From cca177ccfd0b5ae01ed8954f36c913fd95ef4b84 Mon Sep 17 00:00:00 2001
From: Ivan Vecera <ivecera@redhat.com>
Date: Wed, 31 May 2017 15:45:54 +0200
Subject: [PATCH 169/169] tc, clsact: add clsact frontend
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1435624
Upstream status: iproute2.git commit 8f9afdd531560
Upstream divergences: Only partially backported to provide 'ingress' keyword
for 'tc filter' command. The commit itself provides support for 'clsact'
qdisc that is not supported on RHEL.
commit 8f9afdd531560c1534be44424669add2e19deeec
Author: Daniel Borkmann <daniel@iogearbox.net>
Date: Tue Jan 12 01:42:20 2016 +0100
tc, clsact: add clsact frontend
Add the tc part for the kernel commit 1f211a1b929c ("net, sched: add
clsact qdisc"). Quoting example usage from that commit description:
Example, adding qdisc:
# tc qdisc add dev foo clsact
# tc qdisc show dev foo
qdisc mq 0: root
qdisc pfifo_fast 0: parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :3 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :4 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc clsact ffff: parent ffff:fff1
Adding filters (deleting, etc works analogous by specifying ingress/egress):
# tc filter add dev foo ingress bpf da obj bar.o sec ingress
# tc filter add dev foo egress bpf da obj bar.o sec egress
# tc filter show dev foo ingress
filter protocol all pref 49152 bpf
filter protocol all pref 49152 bpf handle 0x1 bar.o:[ingress] direct-action
# tc filter show dev foo egress
filter protocol all pref 49152 bpf
filter protocol all pref 49152 bpf handle 0x1 bar.o:[egress] direct-action
The ingress parent alias can also be used with ingress qdisc.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Ivan Vecera <ivecera@redhat.com>
---
tc/tc_filter.c | 46 ++++++++++++++++++++++++++++++++++++++--------
tc/tc_qdisc.c | 3 ---
2 files changed, 38 insertions(+), 11 deletions(-)
diff --git a/tc/tc_filter.c b/tc/tc_filter.c
index e76d616f..2a303c04 100644
--- a/tc/tc_filter.c
+++ b/tc/tc_filter.c
@@ -26,25 +26,21 @@
#include "tc_util.h"
#include "tc_common.h"
-static void usage(void);
-
static void usage(void)
{
fprintf(stderr, "Usage: tc filter [ add | del | change | replace | show ] dev STRING\n");
fprintf(stderr, " [ pref PRIO ] protocol PROTO\n");
fprintf(stderr, " [ estimator INTERVAL TIME_CONSTANT ]\n");
- fprintf(stderr, " [ root | classid CLASSID ] [ handle FILTERID ]\n");
- fprintf(stderr, " [ [ FILTER_TYPE ] [ help | OPTIONS ] ]\n");
+ fprintf(stderr, " [ root | ingress | egress | parent CLASSID ]\n");
+ fprintf(stderr, " [ handle FILTERID ] [ [ FILTER_TYPE ] [ help | OPTIONS ] ]\n");
fprintf(stderr, "\n");
- fprintf(stderr, " tc filter show [ dev STRING ] [ root | parent CLASSID ]\n");
+ fprintf(stderr, " tc filter show [ dev STRING ] [ root | ingress | egress | parent CLASSID ]\n");
fprintf(stderr, "Where:\n");
fprintf(stderr, "FILTER_TYPE := { rsvp | u32 | fw | route | etc. }\n");
fprintf(stderr, "FILTERID := ... format depends on classifier, see there\n");
fprintf(stderr, "OPTIONS := ... try tc filter add <desired FILTER_KIND> help\n");
- return;
}
-
static int tc_filter_modify(int cmd, unsigned flags, int argc, char **argv)
{
struct {
@@ -87,6 +83,20 @@ static int tc_filter_modify(int cmd, unsigned flags, int argc, char **argv)
return -1;
}
req.t.tcm_parent = TC_H_ROOT;
+ } else if (strcmp(*argv, "ingress") == 0) {
+ if (req.t.tcm_parent) {
+ fprintf(stderr, "Error: \"ingress\" is duplicate parent ID\n");
+ return -1;
+ }
+ req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT,
+ TC_H_MIN_INGRESS);
+ } else if (strcmp(*argv, "egress") == 0) {
+ if (req.t.tcm_parent) {
+ fprintf(stderr, "Error: \"egress\" is duplicate parent ID\n");
+ return -1;
+ }
+ req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT,
+ TC_H_MIN_EGRESS);
} else if (strcmp(*argv, "parent") == 0) {
__u32 handle;
NEXT_ARG();
@@ -220,11 +230,16 @@ int print_filter(const struct sockaddr_nl *who,
if (!filter_parent || filter_parent != t->tcm_parent) {
if (t->tcm_parent == TC_H_ROOT)
fprintf(fp, "root ");
+ else if (t->tcm_parent == TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_INGRESS))
+ fprintf(fp, "ingress ");
+ else if (t->tcm_parent == TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_EGRESS))
+ fprintf(fp, "egress ");
else {
print_tc_classid(abuf, sizeof(abuf), t->tcm_parent);
fprintf(fp, "parent %s ", abuf);
}
}
+
if (t->tcm_info) {
f_proto = TC_H_MIN(t->tcm_info);
__u32 prio = TC_H_MAJ(t->tcm_info)>>16;
@@ -259,7 +274,6 @@ int print_filter(const struct sockaddr_nl *who,
return 0;
}
-
static int tc_filter_list(int argc, char **argv)
{
struct tcmsg t;
@@ -284,6 +298,22 @@ static int tc_filter_list(int argc, char **argv)
return -1;
}
filter_parent = t.tcm_parent = TC_H_ROOT;
+ } else if (strcmp(*argv, "ingress") == 0) {
+ if (t.tcm_parent) {
+ fprintf(stderr, "Error: \"ingress\" is duplicate parent ID\n");
+ return -1;
+ }
+ filter_parent = TC_H_MAKE(TC_H_CLSACT,
+ TC_H_MIN_INGRESS);
+ t.tcm_parent = filter_parent;
+ } else if (strcmp(*argv, "egress") == 0) {
+ if (t.tcm_parent) {
+ fprintf(stderr, "Error: \"egress\" is duplicate parent ID\n");
+ return -1;
+ }
+ filter_parent = TC_H_MAKE(TC_H_CLSACT,
+ TC_H_MIN_EGRESS);
+ t.tcm_parent = filter_parent;
} else if (strcmp(*argv, "parent") == 0) {
__u32 handle;
NEXT_ARG();
diff --git a/tc/tc_qdisc.c b/tc/tc_qdisc.c
index c31ae8d2..61aec4f8 100644
--- a/tc/tc_qdisc.c
+++ b/tc/tc_qdisc.c
@@ -26,8 +26,6 @@
#include "tc_util.h"
#include "tc_common.h"
-static int usage(void);
-
static int usage(void)
{
fprintf(stderr, "Usage: tc qdisc [ add | del | replace | change | show ] dev STRING\n");
@@ -277,7 +275,6 @@ int print_qdisc(const struct sockaddr_nl *who,
return 0;
}
-
static int tc_qdisc_list(int argc, char **argv)
{
struct tcmsg t;
--
2.13.0