network: tc/cake: introduce FirewallMark= setting

author Yu Watanabe <watanabe.yu+github@gmail.com>

Wed, 3 Nov 2021 20:13:20 +0000 (05:13 +0900)

committer Yu Watanabe <watanabe.yu+github@gmail.com>

Tue, 9 Nov 2021 01:58:44 +0000 (10:58 +0900)
author Yu Watanabe <watanabe.yu+github@gmail.com>
Wed, 3 Nov 2021 20:13:20 +0000 (05:13 +0900)
committer Yu Watanabe <watanabe.yu+github@gmail.com>
Tue, 9 Nov 2021 01:58:44 +0000 (10:58 +0900)
diff --git a/man/systemd.network.xml b/man/systemd.network.xml

index 31fa8d31ff088c9a384323e90bac66230af2af01..3cc9e8e7788240e17c70816a17e513aefb99fbe6 100644 (file)
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -3660,6 +3660,15 @@ Token=prefixstable:2002:da8:1::</programlisting></para>
          </listitem>
        </varlistentry>
  
+      <varlistentry>
+        <term><varname>FirewallMark=</varname></term>
+        <listitem>
+          <para>Takes an integer in the range 1…4294967295. When specified, firewall-mark-based
+          overriding of CAKE's tin selection is enabled. Defaults to unset, and the kernel's default is
+          used.</para>
+        </listitem>
+      </varlistentry>
+
      </variablelist>
    </refsect1>
  
diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf

index 0404f911230d50a2dff9228e0a624752c95d2a64..f7866cbc14ca4adcf7b6f030e9c374623fece962 100644 (file)
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/network/networkd-network-gperf.gperf
@@ -393,6 +393,7 @@ CAKE.CompensationMode,                       config_parse_cake_compensation_mode
  CAKE.FlowIsolationMode,                      config_parse_cake_flow_isolation_mode,                    QDISC_KIND_CAKE,               0
  CAKE.NAT,                                    config_parse_cake_tristate,                               QDISC_KIND_CAKE,               0
  CAKE.PriorityQueueingPreset,                 config_parse_cake_priority_queueing_preset,               QDISC_KIND_CAKE,               0
+CAKE.FirewallMark,                           config_parse_cake_fwmark,                                 QDISC_KIND_CAKE,               0
  ControlledDelay.Parent,                      config_parse_qdisc_parent,                                QDISC_KIND_CODEL,              0
  ControlledDelay.Handle,                      config_parse_qdisc_handle,                                QDISC_KIND_CODEL,              0
  ControlledDelay.PacketLimit,                 config_parse_controlled_delay_u32,                        QDISC_KIND_CODEL,              0
diff --git a/src/network/tc/cake.c b/src/network/tc/cake.c

index cd03f8feac7e2e8b74fa7b272fd71f928a5e7006..598a019ac2c22ae26a443f93b30547f68bfddeb2 100644 (file)
--- a/src/network/tc/cake.c
+++ b/src/network/tc/cake.c
@@ -90,6 +90,12 @@ static int cake_fill_message(Link *link, QDisc *qdisc, sd_netlink_message *req)
                          return log_link_error_errno(link, r, "Could not append TCA_CAKE_DIFFSERV_MODE attribute: %m");
          }
  
+        if (c->fwmark > 0) {
+                r = sd_netlink_message_append_u32(req, TCA_CAKE_FWMARK, c->fwmark);
+                if (r < 0)
+                        return log_link_error_errno(link, r, "Could not append TCA_CAKE_FWMARK attribute: %m");
+        }
+
          r = sd_netlink_message_close_container(req);
          if (r < 0)
                  return log_link_error_errno(link, r, "Could not close container TCA_OPTIONS: %m");
@@ -520,6 +526,65 @@ int config_parse_cake_priority_queueing_preset(
          return 0;
  }
  
