[RFC PATCH iproute2-next 0/2] Add pcp-prio and new APPTRUST subcommand

[RFC PATCH iproute2-next 0/2] Add pcp-prio and new APPTRUST subcommand

[Daniel Machon]

This patch series implements the interfaces of the kernel side patch series:

https://lore.kernel.org/netdev/20220908120442.3069771-1-daniel.machon@microchip.com/#t

This is posted RFC as the kernel side is not ready to be merged yet.

- New pcp-prio parameter has been added to existing app subcommand.
- New apptrust subcommand with parameter trust-order has been added.

Patch #1 Introduces a new pcp-prio parameter to the app subcommand. This new
parameter uses the array parameter to map a pcp and dei value to priority.
The key is the PCP and DEI value in numerical and symbolic form, respectively.
Also dcb-app.8 man page has been extended to describe the new parameter.

Example:

Map PCP 1 and DEI 0 to priority 1
$ dcb app add dev eth0 pcp-prio 1:1

Map PCP 1 and DEI 1 to priority 1
$ dcb app add dev eth0 pcp-prio 1de:1

Patch #2 Introduces a new apptrust subcommand. This new subcommand has currently
one parameter: trust-order. It lets you specify a list of trusted selectors, in
order of precendence. Also a new dcb-apptrust.8 man page has been added, to
describe the ned subcommand and its parameter.

Example:

Trust selectors dscp and pcp, in that order:
$ dcb apptrust set dev eth0 dscp pcp

Trust selectors ethertype, stream and pcp, in that order
$ dcb apptrust set dev eth0 eth stream pcp

Show the trust order
$ dcb apptrust show dev eth0
trust-order: eth stream pcp

Both patches makes changes to the uapi dcbnl.h kernel header. Changes to kernel
headers is probably not dealt with this way?

Daniel Machon (2):
  dcb: add new pcp-prio parameter to dcb app
  dcb: add new subcommand for apptrust object

 dcb/Makefile               |   3 +-
 dcb/dcb.c                  |   4 +-
 dcb/dcb.h                  |   4 +
 dcb/dcb_app.c              |  70 ++++++++++++
 dcb/dcb_apptrust.c         | 216 +++++++++++++++++++++++++++++++++++++
 include/uapi/linux/dcbnl.h |  15 +++
 man/man8/dcb-app.8         |  25 +++++
 man/man8/dcb-apptrust.8    | 122 +++++++++++++++++++++
 8 files changed, 457 insertions(+), 2 deletions(-)
 create mode 100644 dcb/dcb_apptrust.c
 create mode 100644 man/man8/dcb-apptrust.8

-- 
2.34.1

[RFC PATCH iproute2-next 1/2] dcb: add new pcp-prio parameter to dcb app

[Daniel Machon]

Add new pcp-prio parameter to the app subcommand, to classify
traffic based on PCP and DEI.

The pcp-prio parameter makes use of the PCP selector to encode PCP and
DEI values in the protocol field of the app struct. Pcp-prio uses a
key:value mapping, where the key is a combination of numerical and
symbolic form. For example:

Map PCP 1 and DEI 0 to priority 1
$ dcb app add dev eth0 pcp-prio 1:1

Map PCP 1 and DEI 1 to priority 1
$ dcb app add dev eth0 pcp-prio 1de:1

Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
---
 dcb/dcb_app.c              | 70 ++++++++++++++++++++++++++++++++++++++
 include/uapi/linux/dcbnl.h |  1 +
 man/man8/dcb-app.8         | 25 ++++++++++++++
 3 files changed, 96 insertions(+)

diff --git a/dcb/dcb_app.c b/dcb/dcb_app.c
index dad34554..74195285 100644
--- a/dcb/dcb_app.c
+++ b/dcb/dcb_app.c
@@ -10,6 +10,11 @@
 #include "utils.h"
 #include "rt_names.h"
 
