From 4bff8086489a1db4e506d3c807ccddc2e88e4b03 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 3 Nov 2021 05:55:54 +0900 Subject: [PATCH] network: tc/cake: introduce NAT= setting --- man/systemd.network.xml | 12 ++++++++++++ src/network/networkd-network-gperf.gperf | 1 + src/network/tc/cake.c | 9 +++++++++ src/network/tc/cake.h | 1 + test/fuzz/fuzz-network-parser/directives.network | 1 + 5 files changed, 24 insertions(+) diff --git a/man/systemd.network.xml b/man/systemd.network.xml index c13b5fed4b5..13eb06fdca5 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -3587,6 +3587,18 @@ Token=prefixstable:2002:da8:1:: + + NAT= + + Takes a boolean value. When true, CAKE performs a NAT lookup before applying + flow-isolation rules, to determine the true addresses and port numbers of the packet, to + improve fairness between hosts inside the NAT. This has no practical effect when + FlowIsolationMode= is none or flows, + or if NAT is performed on a different host. Defaults to unset, and the kernel's default is + used. + + + diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf index eaef3ec03fb..1fe4b72b5ff 100644 --- a/src/network/networkd-network-gperf.gperf +++ b/src/network/networkd-network-gperf.gperf @@ -390,6 +390,7 @@ CAKE.AutoRateIngress, config_parse_cake_tristate, CAKE.OverheadBytes, config_parse_cake_overhead, QDISC_KIND_CAKE, 0 CAKE.CompensationMode, config_parse_cake_compensation_mode, QDISC_KIND_CAKE, 0 CAKE.FlowIsolationMode, config_parse_cake_flow_isolation_mode, QDISC_KIND_CAKE, 0 +CAKE.NAT, config_parse_cake_tristate, QDISC_KIND_CAKE, 0 ControlledDelay.Parent, config_parse_qdisc_parent, QDISC_KIND_CODEL, 0 ControlledDelay.Handle, config_parse_qdisc_handle, QDISC_KIND_CODEL, 0 ControlledDelay.PacketLimit, config_parse_controlled_delay_u32, QDISC_KIND_CODEL, 0 diff --git a/src/network/tc/cake.c b/src/network/tc/cake.c index 39280ff6c87..27395918ea9 100644 --- a/src/network/tc/cake.c +++ b/src/network/tc/cake.c @@ -22,6 +22,7 @@ static int cake_init(QDisc *qdisc) { c->autorate = -1; c->compensation_mode = _CAKE_COMPENSATION_MODE_INVALID; c->flow_isolation_mode = _CAKE_FLOW_ISOLATION_MODE_INVALID; + c->nat = -1; return 0; } @@ -70,6 +71,12 @@ static int cake_fill_message(Link *link, QDisc *qdisc, sd_netlink_message *req) return log_link_error_errno(link, r, "Could not append TCA_CAKE_FLOW_MODE attribute: %m"); } + if (c->nat >= 0) { + r = sd_netlink_message_append_u32(req, TCA_CAKE_NAT, c->nat); + if (r < 0) + return log_link_error_errno(link, r, "Could not append TCA_CAKE_NAT attribute: %m"); + } + r = sd_netlink_message_close_container(req); if (r < 0) return log_link_error_errno(link, r, "Could not close container TCA_OPTIONS: %m"); @@ -227,6 +234,8 @@ int config_parse_cake_tristate( if (streq(lvalue, "AutoRateIngress")) dest = &c->autorate; + else if (streq(lvalue, "NAT")) + dest = &c->nat; else assert_not_reached(); diff --git a/src/network/tc/cake.h b/src/network/tc/cake.h index 9272357df7f..1be8cacbe9a 100644 --- a/src/network/tc/cake.h +++ b/src/network/tc/cake.h @@ -42,6 +42,7 @@ typedef struct CommonApplicationsKeptEnhanced { /* Flow isolation parameters */ CakeFlowIsolationMode flow_isolation_mode; + int nat; } CommonApplicationsKeptEnhanced; diff --git a/test/fuzz/fuzz-network-parser/directives.network b/test/fuzz/fuzz-network-parser/directives.network index b0db8d88d1c..5d0d0968e7a 100644 --- a/test/fuzz/fuzz-network-parser/directives.network +++ b/test/fuzz/fuzz-network-parser/directives.network @@ -472,6 +472,7 @@ AutoRateIngress= OverheadBytes= CompensationMode= FlowIsolationMode= +NAT= [TrafficControlQueueingDiscipline] Parent= NetworkEmulatorDelaySec= -- 2.47.3