From 6784a916b142c3bd5cf7c20a30b23e362bd4908a Mon Sep 17 00:00:00 2001

From: Andrea Claudi <aclaudi@redhat.com>

Date: Thu, 4 Jun 2020 21:44:22 +0200

Subject: [PATCH] tc: f_flower: add options support for erspan

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1830485

Upstream Status: unknown commit 4e578c78fedfe

commit 4e578c78fedfe6ffa5fa5fde56778b264485829b

Author: Xin Long <lucien.xin@gmail.com>

Date:   Mon Apr 27 18:27:51 2020 +0800

    tc: f_flower: add options support for erspan

    This patch is to add TCA_FLOWER_KEY_ENC_OPTS_ERSPAN's parse and

    print to implement erspan options support in m_tunnel_key, like

    Commit 56155d4df86d ("tc: f_flower: add geneve option match

    support to flower") for geneve options support.

    Option is expressed as version:index:dir:hwid, dir and hwid will

    be parsed when version is 2, while index will be parsed when

    version is 1. erspan doesn't support multiple options.

    With this patch, users can add and dump erspan options like:

      # ip link add name erspan1 type erspan external

      # tc qdisc add dev erspan1 ingress

      # tc filter add dev erspan1 protocol ip parent ffff: \

          flower \

            enc_src_ip 10.0.99.192 \

            enc_dst_ip 10.0.99.193 \

            enc_key_id 11 \

            erspan_opts 1:2:0:0/1:255:0:0 \

            ip_proto udp \

            action mirred egress redirect dev eth1

      # tc -s filter show dev erspan1 parent ffff:

         filter protocol ip pref 49152 flower chain 0 handle 0x1

           eth_type ipv4

           ip_proto udp

           enc_dst_ip 10.0.99.193

           enc_src_ip 10.0.99.192

           enc_key_id 11

           erspan_opts 1:2:0:0/1:255:0:0

           not_in_hw

             action order 1: mirred (Egress Redirect to device eth1) stolen

             index 1 ref 1 bind 1

             Action statistics:

             Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)

             backlog 0b 0p requeues 0

    v1->v2:

      - no change.

    v2->v3:

      - no change.

    v3->v4:

      - keep the same format between input and output, json and non json.

      - print version, index, dir and hwid as uint.

    Signed-off-by: Xin Long <lucien.xin@gmail.com>

    Signed-off-by: David Ahern <dsahern@gmail.com>

---

 man/man8/tc-flower.8 |  13 ++++

 tc/f_flower.c        | 171 +++++++++++++++++++++++++++++++++++++++++++

 2 files changed, 184 insertions(+)

diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8

index 0efacbfdf9a95..f41b0f7f1ef13 100644

--- a/man/man8/tc-flower.8

+++ b/man/man8/tc-flower.8

@@ -85,6 +85,8 @@ flower \- flow based traffic control filter

 .B geneve_opts

 |

 .B vxlan_opts

+|

+.B erspan_opts

 }

 .IR OPTIONS " | "

 .BR ip_flags

@@ -296,6 +298,8 @@ bits is assumed.

 .BI geneve_opts " OPTIONS"

 .TQ

 .BI vxlan_opts " OPTIONS"

+.TQ

+.BI erspan_opts " OPTIONS"

 Match on IP tunnel metadata. Key id

 .I NUMBER

 is a 32 bit tunnel key id (e.g. VNI for VXLAN tunnel).

@@ -322,6 +326,15 @@ doesn't support multiple options, and it consists of a key followed by a slash

 and corresponding mask. If the mask is missing, \fBtc\fR assumes a full-length

 match. The option can be described in the form GBP/GBP_MASK, where GBP is

 represented as a 32bit number.

+erspan_opts

+.I OPTIONS

+doesn't support multiple options, and it consists of a key followed by a slash

+and corresponding mask. If the mask is missing, \fBtc\fR assumes a full-length

+match. The option can be described in the form

+VERSION:INDEX:DIR:HWID/VERSION:INDEX_MASK:DIR_MASK:HWID_MASK, where VERSION is

+represented as a 8bit number, INDEX as an 32bit number, DIR and HWID as a 8bit

+number. Multiple options is not supported. Note INDEX/INDEX_MASK is used when

+VERSION is 1, and DIR/DIR_MASK and HWID/HWID_MASK are used when VERSION is 2.

