* [PATCH iproute2-next] flower: add orig_ethtype key
@ 2021-08-30 8:08 Boris Sukholitko
0 siblings, 0 replies; only message in thread
From: Boris Sukholitko @ 2021-08-30 8:08 UTC (permalink / raw)
To: netdev; +Cc: Ilya Lifshits, Boris Sukholitko
[-- Attachment #1: Type: text/plain, Size: 2766 bytes --]
The following flower filter fails to match packets:
tc filter add dev eth0 ingress protocol 0x8864 flower \
action simple sdata hi64
The following is explanation of the issue on the kernel side.
The protocol 0x8864 (ETH_P_PPP_SES) is a tunnel protocol. As such, it is
being dissected by __skb_flow_dissect and it's internal protocol is
being set as key->basic.n_proto. IOW, the existence of ETH_P_PPP_SES
tunnel is transparent to the callers of __skb_flow_dissect.
OTOH, in the filters above, cls_flower configures its key->basic.n_proto
to the ETH_P_PPP_SES value configured by the user. Matching on this key
fails because of __skb_flow_dissect "transparency" mentioned above.
Therefore there is no way currently to match on such packets using
flower.
To fix the issue add new orig_ethtype key to the flower along with the
necessary changes to the flow dissector etc.
To filter the ETH_P_PPP_SES packets the command becomes:
tc filter add dev eth0 ingress flower orig_ethtype 0x8864 \
action simple sdata hi64
Corresponding kernel patch was sent separately.
Signed-off-by: Boris Sukholitko <boris.sukholitko@broadcom.com>
---
include/uapi/linux/pkt_cls.h | 1 +
tc/f_flower.c | 17 +++++++++++++++++
2 files changed, 18 insertions(+)
diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h
index 025c40fe..238dee49 100644
--- a/include/uapi/linux/pkt_cls.h
+++ b/include/uapi/linux/pkt_cls.h
@@ -583,6 +583,7 @@ enum {
TCA_FLOWER_KEY_HASH, /* u32 */
TCA_FLOWER_KEY_HASH_MASK, /* u32 */
+ TCA_FLOWER_KEY_ORIG_ETH_TYPE, /* be16 */
__TCA_FLOWER_MAX,
};
diff --git a/tc/f_flower.c b/tc/f_flower.c
index c5af0276..935d0cbd 100644
--- a/tc/f_flower.c
+++ b/tc/f_flower.c
@@ -1431,6 +1431,13 @@ static int flower_parse_opt(struct filter_util *qu, char *handle,
if (check_ifname(*argv))
invarg("\"indev\" not a valid ifname", *argv);
addattrstrz(n, MAX_MSG, TCA_FLOWER_INDEV, *argv);
+ } else if (matches(*argv, "orig_ethtype") == 0) {
+ __be16 orig_ethtype;
+
+ NEXT_ARG();
+ if (ll_proto_a2n(&orig_ethtype, *argv))
+ invarg("invalid orig_ethtype", *argv);
+ addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ORIG_ETH_TYPE, orig_ethtype);
} else if (matches(*argv, "vlan_id") == 0) {
__u16 vid;
@@ -2582,6 +2589,16 @@ static int flower_print_opt(struct filter_util *qu, FILE *f,
rta_getattr_str(attr));
}
+ if (tb[TCA_FLOWER_KEY_ORIG_ETH_TYPE]) {
+ SPRINT_BUF(buf);
+ struct rtattr *attr = tb[TCA_FLOWER_KEY_ORIG_ETH_TYPE];
+
+ print_nl();
+ print_string(PRINT_ANY, "orig_ethtype", " orig_ethtype %s",
+ ll_proto_n2a(rta_getattr_u16(attr),
+ buf, sizeof(buf)));
+ }
+
open_json_object("keys");
if (tb[TCA_FLOWER_KEY_VLAN_ID]) {
--
2.29.2
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4221 bytes --]
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-08-30 8:09 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-30 8:08 [PATCH iproute2-next] flower: add orig_ethtype key Boris Sukholitko
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.