From: Yu Watanabe Date: Wed, 3 Nov 2021 20:13:20 +0000 (+0900) Subject: network: tc/cake: introduce FirewallMark= setting X-Git-Tag: v250-rc1~330^2~4 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=049b66ccdd096173c0806903cb9d263605acdcbb;p=thirdparty%2Fsystemd.git network: tc/cake: introduce FirewallMark= setting --- diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 31fa8d31ff0..3cc9e8e7788 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -3660,6 +3660,15 @@ Token=prefixstable:2002:da8:1:: + + FirewallMark= + + Takes an integer in the range 1…4294967295. When specified, firewall-mark-based + overriding of CAKE's tin selection is enabled. Defaults to unset, and the kernel's default is + used. + + + diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf index 0404f911230..f7866cbc14c 100644 --- a/src/network/networkd-network-gperf.gperf +++ b/src/network/networkd-network-gperf.gperf @@ -393,6 +393,7 @@ CAKE.CompensationMode, config_parse_cake_compensation_mode CAKE.FlowIsolationMode, config_parse_cake_flow_isolation_mode, QDISC_KIND_CAKE, 0 CAKE.NAT, config_parse_cake_tristate, QDISC_KIND_CAKE, 0 CAKE.PriorityQueueingPreset, config_parse_cake_priority_queueing_preset, QDISC_KIND_CAKE, 0 +CAKE.FirewallMark, config_parse_cake_fwmark, QDISC_KIND_CAKE, 0 ControlledDelay.Parent, config_parse_qdisc_parent, QDISC_KIND_CODEL, 0 ControlledDelay.Handle, config_parse_qdisc_handle, QDISC_KIND_CODEL, 0 ControlledDelay.PacketLimit, config_parse_controlled_delay_u32, QDISC_KIND_CODEL, 0 diff --git a/src/network/tc/cake.c b/src/network/tc/cake.c index cd03f8feac7..598a019ac2c 100644 --- a/src/network/tc/cake.c +++ b/src/network/tc/cake.c @@ -90,6 +90,12 @@ static int cake_fill_message(Link *link, QDisc *qdisc, sd_netlink_message *req) return log_link_error_errno(link, r, "Could not append TCA_CAKE_DIFFSERV_MODE attribute: %m"); } + if (c->fwmark > 0) { + r = sd_netlink_message_append_u32(req, TCA_CAKE_FWMARK, c->fwmark); + if (r < 0) + return log_link_error_errno(link, r, "Could not append TCA_CAKE_FWMARK attribute: %m"); + } + r = sd_netlink_message_close_container(req); if (r < 0) return log_link_error_errno(link, r, "Could not close container TCA_OPTIONS: %m"); @@ -520,6 +526,65 @@ int config_parse_cake_priority_queueing_preset( return 0; } +int config_parse_cake_fwmark( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + _cleanup_(qdisc_free_or_set_invalidp) QDisc *qdisc = NULL; + CommonApplicationsKeptEnhanced *c; + Network *network = data; + uint32_t fwmark; + int r; + + assert(filename); + assert(lvalue); + assert(rvalue); + assert(data); + + r = qdisc_new_static(QDISC_KIND_CAKE, network, filename, section_line, &qdisc); + if (r == -ENOMEM) + return log_oom(); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, + "More than one kind of queueing discipline, ignoring assignment: %m"); + return 0; + } + + c = CAKE(qdisc); + + if (isempty(rvalue)) { + c->fwmark = 0; + TAKE_PTR(qdisc); + return 0; + } + + r = safe_atou32(rvalue, &fwmark); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, + "Failed to parse '%s=', ignoring assignment: %s", + lvalue, rvalue); + return 0; + } + if (fwmark <= 0) { + log_syntax(unit, LOG_WARNING, filename, line, 0, + "Invalid '%s=', ignoring assignment: %s", + lvalue, rvalue); + return 0; + } + + c->fwmark = fwmark; + TAKE_PTR(qdisc); + return 0; +} + const QDiscVTable cake_vtable = { .object_size = sizeof(CommonApplicationsKeptEnhanced), .tca_kind = "cake", diff --git a/src/network/tc/cake.h b/src/network/tc/cake.h index a14cb6b8066..8743d592ad6 100644 --- a/src/network/tc/cake.h +++ b/src/network/tc/cake.h @@ -57,6 +57,7 @@ typedef struct CommonApplicationsKeptEnhanced { /* Priority queue parameters */ CakePriorityQueueingPreset preset; + uint32_t fwmark; } CommonApplicationsKeptEnhanced; @@ -70,3 +71,4 @@ CONFIG_PARSER_PROTOTYPE(config_parse_cake_tristate); CONFIG_PARSER_PROTOTYPE(config_parse_cake_compensation_mode); CONFIG_PARSER_PROTOTYPE(config_parse_cake_flow_isolation_mode); CONFIG_PARSER_PROTOTYPE(config_parse_cake_priority_queueing_preset); +CONFIG_PARSER_PROTOTYPE(config_parse_cake_fwmark); diff --git a/test/fuzz/fuzz-network-parser/directives.network b/test/fuzz/fuzz-network-parser/directives.network index e4734af8794..de8bec2750d 100644 --- a/test/fuzz/fuzz-network-parser/directives.network +++ b/test/fuzz/fuzz-network-parser/directives.network @@ -475,6 +475,7 @@ CompensationMode= FlowIsolationMode= NAT= PriorityQueueingPreset= +FirewallMark= [TrafficControlQueueingDiscipline] Parent= NetworkEmulatorDelaySec=