 .TP

 .BI ip_flags " IP_FLAGS"

 .I IP_FLAGS

diff --git a/tc/f_flower.c b/tc/f_flower.c

index 09079cd2c2280..691541ec59d4c 100644

--- a/tc/f_flower.c

+++ b/tc/f_flower.c

@@ -82,6 +82,7 @@ static void explain(void)

 		"			enc_ttl MASKED-IP_TTL |\n"

 		"			geneve_opts MASKED-OPTIONS |\n"

 		"			vxlan_opts MASKED-OPTIONS |\n"

+		"                       erspan_opts MASKED-OPTIONS |\n"

 		"			ip_flags IP-FLAGS | \n"

 		"			enc_dst_port [ port_number ] }\n"

 		"	FILTERID := X:Y:Z\n"

@@ -738,6 +739,84 @@ static int flower_parse_vxlan_opt(char *str, struct nlmsghdr *n)

 	return 0;

 }

+static int flower_parse_erspan_opt(char *str, struct nlmsghdr *n)

+{

+	struct rtattr *nest;

+	char *token;

+	int i, err;

+

+	nest = addattr_nest(n, MAX_MSG,

+			    TCA_FLOWER_KEY_ENC_OPTS_ERSPAN | NLA_F_NESTED);

+

+	i = 1;

+	token = strsep(&str, ":");

+	while (token) {

+		switch (i) {

+		case TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER:

+		{

+			__u8 opt_type;

+

+			if (!strlen(token))

+				break;

+			err = get_u8(&opt_type, token, 0);

+			if (err)

+				return err;

+

+			addattr8(n, MAX_MSG, i, opt_type);

+			break;

+		}

+		case TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX:

+		{

+			__be32 opt_index;

+

+			if (!strlen(token))

+				break;

+			err = get_be32(&opt_index, token, 0);

+			if (err)

+				return err;

+

+			addattr32(n, MAX_MSG, i, opt_index);

+			break;

+		}

+		case TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR:

+		{

+			__u8 opt_type;

+

+			if (!strlen(token))

+				break;

+			err = get_u8(&opt_type, token, 0);

+			if (err)

+				return err;

+

+			addattr8(n, MAX_MSG, i, opt_type);

+			break;

+		}

+		case TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID:

+		{

+			__u8 opt_type;

+

+			if (!strlen(token))

+				break;

+			err = get_u8(&opt_type, token, 0);

+			if (err)

+				return err;

+

+			addattr8(n, MAX_MSG, i, opt_type);

+			break;

+		}

+		default:

+			fprintf(stderr, "Unknown \"geneve_opts\" type\n");

+			return -1;

+		}

+

+		token = strsep(&str, ":");

+		i++;

+	}

+	addattr_nest_end(n, nest);

+

+	return 0;

+}

+

 static int flower_parse_geneve_opts(char *str, struct nlmsghdr *n)

 {

 	char *token;

@@ -878,6 +957,49 @@ static int flower_parse_enc_opts_vxlan(char *str, struct nlmsghdr *n)

 	return 0;

 }

+static int flower_parse_enc_opts_erspan(char *str, struct nlmsghdr *n)

+{

+	char key[XATTR_SIZE_MAX], mask[XATTR_SIZE_MAX];

+	struct rtattr *nest;

+	char *slash;

+	int err;

+

+

+	slash = strchr(str, '/');

+	if (slash) {

+		*slash++ = '\0';

+		if (strlen(slash) > XATTR_SIZE_MAX)

+			return -1;

+		strcpy(mask, slash);

+	} else {

+		int index;

+

+		slash = strchr(str, ':');

+		index = (int)(slash - str);

+		memcpy(mask, str, index);

+		strcpy(mask + index, ":0xffffffff:0xff:0xff");