+static const char *const pcp_names[16] = {
+	"0",   "1",   "2",   "3",   "4",   "5",   "6",   "7",
+	"0de", "1de", "2de", "3de", "4de", "5de", "6de", "7de"
+};
+
 static void dcb_app_help_add(void)
 {
 	fprintf(stderr,
@@ -20,11 +25,13 @@ static void dcb_app_help_add(void)
 		"           [ dgram-port-prio PORT:PRIO ]\n"
 		"           [ port-prio PORT:PRIO ]\n"
 		"           [ dscp-prio INTEGER:PRIO ]\n"
+		"           [ pcp-prio INTEGER:PRIO ]\n"
 		"\n"
 		" where PRIO := { 0 .. 7 }\n"
 		"       ET := { 0x600 .. 0xffff }\n"
 		"       PORT := { 1 .. 65535 }\n"
 		"       DSCP := { 0 .. 63 }\n"
+		"       PCP := { 0(de) .. 7(de) }\n"
 		"\n"
 	);
 }
@@ -39,6 +46,7 @@ static void dcb_app_help_show_flush(void)
 		"           [ dgram-port-prio ]\n"
 		"           [ port-prio ]\n"
 		"           [ dscp-prio ]\n"
+		"           [ pcp-prio ]\n"
 		"\n"
 	);
 }
@@ -213,6 +221,32 @@ static int dcb_app_parse_mapping_ethtype_prio(__u32 key, char *value, void *data
 				 dcb_app_parse_mapping_cb, data);
 }
 
+static int dcb_app_parse_pcp(__u32 *key, const char *arg)
+{
+	int ret, res;
+
+	res = parse_one_of("pcp-names", arg, pcp_names,
+			   ARRAY_SIZE(pcp_names), &ret);
+	if (ret < 0)
+		return ret;
+
+	*key = res;
+
+	return 0;
+}
+
+static int dcb_app_parse_mapping_pcp_prio(__u32 key, char *value, void *data)
+{
+	__u8 prio;
+
+	if (get_u8(&prio, value, 0))
+		return -EINVAL;
+
+	return dcb_parse_mapping("PCP", key, 15,
+				 "PRIO", prio, IEEE_8021QAZ_MAX_TCS - 1,
+				 dcb_app_parse_mapping_cb, data);
+}
+
 static int dcb_app_parse_dscp(__u32 *key, const char *arg)
 {
 	if (parse_mapping_num_all(key, arg) == 0)
@@ -309,6 +343,11 @@ static bool dcb_app_is_dscp(const struct dcb_app *app)
 	return app->selector == IEEE_8021QAZ_APP_SEL_DSCP;
 }
 
+static bool dcb_app_is_pcp(const struct dcb_app *app)
+{
+	return app->selector == IEEE_8021QAZ_APP_SEL_PCP;
+}
+
 static bool dcb_app_is_stream_port(const struct dcb_app *app)
 {
 	return app->selector == IEEE_8021QAZ_APP_SEL_STREAM;
@@ -344,6 +383,14 @@ static int dcb_app_print_key_dscp(__u16 protocol)
 	return print_uint(PRINT_ANY, NULL, "%d:", protocol);
 }
 
+static int dcb_app_print_key_pcp(__u16 protocol)
+{
+	if (protocol > 15)
+		return -1;
+
+	return print_string(PRINT_ANY, NULL, "%s:", pcp_names[protocol]);
+}
+
 static void dcb_app_print_filtered(const struct dcb_app_table *tab,
 				   bool (*filter)(const struct dcb_app *),
 				   int (*print_key)(__u16 protocol),
@@ -382,6 +429,15 @@ static void dcb_app_print_ethtype_prio(const struct dcb_app_table *tab)
 			       "ethtype_prio", "ethtype-prio");
 }
 
+static void dcb_app_print_pcp_prio(const struct dcb *dcb,
+				   const struct dcb_app_table *tab)
+{
+	dcb_app_print_filtered(tab, dcb_app_is_pcp,
+			       dcb->numeric ? dcb_app_print_key_dec
+					    : dcb_app_print_key_pcp,
+			       "pcp_prio", "pcp-prio");
+}
+
 static void dcb_app_print_dscp_prio(const struct dcb *dcb,
 				    const struct dcb_app_table *tab)
 {
@@ -439,6 +495,7 @@ static void dcb_app_print(const struct dcb *dcb, const struct dcb_app_table *tab
 	dcb_app_print_stream_port_prio(tab);
 	dcb_app_print_dgram_port_prio(tab);
 	dcb_app_print_port_prio(tab);
+	dcb_app_print_pcp_prio(dcb, tab);
 }
 
