From: Guillaume Nault <gnault@redhat.com>
To: Wojciech Drewek <wojciech.drewek@intel.com>
Cc: netdev@vger.kernel.org, dsahern@gmail.com, stephen@networkplumber.org
Subject: Re: [PATCH iproute-next v2 3/3] f_flower: Introduce PPPoE support
Date: Thu, 28 Jul 2022 12:47:46 +0200 [thread overview]
Message-ID: <20220728104746.GC18015@pc-4.home> (raw)
In-Reply-To: <20220728084437.486187-4-wojciech.drewek@intel.com>
On Thu, Jul 28, 2022 at 10:44:37AM +0200, Wojciech Drewek wrote:
> Introduce PPPoE specific fields in tc-flower:
> - session id (16 bits)
> - ppp protocol (16 bits)
> Those fields can be provided only when protocol was set to
> ETH_P_PPP_SES. ppp_proto works similar to vlan_ethtype, i.e.
> ppp_proto overwrites eth_type. Thanks to that, fields from
> encapsulated protocols (such as src_ip) can be specified.
>
> e.g.
> # tc filter add dev ens6f0 ingress prio 1 protocol ppp_ses \
> flower \
> pppoe_sid 1234 \
> ppp_proto ip \
> dst_ip 127.0.0.1 \
> src_ip 127.0.0.2 \
> action drop
>
> Vlan and cvlan is also supported, in this case cvlan_ethtype
> or vlan_ethtype has to be set to ETH_P_PPP_SES.
>
> e.g.
> # tc filter add dev ens6f0 ingress prio 1 protocol 802.1Q \
> flower \
> vlan_id 2 \
> vlan_ethtype ppp_ses \
> pppoe_sid 1234 \
> ppp_proto ip \
> dst_ip 127.0.0.1 \
> src_ip 127.0.0.2 \
> action drop
>
> Signed-off-by: Wojciech Drewek <wojciech.drewek@intel.com>
> ---
> v2: add pppoe fields to explain
> ---
> include/uapi/linux/pkt_cls.h | 3 ++
> man/man8/tc-flower.8 | 17 ++++++++++-
> tc/f_flower.c | 58 ++++++++++++++++++++++++++++++++++++
> 3 files changed, 77 insertions(+), 1 deletion(-)
>
> diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h
> index 9a2ee1e39fad..a67dcd8294c9 100644
> --- a/include/uapi/linux/pkt_cls.h
> +++ b/include/uapi/linux/pkt_cls.h
> @@ -589,6 +589,9 @@ enum {
>
> TCA_FLOWER_KEY_NUM_OF_VLANS, /* u8 */
>
> + TCA_FLOWER_KEY_PPPOE_SID, /* u16 */
> + TCA_FLOWER_KEY_PPP_PROTO, /* be16 */
> +
> __TCA_FLOWER_MAX,
> };
>
> diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
> index 523935242ccf..5e486ea31d37 100644
> --- a/man/man8/tc-flower.8
> +++ b/man/man8/tc-flower.8
> @@ -40,6 +40,10 @@ flower \- flow based traffic control filter
> .IR PRIORITY " | "
> .BR cvlan_ethtype " { " ipv4 " | " ipv6 " | "
> .IR ETH_TYPE " } | "
> +.B pppoe_sid
> +.IR PSID " | "
> +.BR ppp_proto " { " ip " | " ipv6 " | " mpls_uc " | " mpls_mc " | "
> +.IR PPP_PROTO " } | "
> .B mpls
> .IR LSE_LIST " | "
> .B mpls_label
> @@ -202,7 +206,18 @@ Match on QinQ layer three protocol.
> may be either
> .BR ipv4 ", " ipv6
> or an unsigned 16bit value in hexadecimal format.
> -
> +.TP
> +.BI pppoe_sid " PSID"
> +Match on PPPoE session id.
> +.I PSID
> +is an unsigned 16bit value in decimal format.
> +.TP
> +.BI ppp_proto " PPP_PROTO"
> +Match on PPP layer three protocol.
> +.I PPP_PROTO
> +may be either
> +.BR ip ", " ipv6 ", " mpls_uc ", " mpls_mc
> +or an unsigned 16bit value in hexadecimal format.
> .TP
> .BI mpls " LSE_LIST"
> Match on the MPLS label stack.
> diff --git a/tc/f_flower.c b/tc/f_flower.c
> index 622ec321f310..c95320328b20 100644
> --- a/tc/f_flower.c
> +++ b/tc/f_flower.c
> @@ -20,6 +20,7 @@
> #include <linux/ip.h>
> #include <linux/tc_act/tc_vlan.h>
> #include <linux/mpls.h>
> +#include <linux/ppp_defs.h>
>
> #include "utils.h"
> #include "tc_util.h"
> @@ -55,6 +56,8 @@ static void explain(void)
> " cvlan_id VID |\n"
> " cvlan_prio PRIORITY |\n"
> " cvlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n"
> + " pppoe_sid PSID |\n"
> + " ppp_proto [ ipv4 | ipv6 | mpls_uc | mpls_mc | PPP_PROTO ]"
> " dst_mac MASKED-LLADDR |\n"
> " src_mac MASKED-LLADDR |\n"
> " ip_proto [tcp | udp | sctp | icmp | icmpv6 | IP-PROTO ] |\n"
> @@ -1887,6 +1890,43 @@ static int flower_parse_opt(struct filter_util *qu, char *handle,
> fprintf(stderr, "Illegal \"arp_sha\"\n");
> return -1;
> }
> +
> + } else if (!strcmp(*argv, "pppoe_sid")) {
> + __be16 sid;
> +
> + NEXT_ARG();
> + if (eth_type != htons(ETH_P_PPP_SES)) {
> + fprintf(stderr,
> + "Can't set \"pppoe_sid\" if ethertype isn't PPPoE session\n");
> + return -1;
> + }
> + ret = get_be16(&sid, *argv, 10);
> + if (ret < 0 || sid == 0xffff) {
> + fprintf(stderr, "Illegal \"pppoe_sid\"\n");
I don't think it makes sense to reject sid == 0xffff.
One might want to early match and drop such invalid packets.
prev parent reply other threads:[~2022-07-28 10:48 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-28 8:44 [PATCH iproute-next v2 0/3] PPPoE support in tc-flower Wojciech Drewek
2022-07-28 8:44 ` [PATCH iproute-next v2 1/3] lib: refactor ll_proto functions Wojciech Drewek
2022-07-28 8:44 ` [PATCH iproute-next v2 2/3] lib: Introduce ppp protocols Wojciech Drewek
2022-07-28 8:44 ` [PATCH iproute-next v2 3/3] f_flower: Introduce PPPoE support Wojciech Drewek
2022-07-28 10:47 ` Guillaume Nault [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220728104746.GC18015@pc-4.home \
--to=gnault@redhat.com \
--cc=dsahern@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=stephen@networkplumber.org \
--cc=wojciech.drewek@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.