+	}

+

+	if (strlen(str) > XATTR_SIZE_MAX)

+		return -1;

+	strcpy(key, str);

+

+	nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS | NLA_F_NESTED);

+	err = flower_parse_erspan_opt(key, n);

+	if (err)

+		return err;

+	addattr_nest_end(n, nest);

+

+	nest = addattr_nest(n, MAX_MSG,

+			    TCA_FLOWER_KEY_ENC_OPTS_MASK | NLA_F_NESTED);

+	err = flower_parse_erspan_opt(mask, n);

+	if (err)

+		return err;

+	addattr_nest_end(n, nest);

+

+	return 0;

+}

+

 static int flower_parse_opt(struct filter_util *qu, char *handle,

 			    int argc, char **argv, struct nlmsghdr *n)

 {

@@ -1344,6 +1466,13 @@ static int flower_parse_opt(struct filter_util *qu, char *handle,

 				fprintf(stderr, "Illegal \"vxlan_opts\"\n");

 				return -1;

 			}

+		} else if (matches(*argv, "erspan_opts") == 0) {

+			NEXT_ARG();

+			ret = flower_parse_enc_opts_erspan(*argv, n);

+			if (ret < 0) {

+				fprintf(stderr, "Illegal \"erspan_opts\"\n");

+				return -1;

+			}

 		} else if (matches(*argv, "action") == 0) {

 			NEXT_ARG();

 			ret = parse_action(&argc, &argv, TCA_FLOWER_ACT, n);

@@ -1727,6 +1856,38 @@ static void flower_print_vxlan_opts(const char *name, struct rtattr *attr,

 	sprintf(strbuf, "%u", gbp);

 }

+static void flower_print_erspan_opts(const char *name, struct rtattr *attr,

+				     char *strbuf)

+{

+	struct rtattr *tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_MAX + 1];

+	__u8 ver, hwid, dir;

+	__u32 idx;

+

+	parse_rtattr(tb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_MAX, RTA_DATA(attr),

+		     RTA_PAYLOAD(attr));

+	ver = rta_getattr_u8(tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER]);

+	if (ver == 1) {

+		idx = rta_getattr_be32(tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX]);

+		hwid = 0;

+		dir = 0;

+	} else {

+		idx = 0;

+		hwid = rta_getattr_u8(tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID]);

+		dir = rta_getattr_u8(tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR]);

+	}

+

+	open_json_array(PRINT_JSON, name);

+	open_json_object(NULL);

+	print_uint(PRINT_JSON, "ver", NULL, ver);

+	print_uint(PRINT_JSON, "index", NULL, idx);

+	print_uint(PRINT_JSON, "dir", NULL, dir);

+	print_uint(PRINT_JSON, "hwid", NULL, hwid);

+	close_json_object();

+	close_json_array(PRINT_JSON, name);

+

+	sprintf(strbuf, "%u:%u:%u:%u", ver, idx, dir, hwid);

+}

+

 static void flower_print_enc_parts(const char *name, const char *namefrm,

 				   struct rtattr *attr, char *key, char *mask)

 {

@@ -1792,6 +1953,16 @@ static void flower_print_enc_opts(const char *name, struct rtattr *attr,

 		flower_print_enc_parts(name, "  vxlan_opts %s", attr, key,

 				       msk);

+	} else if (key_tb[TCA_FLOWER_KEY_ENC_OPTS_ERSPAN]) {

+		flower_print_erspan_opts("erspan_opt_key",

+				key_tb[TCA_FLOWER_KEY_ENC_OPTS_ERSPAN], key);

+

+		if (msk_tb[TCA_FLOWER_KEY_ENC_OPTS_ERSPAN])

+			flower_print_erspan_opts("erspan_opt_mask",

+				msk_tb[TCA_FLOWER_KEY_ENC_OPTS_ERSPAN], msk);

+

+		flower_print_enc_parts(name, "  erspan_opts %s", attr, key,

+				       msk);

 	}

 	free(msk);

-- 

2.26.2