 static int dcb_app_get_table_attr_cb(const struct nlattr *attr, void *data)
@@ -577,6 +634,12 @@ static int dcb_cmd_app_parse_add_del(struct dcb *dcb, const char *dev,
 			ret = parse_mapping(&argc, &argv, false,
 					    &dcb_app_parse_mapping_port_prio,
 					    &pm);
+		} else if (matches(*argv, "pcp-prio") == 0) {
+			NEXT_ARG();
+			pm.selector = IEEE_8021QAZ_APP_SEL_PCP;
+			ret = parse_mapping_gen(&argc, &argv, &dcb_app_parse_pcp,
+						&dcb_app_parse_mapping_pcp_prio,
+						&pm);
 		} else {
 			fprintf(stderr, "What is \"%s\"?\n", *argv);
 			dcb_app_help_add();
@@ -656,6 +719,8 @@ static int dcb_cmd_app_show(struct dcb *dcb, const char *dev, int argc, char **a
 			dcb_app_print_port_prio(&tab);
 		} else if (matches(*argv, "default-prio") == 0) {
 			dcb_app_print_default_prio(&tab);
+		} else if (matches(*argv, "pcp-prio") == 0) {
+			dcb_app_print_pcp_prio(dcb, &tab);
 		} else {
 			fprintf(stderr, "What is \"%s\"?\n", *argv);
 			dcb_app_help_show_flush();
@@ -705,6 +770,11 @@ static int dcb_cmd_app_flush(struct dcb *dcb, const char *dev, int argc, char **
 					      &dcb_app_is_dscp);
 			if (ret != 0)
 				goto out;
+		} else if (matches(*argv, "pcp-prio") == 0) {
+			ret = dcb_app_add_del(dcb, dev, DCB_CMD_IEEE_DEL, &tab,
+					      &dcb_app_is_pcp);
+			if (ret != 0)
+				goto out;
 		} else {
 			fprintf(stderr, "What is \"%s\"?\n", *argv);
 			dcb_app_help_show_flush();
diff --git a/include/uapi/linux/dcbnl.h b/include/uapi/linux/dcbnl.h
index a791a940..8eab16e5 100644
--- a/include/uapi/linux/dcbnl.h
+++ b/include/uapi/linux/dcbnl.h
@@ -217,6 +217,7 @@ struct cee_pfc {
 #define IEEE_8021QAZ_APP_SEL_DGRAM	3
 #define IEEE_8021QAZ_APP_SEL_ANY	4
 #define IEEE_8021QAZ_APP_SEL_DSCP       5
+#define IEEE_8021QAZ_APP_SEL_PCP	255
 
 /* This structure contains the IEEE 802.1Qaz APP managed object. This
  * object is also used for the CEE std as well.
diff --git a/man/man8/dcb-app.8 b/man/man8/dcb-app.8
index 9780fe4b..1b3bc307 100644
--- a/man/man8/dcb-app.8
+++ b/man/man8/dcb-app.8
@@ -23,6 +23,7 @@ the DCB (Data Center Bridging) subsystem
 .RB "[ " dgram-port-prio " ]"
 .RB "[ " port-prio " ]"
 .RB "[ " dscp-prio " ]"
+.RB "[ " pcp-prio " ]"
 
 .ti -8
 .B dcb ets " { " add " | " del " | " replace " } " dev
@@ -33,6 +34,7 @@ the DCB (Data Center Bridging) subsystem
 .RB "[ " dgram-port-prio " " \fIPORT-MAP\fB " ]"
 .RB "[ " port-prio " " \fIPORT-MAP\fB " ]"
 .RB "[ " dscp-prio " " \fIDSCP-MAP\fB " ]"
+.RB "[ " pcp-prio " " \fIPCP-MAP\fB " ]"
 
 .ti -8
 .IR PRIO-LIST " := [ " PRIO-LIST " ] " PRIO
@@ -64,6 +66,9 @@ the DCB (Data Center Bridging) subsystem
 .ti -8
 .IR DSCP " := { " \fB0\fR " .. " \fB63\fR " }"
 
+.ti -8
+.IR PCP " := { " \fB0\fR " .. " \fB7\fR " }"
+
 .ti -8
 .IR PRIO " := { " \fB0\fR " .. " \fB7\fR " }"
 
@@ -182,6 +187,16 @@ command line option
 .B -N
 turns the show translation off.
 
