|
 |
4aca6e |
From 092cf1937a4fcd54d189e2d7d4984d2b1969d82e Mon Sep 17 00:00:00 2001
|
|
|
4aca6e |
From: Phil Sutter <psutter@redhat.com>
|
|
|
4aca6e |
Date: Fri, 17 Mar 2017 13:24:16 +0100
|
|
|
4aca6e |
Subject: [PATCH] tc: flower: support matching flags
|
|
|
4aca6e |
|
|
|
4aca6e |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629
|
|
|
4aca6e |
Upstream Status: iproute2.git commit 22a8f019891ca
|
|
|
4aca6e |
|
|
|
4aca6e |
commit 22a8f019891ca73295298384612008ff538e48fa
|
|
|
4aca6e |
Author: Paul Blakey <paulb@mellanox.com>
|
|
|
4aca6e |
Date: Thu Dec 29 10:42:08 2016 -0800
|
|
|
4aca6e |
|
|
|
4aca6e |
tc: flower: support matching flags
|
|
|
4aca6e |
|
|
|
4aca6e |
Enhance flower to support matching on flags.
|
|
|
4aca6e |
|
|
|
4aca6e |
The 1st flag allows to match on whether the packet is
|
|
|
4aca6e |
an IP fragment.
|
|
|
4aca6e |
|
|
|
4aca6e |
Example:
|
|
|
4aca6e |
|
|
|
4aca6e |
# add a flower filter that will drop fragmented packets
|
|
|
4aca6e |
# (bit 0 of control flags)
|
|
|
4aca6e |
tc filter add dev ens4f0 protocol ip parent ffff: \
|
|
|
4aca6e |
flower \
|
|
|
4aca6e |
src_mac e4:1d:2d:fd:8b:01 \
|
|
|
4aca6e |
dst_mac e4:1d:2d:fd:8b:02 \
|
|
|
4aca6e |
indev ens4f0 \
|
|
|
4aca6e |
matching_flags 0x1/0x1 \
|
|
|
4aca6e |
action drop
|
|
|
4aca6e |
|
|
|
4aca6e |
Signed-off-by: Paul Blakey <paulb@mellanox.com>
|
|
|
4aca6e |
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
|
|
|
4aca6e |
Reviewed-by: Roi Dayan <roid@mellanox.com>
|
|
|
4aca6e |
---
|
|
|
4aca6e |
tc/f_flower.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
4aca6e |
1 file changed, 51 insertions(+)
|
|
|
4aca6e |
|
|
|
4aca6e |
diff --git a/tc/f_flower.c b/tc/f_flower.c
|
|
|
4aca6e |
index c3e0249..41d4da7 100644
|
|
|
4aca6e |
--- a/tc/f_flower.c
|
|
|
4aca6e |
+++ b/tc/f_flower.c
|
|
|
4aca6e |
@@ -57,6 +57,7 @@ static void explain(void)
|
|
|
4aca6e |
" enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
|
|
|
4aca6e |
" enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
|
|
|
4aca6e |
" enc_key_id [ KEY-ID ] |\n"
|
|
|
4aca6e |
+ " matching_flags MATCHING-FLAGS | \n"
|
|
|
4aca6e |
" enc_dst_port [ UDP-PORT ] }\n"
|
|
|
4aca6e |
" FILTERID := X:Y:Z\n"
|
|
|
4aca6e |
" MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n"
|
|
|
4aca6e |
@@ -129,6 +130,31 @@ static int flower_parse_vlan_eth_type(char *str, __be16 eth_type, int type,
|
|
|
4aca6e |
return 0;
|
|
|
4aca6e |
}
|
|
|
4aca6e |
|
|
|
4aca6e |
+static int flower_parse_matching_flags(char *str, int type, int mask_type,
|
|
|
4aca6e |
+ struct nlmsghdr *n)
|
|
|
4aca6e |
+{
|
|
|
4aca6e |
+ __u32 mtf, mtf_mask;
|
|
|
4aca6e |
+ char *c;
|
|
|
4aca6e |
+
|
|
|
4aca6e |
+ c = strchr(str, '/');
|
|
|
4aca6e |
+ if (c)
|
|
|
4aca6e |
+ *c = '\0';
|
|
|
4aca6e |
+
|
|
|
4aca6e |
