From: Davide Caratti Date: Tue, 16 Jul 2024 08:57:20 +0000 (+0200) Subject: tc: f_flower: add support for matching on tunnel metadata X-Git-Tag: v6.12.0~18^2~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0941975dc8873e00260e8eea66813589827080e5;p=thirdparty%2Fiproute2.git tc: f_flower: add support for matching on tunnel metadata extend TC flower for matching on tunnel metadata. Changes since v2: - split uAPI changes and TC code in separate patches, as per David's request [2] Changes since v1: - fix incostintent naming in explain() and in tc-flower.8 (Asbjørn) Changes since RFC: - update uAPI bits to Asbjørn's most recent code [1] - add 'tun' prefix to all flag names (Asbjørn) - allow parsing 'enc_flags' multiple times, without clearing the match mask every time, like happens for 'ip_flags' (Asbjørn) - don't use "matches()" for parsing argv[] (Stephen) - (hopefully) improve usage() printout (Asbjørn) - update man page [1] https://lore.kernel.org/netdev/20240709163825.1210046-1-ast@fiberby.net/ [2] https://lore.kernel.org/netdev/cc73004c-9aa8-9cd3-b46e-443c0727c34d@kernel.org/ Signed-off-by: Davide Caratti Signed-off-by: David Ahern --- diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8 index 6b566405..adde2168 100644 --- a/man/man8/tc-flower.8 +++ b/man/man8/tc-flower.8 @@ -106,7 +106,9 @@ flower \- flow based traffic control filter .B l2_miss .IR L2_MISS " | " .BR cfm -.IR CFM_OPTIONS " }" +.IR CFM_OPTIONS " | " +.BR enc_flags +.IR ENCFLAG-LIST " }" .ti -8 .IR LSE_LIST " := [ " LSE_LIST " ] " LSE @@ -131,6 +133,16 @@ flower \- flow based traffic control filter .B op .IR OPCODE " +.ti -8 +.IR ENCFLAG-LIST " := [ " ENCFLAG-LIST "/ ] " ENCFLAG + +.ti -8 +.IR ENCFLAG " := { " +.BR [no]tuncsum " | " +.BR [no]tundf " | " +.BR [no]tunoam " | " +.BR [no]tuncrit " } " + .SH DESCRIPTION The .B flower @@ -538,11 +550,23 @@ Match on the Maintenance Domain (MD) level field. .BI op " OPCODE " Match on the CFM opcode field. \fIOPCODE\fR is an unsigned 8 bit value in decimal format. +.RE +.TP +.BI enc_flags " ENCFLAG-LIST " +Match on tunnel control flags. +.I ENCFLAG-LIST +is a list of the following tunnel control flags: +.BR [no]tuncsum ", " +.BR [no]tundf ", " +.BR [no]tunoam ", " +.BR [no]tuncrit ", " +each separated by '/'. +.TP .SH NOTES As stated above where applicable, matches of a certain layer implicitly depend on the matches of the next lower layer. Precisely, layer one and two matches -(\fBindev\fR, \fBdst_mac\fR and \fBsrc_mac\fR) +(\fBindev\fR, \fBdst_mac\fR, \fBsrc_mac\fR and \fBenc_flags\fR) have no dependency, MPLS and layer three matches (\fBmpls\fR, \fBmpls_label\fR, \fBmpls_tc\fR, \fBmpls_bos\fR, \fBmpls_ttl\fR, diff --git a/tc/f_flower.c b/tc/f_flower.c index 244f0f7e..3b61c219 100644 --- a/tc/f_flower.c +++ b/tc/f_flower.c @@ -28,6 +28,7 @@ enum flower_matching_flags { FLOWER_IP_FLAGS, + FLOWER_ENC_DST_FLAGS, }; enum flower_endpoint { @@ -99,13 +100,16 @@ static void explain(void) " ct_label MASKED_CT_LABEL |\n" " ct_mark MASKED_CT_MARK |\n" " ct_zone MASKED_CT_ZONE |\n" - " cfm CFM }\n" + " cfm CFM |\n" + " enc_flags ENCFLAG-LIST }\n" " LSE-LIST := [ LSE-LIST ] LSE\n" " LSE := lse depth DEPTH { label LABEL | tc TC | bos BOS | ttl TTL }\n" " FILTERID := X:Y:Z\n" " MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n" " MASKED_CT_STATE := combination of {+|-} and flags trk,est,new,rel,rpl,inv\n" " CFM := { mdl LEVEL | op OPCODE }\n" + " ENCFLAG-LIST := [ ENCFLAG-LIST/ ]ENCFLAG\n" + " ENCFLAG := { [no]tuncsum | [no]tundf | [no]tunoam | [no]tuncrit }\n" " ACTION-SPEC := ... look at individual actions\n" "\n" "NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n" @@ -205,6 +209,10 @@ struct flag_to_string { static struct flag_to_string flags_str[] = { { TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOWER_IP_FLAGS, "frag" }, { TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST, FLOWER_IP_FLAGS, "firstfrag" }, + { TCA_FLOWER_KEY_FLAGS_TUNNEL_CSUM, FLOWER_ENC_DST_FLAGS, "tuncsum" }, + { TCA_FLOWER_KEY_FLAGS_TUNNEL_DONT_FRAGMENT, FLOWER_ENC_DST_FLAGS, "tundf" }, + { TCA_FLOWER_KEY_FLAGS_TUNNEL_OAM, FLOWER_ENC_DST_FLAGS, "tunoam" }, + { TCA_FLOWER_KEY_FLAGS_TUNNEL_CRIT_OPT, FLOWER_ENC_DST_FLAGS, "tuncrit" }, }; static int flower_parse_matching_flags(char *str, @@ -1642,6 +1650,8 @@ static int flower_parse_opt(const struct filter_util *qu, char *handle, __u32 flags = 0; __u32 mtf = 0; __u32 mtf_mask = 0; + __u32 dst_flags = 0; + __u32 dst_flags_mask = 0; if (handle) { ret = get_u32(&t->tcm_handle, handle, 0); @@ -2248,6 +2258,17 @@ static int flower_parse_opt(const struct filter_util *qu, char *handle, fprintf(stderr, "Illegal \"pfcp_opts\"\n"); return -1; } + } else if (!strcmp(*argv, "enc_flags")) { + NEXT_ARG(); + ret = flower_parse_matching_flags(*argv, + FLOWER_ENC_DST_FLAGS, + &dst_flags, + &dst_flags_mask); + + if (ret < 0) { + fprintf(stderr, "Illegal \"enc_flags\"\n"); + return -1; + } } else if (matches(*argv, "action") == 0) { NEXT_ARG(); ret = parse_action(&argc, &argv, TCA_FLOWER_ACT, n); @@ -2286,6 +2307,17 @@ parse_done: return ret; } + if (dst_flags_mask) { + ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_ENC_FLAGS, + htonl(dst_flags)); + if (ret) + return ret; + ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_ENC_FLAGS_MASK, + htonl(dst_flags_mask)); + if (ret) + return ret; + } + if (tc_proto != htons(ETH_P_ALL)) { ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, tc_proto); if (ret) @@ -3262,6 +3294,10 @@ static int flower_print_opt(const struct filter_util *qu, FILE *f, tb[TCA_FLOWER_KEY_FLAGS], tb[TCA_FLOWER_KEY_FLAGS_MASK]); + flower_print_matching_flags("enc_flags", FLOWER_ENC_DST_FLAGS, + tb[TCA_FLOWER_KEY_ENC_FLAGS], + tb[TCA_FLOWER_KEY_ENC_FLAGS_MASK]); + if (tb[TCA_FLOWER_L2_MISS]) { struct rtattr *attr = tb[TCA_FLOWER_L2_MISS];