+.TP
+.B pcp-prio \fIPCP-MAP
+\fIPCP-MAP\fR uses the array parameter syntax, see
+.BR dcb (8)
+for details. Keys are PCP/DEI values. Values are priorities assigned to traffic
+with matching PCP and DEI. PCP/DEI values are written as a combination of numeric- and
+symbolic values, to accommodate for both PCP and DEI. PCP always in numerical form e.g
+1 .. 7 and DEI in symbolic form e.g 'de' indicating that the DEI bit is 1.
+In combination 2de:1 translates to a mapping of PCP 2 and DEI 1 to priority 1.
+
 .SH EXAMPLE & USAGE
 
 Prioritize traffic with DSCP 0 to priority 0, 24 to 3 and 48 to 6:
@@ -221,6 +236,16 @@ Flush all DSCP rules:
 .br
 (nothing)
 
+Add a rule to prioritize traffic with PCP 1 and DEI 0 to priority 1 and PCP 2
+and DEI 1 to priority 2:
+
+.P
+# dcb app add dev eth0 pcp-prio 1:1 2de:2
+.br
+# dcb app show dev eth0 pcp-prio
+.br
+pcp-prio 1:1 2de:2
+
 .SH EXIT STATUS
 Exit status is 0 if command was successful or a positive integer upon failure.
 
-- 
2.34.1

[RFC PATCH iproute2-next 2/2] dcb: add new subcommand for apptrust object

[Daniel Machon]

Add new apptrust subcommand for the apptrust extension object.

The apptrust command lets you specify a consecutive trust order of app
selectors, which can be used by drivers to determine if DSCP, PCP
or any other standard selector is trusted, and in which order.

Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
---
 dcb/Makefile               |   3 +-
 dcb/dcb.c                  |   4 +-
 dcb/dcb.h                  |   4 +
 dcb/dcb_apptrust.c         | 216 +++++++++++++++++++++++++++++++++++++
 include/uapi/linux/dcbnl.h |  14 +++
 man/man8/dcb-apptrust.8    | 122 +++++++++++++++++++++
 6 files changed, 361 insertions(+), 2 deletions(-)
 create mode 100644 dcb/dcb_apptrust.c
 create mode 100644 man/man8/dcb-apptrust.8

diff --git a/dcb/Makefile b/dcb/Makefile
index ca65d467..dd41a559 100644
--- a/dcb/Makefile
+++ b/dcb/Makefile
@@ -7,7 +7,8 @@ DCBOBJ = dcb.o \
          dcb_dcbx.o \
          dcb_ets.o \
          dcb_maxrate.o \
-         dcb_pfc.o
+         dcb_pfc.o \
+         dcb_apptrust.o
 TARGETS += dcb
 LDLIBS += -lm
 
diff --git a/dcb/dcb.c b/dcb/dcb.c
index 8d75ab0a..35acb237 100644
--- a/dcb/dcb.c
+++ b/dcb/dcb.c
@@ -469,7 +469,7 @@ static void dcb_help(void)
 	fprintf(stderr,
 		"Usage: dcb [ OPTIONS ] OBJECT { COMMAND | help }\n"
 		"       dcb [ -f | --force ] { -b | --batch } filename [ -n | --netns ] netnsname\n"
-		"where  OBJECT := { app | buffer | dcbx | ets | maxrate | pfc }\n"
+		"where  OBJECT := { app | apptrust | buffer | dcbx | ets | maxrate | pfc }\n"
 		"       OPTIONS := [ -V | --Version | -i | --iec | -j | --json\n"
 		"                  | -N | --Numeric | -p | --pretty\n"
 		"                  | -s | --statistics | -v | --verbose]\n");
@@ -482,6 +482,8 @@ static int dcb_cmd(struct dcb *dcb, int argc, char **argv)
 		return 0;
 	} else if (matches(*argv, "app") == 0) {
 		return dcb_cmd_app(dcb, argc - 1, argv + 1);
+	} else if (matches(*argv, "apptrust") == 0) {
+		return dcb_cmd_apptrust(dcb, argc - 1, argv + 1);
 	} else if (matches(*argv, "buffer") == 0) {
 		return dcb_cmd_buffer(dcb, argc - 1, argv + 1);
 	} else if (matches(*argv, "dcbx") == 0) {
diff --git a/dcb/dcb.h b/dcb/dcb.h
index 244c3d3c..e800b0f4 100644
--- a/dcb/dcb.h
+++ b/dcb/dcb.h
@@ -58,6 +58,10 @@ void dcb_print_array_kw(const __u8 *array, size_t array_size,
 
