Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IPv6 prefix filtering #168

Merged
merged 6 commits into from
Nov 12, 2024
Merged

IPv6 prefix filtering #168

merged 6 commits into from
Nov 12, 2024

Conversation

qdeslandes
Copy link
Contributor

Fix IPv6 addresses filtering with network prefix by resolving endianness issues and applying the network prefix mask to both the rule's IP address and the packet's IP address. Add end-to-end tests to ensure this matcher won't break anymore.

@qdeslandes
doc: replace $MASK with $PREFIX for ip6.(s|d)addr matcher
eba9bd2 
In IPv6, network mask doesn't exist, prefixes are used instead. Fix the
documentation by using the correct terminology.
@qdeslandes
tests: harness: add the bf_test_packet structure
fc9f950 
bf_test_packet encapsulate a packet data and its size. It simplifies
passing around a packet.
@qdeslandes
matchers: ip6: fix IPv6 prefix filtering
27d2c10 
IPv6 addresses filtering is buggy as prefixes don't work as expected.

Fix ip6.(s|d)addr filtering with prefix by using an array of uint8_t to
store the address and the prefix, to avoid endianess errors. This change
is not expected to have any runtime impact on the BPF program as the
processing is done from the daemon.
@qdeslandes
tests: e2e: generate test packets dynamically using Scapy
67937e9 
Create a Python script to generate the packets using Scapy at build
time. The resulting header file is included in the test sources.
@qdeslandes
tests: e2e: add tests for ip6.saddr eq/ne with different masks
e390fbe
@qdeslandes
tests: e2e: exclude e2e_bin from 'all' target
cfdc0fa 
End-to-end tests should not (yet) be built by default.
@qdeslandes qdeslandes merged commit b2a47d2 into facebook:main Nov 12, 2024
11 checks passed
@qdeslandes qdeslandes deleted the ip6_prefix branch November 12, 2024 21:48
@qdeslandes qdeslandes mentioned this pull request Nov 12, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
cla signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@qdeslandes @facebook-github-bot