network: tc/cake: introduce NAT= setting

author Yu Watanabe <watanabe.yu+github@gmail.com>

Tue, 2 Nov 2021 20:55:54 +0000 (05:55 +0900)

committer Yu Watanabe <watanabe.yu+github@gmail.com>

Tue, 9 Nov 2021 01:58:44 +0000 (10:58 +0900)
author Yu Watanabe <watanabe.yu+github@gmail.com>
Tue, 2 Nov 2021 20:55:54 +0000 (05:55 +0900)
committer Yu Watanabe <watanabe.yu+github@gmail.com>
Tue, 9 Nov 2021 01:58:44 +0000 (10:58 +0900)
diff --git a/man/systemd.network.xml b/man/systemd.network.xml

index c13b5fed4b5e0246b09f551e4f9ab4c2f3511a78..13eb06fdca5d8ee1be7be4ad6f5504fad92d57cb 100644 (file)
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -3587,6 +3587,18 @@ Token=prefixstable:2002:da8:1::</programlisting></para>
          </listitem>
        </varlistentry>
  
+      <varlistentry>
+        <term><varname>NAT=</varname></term>
+        <listitem>
+          <para>Takes a boolean value. When true, CAKE performs a NAT lookup before applying
+          flow-isolation rules, to determine the true addresses and port numbers of the packet, to
+          improve fairness between hosts inside the NAT. This has no practical effect when
+          <varname>FlowIsolationMode=</varname> is <literal>none</literal> or <literal>flows</literal>,
+          or if NAT is performed on a different host. Defaults to unset, and the kernel's default is
+          used.</para>
+        </listitem>
+      </varlistentry>
+
      </variablelist>
    </refsect1>
  
diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf

index eaef3ec03fb7905e28858ab192a8f6aed1b3ebe0..1fe4b72b5ffd3dcfdce36c63b827a7a2d800e9ba 100644 (file)
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/network/networkd-network-gperf.gperf
@@ -390,6 +390,7 @@ CAKE.AutoRateIngress,                        config_parse_cake_tristate,
  CAKE.OverheadBytes,                          config_parse_cake_overhead,                               QDISC_KIND_CAKE,               0
  CAKE.CompensationMode,                       config_parse_cake_compensation_mode,                      QDISC_KIND_CAKE,               0
  CAKE.FlowIsolationMode,                      config_parse_cake_flow_isolation_mode,                    QDISC_KIND_CAKE,               0
+CAKE.NAT,                                    config_parse_cake_tristate,                               QDISC_KIND_CAKE,               0
  ControlledDelay.Parent,                      config_parse_qdisc_parent,                                QDISC_KIND_CODEL,              0
  ControlledDelay.Handle,                      config_parse_qdisc_handle,                                QDISC_KIND_CODEL,              0
  ControlledDelay.PacketLimit,                 config_parse_controlled_delay_u32,                        QDISC_KIND_CODEL,              0
diff --git a/src/network/tc/cake.c b/src/network/tc/cake.c

index 39280ff6c8711e32358c6cc5b206e6626cc0f111..27395918ea9491839f57f1f341b2ded2ad3590bd 100644 (file)
--- a/src/network/tc/cake.c
+++ b/src/network/tc/cake.c
@@ -22,6 +22,7 @@ static int cake_init(QDisc *qdisc) {
          c->autorate = -1;
          c->compensation_mode = _CAKE_COMPENSATION_MODE_INVALID;
          c->flow_isolation_mode = _CAKE_FLOW_ISOLATION_MODE_INVALID;
+        c->nat = -1;
  
          return 0;
  }
@@ -70,6 +71,12 @@ static int cake_fill_message(Link *link, QDisc *qdisc, sd_netlink_message *req)
                          return log_link_error_errno(link, r, "Could not append TCA_CAKE_FLOW_MODE attribute: %m");
          }
  
+        if (c->nat >= 0) {
+                r = sd_netlink_message_append_u32(req, TCA_CAKE_NAT, c->nat);
+                if (r < 0)
+                        return log_link_error_errno(link, r, "Could not append TCA_CAKE_NAT attribute: %m");
+        }
+
          r = sd_netlink_message_close_container(req);
          if (r < 0)
                  return log_link_error_errno(link, r, "Could not close container TCA_OPTIONS: %m");
@@ -227,6 +234,8 @@ int config_parse_cake_tristate(
  
          if (streq(lvalue, "AutoRateIngress"))
                  dest = &c->autorate;
+        else if (streq(lvalue, "NAT"))
+                dest = &c->nat;
          else
                  assert_not_reached();
  
diff --git a/src/network/tc/cake.h b/src/network/tc/cake.h

index 9272357df7fe9b033c1907cd153f49a4e2c3dcb5..1be8cacbe9a22a0e5aef4dcf81390c59c771de10 100644 (file)
--- a/src/network/tc/cake.h
+++ b/src/network/tc/cake.h
@@ -42,6 +42,7 @@ typedef struct CommonApplicationsKeptEnhanced {
  
          /* Flow isolation parameters */
          CakeFlowIsolationMode flow_isolation_mode;
+        int nat;
  
  } CommonApplicationsKeptEnhanced;
  
diff --git a/test/fuzz/fuzz-network-parser/directives.network b/test/fuzz/fuzz-network-parser/directives.network

index b0db8d88d1ce3ed65322f6234ba1f2873fe52150..5d0d0968e7a9ba70e5aa7a0fb98a63549d161269 100644 (file)
--- a/test/fuzz/fuzz-network-parser/directives.network
+++ b/test/fuzz/fuzz-network-parser/directives.network
@@ -472,6 +472,7 @@ AutoRateIngress=
  OverheadBytes=
  CompensationMode=
  FlowIsolationMode=
+NAT=
  [TrafficControlQueueingDiscipline]
  Parent=
  NetworkEmulatorDelaySec=
author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Tue, 2 Nov 2021 20:55:54 +0000 (05:55 +0900)
committer	Yu Watanabe <watanabe.yu+github@gmail.com>
	Tue, 9 Nov 2021 01:58:44 +0000 (10:58 +0900)
man/systemd.network.xml		patch \| blob \| blame \| history
src/network/networkd-network-gperf.gperf		patch \| blob \| blame \| history
src/network/tc/cake.c		patch \| blob \| blame \| history
src/network/tc/cake.h		patch \| blob \| blame \| history
test/fuzz/fuzz-network-parser/directives.network		patch \| blob \| blame \| history