 int dcb_cmd_app(struct dcb *dcb, int argc, char **argv);
 
+/* dcb_apptrust.c */
+
+int dcb_cmd_apptrust(struct dcb *dcb, int argc, char **argv);
+
 /* dcb_buffer.c */
 
 int dcb_cmd_buffer(struct dcb *dcb, int argc, char **argv);
diff --git a/dcb/dcb_apptrust.c b/dcb/dcb_apptrust.c
new file mode 100644
index 00000000..0fe6cd76
--- /dev/null
+++ b/dcb/dcb_apptrust.c
@@ -0,0 +1,216 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+#include <errno.h>
+#include <linux/dcbnl.h>
+
+#include "dcb.h"
+#include "utils.h"
+
+static void dcb_apptrust_help_set(void)
+{
+	fprintf(stderr,
+		"Usage: dcb apptrust set dev STRING\n"
+		"	[ trust-order [ eth | stream | dgram | any | dscp | pcp ] ]\n"
+		"\n");
+}
+
+static void dcb_apptrust_help_show(void)
+{
+	fprintf(stderr, "Usage: dcb [ -i ] apptrust show dev STRING\n"
+			"           [ trust-order ]\n"
+			"\n");
+}
+
+static void dcb_apptrust_help(void)
+{
+	fprintf(stderr, "Usage: dcb apptrust help\n"
+			"\n");
+	dcb_apptrust_help_show();
+	dcb_apptrust_help_set();
+}
+
+static const char *const selector_names[] = {
+	[IEEE_8021QAZ_APP_SEL_ETHERTYPE] = "eth",
+	[IEEE_8021QAZ_APP_SEL_STREAM]    = "stream",
+	[IEEE_8021QAZ_APP_SEL_DGRAM]     = "dgram",
+	[IEEE_8021QAZ_APP_SEL_ANY]       = "any",
+	[IEEE_8021QAZ_APP_SEL_DSCP]      = "dscp",
+	[IEEE_8021QAZ_APP_SEL_PCP]       = "pcp",
+};
+
+static void dcb_apptrust_print(const struct ieee_apptrust *trust)
+{
+	const char *str;
+	__u8 sel;
+	int i;
+
+	open_json_array(PRINT_JSON, "trust_order");
+	print_string(PRINT_FP, NULL, "trust-order: ", NULL);
+
+	for (i = 0; i < trust->num; i++) {
+		sel = trust->order[i];
+		str = selector_names[sel];
+		print_string(PRINT_ANY, NULL, "%s ", str);
+	}
+	print_nl();
+
+	close_json_array(PRINT_JSON, "trust_order");
+}
+
+static int dcb_apptrust_get(struct dcb *dcb, const char *dev,
+			    struct ieee_apptrust *trust)
+{
+	return dcb_get_attribute(dcb, dev, DCB_ATTR_IEEE_APP_TRUST, trust,
+				 sizeof(*trust));
+}
+
+static int dcb_apptrust_set(struct dcb *dcb, const char *dev,
+			    const struct ieee_apptrust *trust)
+{
+	return dcb_set_attribute(dcb, dev, DCB_ATTR_IEEE_APP_TRUST, trust,
+				 sizeof(*trust));
+}
+
+static bool dcb_apptrust_contains(const struct ieee_apptrust *trust, __u8 sel)
+{
+	int i;
+
+	for (i = 0; i < trust->num; i++)
+		if (trust->order[i] == sel)
+			return true;
+
+	return false;
+}
+
+static int dcb_apptrust_parse_selector_list(int *argcp, char ***argvp,
+					    struct ieee_apptrust *trust)
+{
+	char **argv = *argvp;
+	int argc = *argcp;
+	__u8 sel;
+	int ret;
+
+	NEXT_ARG_FWD();
+
+	/* No trusted selectors ? */
+	if (argc == 0)
+		goto out;
+
+	while (argc > 0) {
