk_buff *skb, struct seg6_local_lwt *slwt) { - seg6_lookup_any_nexthop(skb, &slwt->nh6, 0, false, 0); + seg6_lookup_any_nexthop(skb, &slwt->nh6, 0, false, slwt->oif); return dst_input(skb); } @@ -1480,7 +1480,8 @@ static struct seg6_action_desc seg6_action_table[] = { .action = SEG6_LOCAL_ACTION_END_X, .attrs = SEG6_F_ATTR(SEG6_LOCAL_NH6), .optattrs = SEG6_F_LOCAL_COUNTERS | - SEG6_F_LOCAL_FLAVORS, + SEG6_F_LOCAL_FLAVORS | + SEG6_F_ATTR(SEG6_LOCAL_OIF), .input = input_action_end_x, }, { From 04d752d60c190e754cfe4f95a7451afeb752adbd Mon Sep 17 00:00:00 2001 From: Ido Schimmel Date: Thu, 12 Jun 2025 15:23:23 +0300 Subject: [PATCH 4/4] selftests: seg6: Add test cases for End.X with link-local nexthop In the current test topology, all the routers are connected to each other via dedicated links with addresses of the form fcf0:0:x:y::/64. The test configures rt-3 with an adjacency with rt-4 and rt-4 with an adjacency with rt-1: # ip -n rt_3-IgWSBJ -6 route show tab 90 fcbb:0:300::/48 fcbb:0:300::/48 encap seg6local action End.X nh6 fcf0:0:3:4::4 flavors next-csid lblen 32 nflen 16 dev dum0 metric 1024 pref medium # ip -n rt_4-JdCunK -6 route show tab 90 fcbb:0:400::/48 fcbb:0:400::/48 encap seg6local action End.X nh6 fcf0:0:1:4::1 flavors next-csid lblen 32 nflen 16 dev dum0 metric 1024 pref medium The routes are used when pinging hs-2 from hs-1 and vice-versa. Extend the test to also cover End.X behavior with an IPv6 link-local nexthop address and an output interface. Configure every router interface with an IPv6 link-local address of the form fe80::x:y/64 and before re-running the ping tests, replace the previous End.X routes with routes that use the new IPv6 link-local addresses: # ip -n rt_3-IgWSBJ -6 route show tab 90 fcbb:0:300::/48 fcbb:0:300::/48 encap seg6local action End.X nh6 fe80::4:3 oif veth-rt-3-4 flavors next-csid lblen 32 nflen 16 dev dum0 metric 1024 pref medium # ip -n rt_4-JdCunK -6 route show tab 90 fcbb:0:400::/48 fcbb:0:400::/48 encap seg6local action End.X nh6 fe80::1:4 oif veth-rt-4-1 flavors next-csid lblen 32 nflen 16 dev dum0 metric 1024 pref medium The new test cases fail without the previous patch ("seg6: Allow End.X behavior to accept an oif"): # ./srv6_end_x_next_csid_l3vpn_test.sh [...] ################################################################################ TEST SECTION: SRv6 VPN connectivity test hosts (h1 <-> h2, IPv6), link-local ################################################################################ TEST: IPv6 Hosts connectivity: hs-1 -> hs-2 [FAIL] TEST: IPv6 Hosts connectivity: hs-2 -> hs-1 [FAIL] ################################################################################ TEST SECTION: SRv6 VPN connectivity test hosts (h1 <-> h2, IPv4), link-local ################################################################################ TEST: IPv4 Hosts connectivity: hs-1 -> hs-2 [FAIL] TEST: IPv4 Hosts connectivity: hs-2 -> hs-1 [FAIL] Tests passed: 40 Tests failed: 4 And pass with it: # ./srv6_end_x_next_csid_l3vpn_test.sh [...] ################################################################################ TEST SECTION: SRv6 VPN connectivity test hosts (h1 <-> h2, IPv6), link-local ################################################################################ TEST: IPv6 Hosts connectivity: hs-1 -> hs-2 [ OK ] TEST: IPv6 Hosts connectivity: hs-2 -> hs-1 [ OK ] ################################################################################ TEST SECTION: SRv6 VPN connectivity test hosts (h1 <-> h2, IPv4), link-local ################################################################################ TEST: IPv4 Hosts connectivity: hs-1 -> hs-2 [ OK ] TEST: IPv4 Hosts connectivity: hs-2 -> hs-1 [ OK ] Tests passed: 44 Tests failed: 0 Without