From: Peilin Ye Date: Tue, 20 Jul 2021 19:21:45 +0000 (-0700) Subject: tc/skbmod: Remove misinformation about the swap action X-Git-Tag: v5.14.0~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c06d313d86c1acb8dd72589816301853ff5a4ac4;p=thirdparty%2Fiproute2.git tc/skbmod: Remove misinformation about the swap action Currently man 8 tc-skbmod says that "...the swap action will occur after any smac/dmac substitutions are executed, if they are present." This is false. In fact, trying to "set" and "swap" in a single skbmod command causes the "set" part to be completely ignored. As an example: $ tc filter add dev eth0 parent 1: protocol ip prio 10 \ matchall action skbmod \ set dmac AA:AA:AA:AA:AA:AA smac BB:BB:BB:BB:BB:BB \ swap mac The above command simply does a "swap", without setting DMAC or SMAC to AA's or BB's. The root cause of this is in the kernel, see net/sched/act_skbmod.c:tcf_skbmod_init(): parm = nla_data(tb[TCA_SKBMOD_PARMS]); index = parm->index; if (parm->flags & SKBMOD_F_SWAPMAC) lflags = SKBMOD_F_SWAPMAC; ^^^^^^^^^^^^^^^^^^^^^^^^^^ Doing a "=" instead of "|=" clears all other "set" flags when doing a "swap". Discourage using "set" and "swap" in the same command by documenting it as undefined behavior, and update the "SYNOPSIS" section as well as tc -help text accordingly. If one really needs to e.g. "set" DMAC to all AA's then "swap" DMAC and SMAC, one should do two separate commands and "pipe" them together. Reviewed-by: Cong Wang Signed-off-by: Peilin Ye Signed-off-by: Stephen Hemminger --- diff --git a/man/man8/tc-skbmod.8 b/man/man8/tc-skbmod.8 index eb3c38fa6..76512311b 100644 --- a/man/man8/tc-skbmod.8 +++ b/man/man8/tc-skbmod.8 @@ -5,12 +5,12 @@ skbmod - user-friendly packet editor action .SH SYNOPSIS .in +8 .ti -8 -.BR tc " ... " "action skbmod " "{ [ " "set " -.IR SETTABLE " ] [ " +.BR tc " ... " "action skbmod " "{ " "set " +.IR SETTABLE " | " .BI swap " SWAPPABLE" -.RI " ] [ " CONTROL " ] [ " +.RI " } [ " CONTROL " ] [ " .BI index " INDEX " -] } +] .ti -8 .IR SETTABLE " := " @@ -25,6 +25,7 @@ skbmod - user-friendly packet editor action .IR SWAPPABLE " := " .B mac .ti -8 + .IR CONTROL " := {" .BR reclassify " | " pipe " | " drop " | " shot " | " continue " | " pass " }" .SH DESCRIPTION @@ -48,10 +49,7 @@ Change the source mac to the specified address. Change the ethertype to the specified value. .TP .BI mac -Used to swap mac addresses. The -.B swap mac -directive is performed -after any outstanding D/SMAC changes. +Used to swap mac addresses. .TP .I CONTROL The following keywords allow to control how the tree of qdisc, classes, @@ -128,9 +126,13 @@ tc filter add dev eth3 parent 1: protocol ip prio 10 \\ .EE .RE -As mentioned above, the swap action will occur after any -.B " smac/dmac " -substitutions are executed, if they are present. +However, trying to +.B set +and +.B swap +in a single +.B skbmod +command will cause undefined behavior. .SH SEE ALSO .BR tc (8), diff --git a/tc/m_skbmod.c b/tc/m_skbmod.c index e13d3f16b..3fe30651a 100644 --- a/tc/m_skbmod.c +++ b/tc/m_skbmod.c @@ -28,10 +28,9 @@ static void skbmod_explain(void) { fprintf(stderr, - "Usage:... skbmod {[set ] [swap ]} [CONTROL] [index INDEX]\n" + "Usage:... skbmod { set | swap } [CONTROL] [index INDEX]\n" "where SETTABLE is: [dmac DMAC] [smac SMAC] [etype ETYPE]\n" - "where SWAPABLE is: \"mac\" to swap mac addresses\n" - "note: \"swap mac\" is done after any outstanding D/SMAC change\n" + "where SWAPPABLE is: \"mac\" to swap mac addresses\n" "\tDMAC := 6 byte Destination MAC address\n" "\tSMAC := optional 6 byte Source MAC address\n" "\tETYPE := optional 16 bit ethertype\n"