+		sel = parse_one_of("trust-order", *argv, selector_names,
+				   ARRAY_SIZE(selector_names), &ret);
+		if (ret < 0)
+			return -EINVAL;
+
+		if (trust->num > IEEE_8021QAZ_APP_SEL_MAX)
+			return -ERANGE;
+
+		if (dcb_apptrust_contains(trust, sel)) {
+			fprintf(stderr, "Duplicate selector: %s\n",
+				selector_names[sel]);
+			return -EINVAL;
+		}
+
+		trust->order[trust->num++] = sel;
+
+		NEXT_ARG_FWD();
+	}
+
+out:
+	*argcp = argc;
+	*argvp = argv;
+
+	return 0;
+}
+
+static int dcb_cmd_apptrust_set(struct dcb *dcb, const char *dev, int argc,
+				char **argv)
+{
+	struct ieee_apptrust trust = {0};
+	int ret;
+
+	if (!argc) {
+		dcb_apptrust_help_set();
+		return 0;
+	}
+
+	do {
+		if (matches(*argv, "help") == 0) {
+			dcb_apptrust_help_set();
+			return 0;
+		} else if (matches(*argv, "trust-order") == 0) {
+			ret = dcb_apptrust_parse_selector_list(&argc, &argv,
+							       &trust);
+			if (ret < 0) {
+				fprintf(stderr, "Invalid list of selectors\n");
+				return -EINVAL;
+			}
+			continue;
+		} else {
+			fprintf(stderr, "What is \"%s\"?\n", *argv);
+			dcb_apptrust_help_set();
+			return -EINVAL;
+		}
+
+		NEXT_ARG_FWD();
+	} while (argc > 0);
+
+	return dcb_apptrust_set(dcb, dev, &trust);
+}
+
+static int dcb_cmd_apptrust_show(struct dcb *dcb, const char *dev, int argc,
+				 char **argv)
+{
+	struct ieee_apptrust trust = {0};
+	int ret;
+
+	ret = dcb_apptrust_get(dcb, dev, &trust);
+	if (ret)
+		return ret;
+
+	open_json_object(NULL);
+
+	if (!argc) {
+		dcb_apptrust_help();
+		goto out;
+	}
+
+	do {
+		if (matches(*argv, "help") == 0) {
+			dcb_apptrust_help_show();
+			return 0;
+		} else if (matches(*argv, "trust-order") == 0) {
+			dcb_apptrust_print(&trust);
+		} else {
+			fprintf(stderr, "What is \"%s\"?\n", *argv);
+			dcb_apptrust_help_show();
+			return -EINVAL;
+		}
+
+		NEXT_ARG_FWD();
+	} while (argc > 0);
+
+out:
+	close_json_object();
+	return 0;
+}
+
+int dcb_cmd_apptrust(struct dcb *dcb, int argc, char **argv)
+{
+	if (!argc || matches(*argv, "help") == 0) {
+		dcb_apptrust_help();
+		return 0;
+	} else if (matches(*argv, "show") == 0) {
+		NEXT_ARG_FWD();
+		return dcb_cmd_parse_dev(dcb, argc, argv, dcb_cmd_apptrust_show,
+					 dcb_apptrust_help_show);
+	} else if (matches(*argv, "set") == 0) {
+		NEXT_ARG_FWD();
+		return dcb_cmd_parse_dev(dcb, argc, argv, dcb_cmd_apptrust_set,
+					 dcb_apptrust_help_set);
+	} else {
+		fprintf(stderr, "What is \"%s\"?\n", *argv);
+		dcb_apptrust_help();
+		return -EINVAL;
+	}
+}
diff --git a/include/uapi/linux/dcbnl.h b/include/uapi/linux/dcbnl.h
index 8eab16e5..833466de 100644
--- a/include/uapi/linux/dcbnl.h
+++ b/include/uapi/linux/dcbnl.h
@@ -248,6 +248,19 @@ struct dcb_app {
 	__u16	protocol;
 };
 