+int config_parse_cake_fwmark(
+                const char *unit,
+                const char *filename,
+                unsigned line,
+                const char *section,
+                unsigned section_line,
+                const char *lvalue,
+                int ltype,
+                const char *rvalue,
+                void *data,
+                void *userdata) {
+
+        _cleanup_(qdisc_free_or_set_invalidp) QDisc *qdisc = NULL;
+        CommonApplicationsKeptEnhanced *c;
+        Network *network = data;
+        uint32_t fwmark;
+        int r;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+        assert(data);
+
+        r = qdisc_new_static(QDISC_KIND_CAKE, network, filename, section_line, &qdisc);
+        if (r == -ENOMEM)
+                return log_oom();
+        if (r < 0) {
+                log_syntax(unit, LOG_WARNING, filename, line, r,
+                           "More than one kind of queueing discipline, ignoring assignment: %m");
+                return 0;
+        }
+
+        c = CAKE(qdisc);
+
+        if (isempty(rvalue)) {
+                c->fwmark = 0;
+                TAKE_PTR(qdisc);
+                return 0;
+        }
+
+        r = safe_atou32(rvalue, &fwmark);
+        if (r < 0) {
+                log_syntax(unit, LOG_WARNING, filename, line, r,
+                           "Failed to parse '%s=', ignoring assignment: %s",
+                           lvalue, rvalue);
+                return 0;
+        }
+        if (fwmark <= 0) {
+                log_syntax(unit, LOG_WARNING, filename, line, 0,
+                           "Invalid '%s=', ignoring assignment: %s",
+                           lvalue, rvalue);
+                return 0;
+        }
+
+        c->fwmark = fwmark;
+        TAKE_PTR(qdisc);
+        return 0;
+}
+
  const QDiscVTable cake_vtable = {
          .object_size = sizeof(CommonApplicationsKeptEnhanced),
          .tca_kind = "cake",
diff --git a/src/network/tc/cake.h b/src/network/tc/cake.h

index a14cb6b80660e8dc3234bc38d03b2fb207fd77ff..8743d592ad6f57a6d96e3cc4431a242ce0cfe9da 100644 (file)
--- a/src/network/tc/cake.h
+++ b/src/network/tc/cake.h
@@ -57,6 +57,7 @@ typedef struct CommonApplicationsKeptEnhanced {
  
          /* Priority queue parameters */
          CakePriorityQueueingPreset preset;
+        uint32_t fwmark;
  
  } CommonApplicationsKeptEnhanced;
  
@@ -70,3 +71,4 @@ CONFIG_PARSER_PROTOTYPE(config_parse_cake_tristate);
  CONFIG_PARSER_PROTOTYPE(config_parse_cake_compensation_mode);
  CONFIG_PARSER_PROTOTYPE(config_parse_cake_flow_isolation_mode);
  CONFIG_PARSER_PROTOTYPE(config_parse_cake_priority_queueing_preset);
+CONFIG_PARSER_PROTOTYPE(config_parse_cake_fwmark);
diff --git a/test/fuzz/fuzz-network-parser/directives.network b/test/fuzz/fuzz-network-parser/directives.network

index e4734af87943e913fc2df6665c8d7371f387cd4f..de8bec2750d934424e5e301c83c2984232b610a8 100644 (file)
--- a/test/fuzz/fuzz-network-parser/directives.network
+++ b/test/fuzz/fuzz-network-parser/directives.network
@@ -475,6 +475,7 @@ CompensationMode=
  FlowIsolationMode=
  NAT=
  PriorityQueueingPreset=
+FirewallMark=
  [TrafficControlQueueingDiscipline]
  Parent=
  NetworkEmulatorDelaySec=
author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Wed, 3 Nov 2021 20:13:20 +0000 (05:13 +0900)
committer	Yu Watanabe <watanabe.yu+github@gmail.com>
	Tue, 9 Nov 2021 01:58:44 +0000 (10:58 +0900)
man/systemd.network.xml		patch \| blob \| blame \| history
src/network/networkd-network-gperf.gperf		patch \| blob \| blame \| history
src/network/tc/cake.c		patch \| blob \| blame \| history
src/network/tc/cake.h		patch \| blob \| blame \| history
test/fuzz/fuzz-network-parser/directives.network		patch \| blob \| blame \| history