the previous patch, rt-3 and rt-4 resolve the wrong routes for the link-local nexthops, with the output interface being the input interface: # perf script [...] ping 1067 [001] 37.554486: fib6:fib6_table_lookup: table 254 oif 0 iif 11 proto 41 cafe::254/0 -> fe80::4:3/0 flowlabel 0xb7973 tos 0 scope 0 flags 2 ==> dev veth-rt-3-1 gw :: err 0 [...] ping 1069 [002] 41.573360: fib6:fib6_table_lookup: table 254 oif 0 iif 12 proto 41 cafe::254/0 -> fe80::1:4/0 flowlabel 0xb7973 tos 0 scope 0 flags 2 ==> dev veth-rt-4-2 gw :: err 0 But the correct routes are resolved with the patch: # perf script [...] ping 1066 [006] 30.672355: fib6:fib6_table_lookup: table 254 oif 13 iif 1 proto 41 cafe::254/0 -> fe80::4:3/0 flowlabel 0x85941 tos 0 scope 0 flags 6 ==> dev veth-rt-3-4 gw :: err 0 [...] ping 1066 [006] 30.672411: fib6:fib6_table_lookup: table 254 oif 11 iif 1 proto 41 cafe::254/0 -> fe80::1:4/0 flowlabel 0x91de0 tos 0 scope 0 flags 6 ==> dev veth-rt-4-1 gw :: err 0 Reviewed-by: Petr Machata Signed-off-by: Ido Schimmel Reviewed-by: Andrea Mayer Link: https://patch.msgid.link/20250612122323.584113-5-idosch@nvidia.com Signed-off-by: Jakub Kicinski --- .../net/srv6_end_x_next_csid_l3vpn_test.sh | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/tools/testing/selftests/net/srv6_end_x_next_csid_l3vpn_test.sh b/tools/testing/selftests/net/srv6_end_x_next_csid_l3vpn_test.sh index 4b86040c58c6..bedf0ce885c2 100755 --- a/tools/testing/selftests/net/srv6_end_x_next_csid_l3vpn_test.sh +++ b/tools/testing/selftests/net/srv6_end_x_next_csid_l3vpn_test.sh @@ -72,6 +72,9 @@ # Every fcf0:0:x:y::/64 network interconnects the SRv6 routers rt-x with rt-y in # the selftest network. # +# In addition, every router interface connecting rt-x to rt-y is assigned an +# IPv6 link-local address fe80::x:y/64. +# # Local SID/C-SID table # ===================== # @@ -521,6 +524,9 @@ setup_rt_networking() ip -netns "${nsname}" addr \ add "${net_prefix}::${rt}/64" dev "${devname}" nodad + ip -netns "${nsname}" addr \ + add "fe80::${rt}:${neigh}/64" dev "${devname}" nodad + ip -netns "${nsname}" link set "${devname}" up done @@ -609,6 +615,27 @@ set_end_x_nextcsid() nflen "${LCNODEFUNC_BLEN}" dev "${DUMMY_DEVNAME}" } +set_end_x_ll_nextcsid() +{ + local rt="$1" + local adj="$2" + + eval nsname=\${$(get_rtname "${rt}")} + lcnode_func_prefix="$(build_lcnode_func_prefix "${rt}")" + nh6_ll_addr="fe80::${adj}:${rt}" + oifname="veth-rt-${rt}-${adj}" + + # enabled NEXT-C-SID SRv6 End.X behavior via an IPv6 link-local nexthop + # address (note that "dev" is the dummy dum0 device chosen for the sake + # of simplicity). + ip -netns "${nsname}" -6 route \ + replace "${lcnode_func_prefix}" \ + table "${LOCALSID_TABLE_ID}" \ + encap seg6local action End.X nh6 "${nh6_ll_addr}" \ + oif "${oifname}" flavors next-csid lblen "${LCBLOCK_BLEN}" \ + nflen "${LCNODEFUNC_BLEN}" dev "${DUMMY_DEVNAME}" +} + set_underlay_sids_reachability() { local rt="$1" @@ -1016,6 +1043,27 @@ host_vpn_tests() check_and_log_hs_ipv4_connectivity 1 2 check_and_log_hs_ipv4_connectivity 2 1 + + # Setup the adjacencies in the SRv6 aware routers using IPv6 link-local + # addresses. + # - rt-3 SRv6 End.X adjacency with rt-4 + # - rt-4 SRv6 End.X adjacency with rt-1 + set_end_x_ll_nextcsid 3 4 + set_end_x_ll_nextcsid 4 1 + + log_section "SRv6 VPN connectivity test hosts (h1 <-> h2, IPv6), link-local" + + check_and_log_hs_ipv6_connectivity 1 2 + check_and_log_hs_ipv6_connectivity 2 1 + + log_section "SRv6 VPN connectivity test hosts (h1 <-> h2, IPv4), link-local" + + check_and_log_hs_ipv4_connectivity 1 2 + check_and_log_hs_ipv4_connectivity 2 1 + + # Restore the previous adjacencies. + set_end_x_nextcsid 3 4 + set_end_x_nextcsid 4 1 } __nextcsid_end_x_behavior_test()