+ if (get_u32(&mtf, str, 0))
|
|
|
4aca6e |
+ return -1;
|
|
|
4aca6e |
+
|
|
|
4aca6e |
+ if (c) {
|
|
|
4aca6e |
+ if (get_u32(&mtf_mask, ++c, 0))
|
|
|
4aca6e |
+ return -1;
|
|
|
4aca6e |
+ } else {
|
|
|
4aca6e |
+ mtf_mask = 0xffffffff;
|
|
|
4aca6e |
+ }
|
|
|
4aca6e |
+
|
|
|
4aca6e |
+ addattr32(n, MAX_MSG, type, htonl(mtf));
|
|
|
4aca6e |
+ addattr32(n, MAX_MSG, mask_type, htonl(mtf_mask));
|
|
|
4aca6e |
+ return 0;
|
|
|
4aca6e |
+}
|
|
|
4aca6e |
+
|
|
|
4aca6e |
static int flower_parse_ip_proto(char *str, __be16 eth_type, int type,
|
|
|
4aca6e |
__u8 *p_ip_proto, struct nlmsghdr *n)
|
|
|
4aca6e |
{
|
|
|
4aca6e |
@@ -358,6 +384,16 @@ static int flower_parse_opt(struct filter_util *qu, char *handle,
|
|
|
4aca6e |
return -1;
|
|
|
4aca6e |
}
|
|
|
4aca6e |
addattr_l(n, MAX_MSG, TCA_FLOWER_CLASSID, &handle, 4);
|
|
|
4aca6e |
+ } else if (matches(*argv, "matching_flags") == 0) {
|
|
|
4aca6e |
+ NEXT_ARG();
|
|
|
4aca6e |
+ ret = flower_parse_matching_flags(*argv,
|
|
|
4aca6e |
+ TCA_FLOWER_KEY_FLAGS,
|
|
|
4aca6e |
+ TCA_FLOWER_KEY_FLAGS_MASK,
|
|
|
4aca6e |
+ n);
|
|
|
4aca6e |
+ if (ret < 0) {
|
|
|
4aca6e |
+ fprintf(stderr, "Illegal \"matching_flags\"\n");
|
|
|
4aca6e |
+ return -1;
|
|
|
4aca6e |
+ }
|
|
|
4aca6e |
} else if (matches(*argv, "skip_hw") == 0) {
|
|
|
4aca6e |
flags |= TCA_CLS_FLAGS_SKIP_HW;
|
|
|
4aca6e |
} else if (matches(*argv, "skip_sw") == 0) {
|
|
|
4aca6e |
@@ -657,6 +693,17 @@ static void flower_print_ip_proto(FILE *f, __u8 *p_ip_proto,
|
|
|
4aca6e |
*p_ip_proto = ip_proto;
|
|
|
4aca6e |
}
|
|
|
4aca6e |
|
|
|
4aca6e |
+static void flower_print_matching_flags(FILE *f, char *name,
|
|
|
4aca6e |
+ struct rtattr *attr,
|
|
|
4aca6e |
+ struct rtattr *mask_attr)
|
|
|
4aca6e |
+{
|
|
|
4aca6e |
+ if (!mask_attr || RTA_PAYLOAD(mask_attr) != 4)
|
|
|
4aca6e |
+ return;
|
|
|
4aca6e |
+
|
|
|
4aca6e |
+ fprintf(f, "\n %s 0x%08x/0x%08x", name, ntohl(rta_getattr_u32(attr)),
|
|
|
4aca6e |
+ mask_attr ? ntohl(rta_getattr_u32(mask_attr)) : 0xffffffff);
|
|
|
4aca6e |
+}
|
|
|
4aca6e |
+
|
|
|
4aca6e |
static void flower_print_ip_addr(FILE *f, char *name, __be16 eth_type,
|
|
|
4aca6e |
struct rtattr *addr4_attr,
|
|
|
4aca6e |
struct rtattr *mask4_attr,
|
|
|
4aca6e |
@@ -810,6 +857,10 @@ static int flower_print_opt(struct filter_util *qu, FILE *f,
|
|
|
4aca6e |
flower_print_port(f, "enc_dst_port",
|
|
|
4aca6e |
tb[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]);
|
|
|
4aca6e |
|
|
|
4aca6e |
+ flower_print_matching_flags(f, "matching_flags",
|
|
|
4aca6e |
+ tb[TCA_FLOWER_KEY_FLAGS],
|
|
|
4aca6e |
+ tb[TCA_FLOWER_KEY_FLAGS_MASK]);
|
|
|
4aca6e |
+
|
|
|
4aca6e |
if (tb[TCA_FLOWER_FLAGS]) {
|
|
|
4aca6e |
__u32 flags = rta_getattr_u32(tb[TCA_FLOWER_FLAGS]);
|
|
|
4aca6e |
|
|
|
4aca6e |
--
|
|
|
4aca6e |
1.8.3.1
|
|
|
4aca6e |
|