+#define IEEE_8021QAZ_APP_SEL_MAX 255
+
+/* This structure contains trust order extension to the IEEE 802.1Qaz APP
+ * managed object.
+ *
+ * @order: contains trust ordering of selector values for the IEEE 802.1Qaz
+ *               APP managed object. Lower indexes has higher trust.
+ */
+struct ieee_apptrust {
+	__u8 num;
+	__u8 order[IEEE_8021QAZ_APP_SEL_MAX];
+};
+
 /**
  * struct dcb_peer_app_info - APP feature information sent by the peer
  *
@@ -419,6 +432,7 @@ enum ieee_attrs {
 	DCB_ATTR_IEEE_QCN,
 	DCB_ATTR_IEEE_QCN_STATS,
 	DCB_ATTR_DCB_BUFFER,
+	DCB_ATTR_IEEE_APP_TRUST,
 	__DCB_ATTR_IEEE_MAX
 };
 #define DCB_ATTR_IEEE_MAX (__DCB_ATTR_IEEE_MAX - 1)
diff --git a/man/man8/dcb-apptrust.8 b/man/man8/dcb-apptrust.8
new file mode 100644
index 00000000..b0d9a571
--- /dev/null
+++ b/man/man8/dcb-apptrust.8
@@ -0,0 +1,122 @@
+.TH DCB-APPTRUST 8 "5 September 2022" "iproute2" "Linux"
+.SH NAME
+dcb-apptrust \- show / manipulate the trust and trust order of the application
+priority table of the DCB (Data Center Bridging) subsystem
+.SH SYNOPSIS
+.sp
+.ad l
+.in +8
+
+.ti -8
+.B dcb
+.RI "[ " OPTIONS " ] "
+.B apptrust
+.RI "{ " COMMAND " | " help " }"
+.sp
+
+.ti -8
+.B dcb apptrust show dev
+.RI DEV
+
+.ti -8
+.B dcb apptrust set dev
+.RI DEV
+.RB "[ " eth " ]"
+.RB "[ " stream " ]"
+.RB "[ " dgram " ]"
+.RB "[ " any " ]"
+.RB "[ " dscp " ]"
+.RB "[ " pcp " ]"
+
+.SH DESCRIPTION
+
+.B dcb apptrust
+is used to configure and inspect the trust and trust order of the Application
+Priority Table, see
+.BR dcb-app (8)
+for details on how to configure app table entries.
+
+.SH COMMANDS
+
+.TP
+.B show
+Display all trusted selectors
+
+.TP
+.B set
+Set new list of trusted selectors. Empty list is effectively the same as
+removing trust entirely.
+
+.SH PARAMETERS
+
+The following describes only the write direction, i.e. as used with the
+\fBset\fR command. For the \fBshow\fR command, the parameter name is to be used
+as a simple keyword without further arguments. This instructs the tool to show
+the values of a given parameter.
+
+.TP
+.B trust-order \fISELECTOR-NAMES
+\fISELECTOR-NAMES\fR is a space-seperated list selector names:\fR
+
+.TP
+.TQ
+.B eth
+Trust EtherType
+
+.TP
+.TQ
+.B stream
+Trust TCP, or Stream Control Transmission Protocol (SCTP).
+
+.TP
+.TQ
+.B dgram
+Trust UDP, or Datagram Congestion Control Protocol (DCCP).
+
+.TP
+.TQ
+.B any
+Trust TCP, SCTP, UDP, or DCCP.
+
+.TP
+.TQ
+.B dscp
+Trust Differentiated Services Code Point (DSCP) values.
+
+.TP
+.TQ
+.B pcp
+Trust Priority Code Point/Drop Eligible Indicator (PCP/DEI).
+
+
+.SH EXAMPLE & USAGE
+
+Set trust order to: dscp, pcp for eth0:
+.P
+# dcb apptrust set dev eth0 trust-order dscp pcp
+
+Set trust order to: any (stream or dgram), pcp, eth for eth1:
+.P
+# dcb apptrust set dev eth1 trust-order any pcp eth
+
+Show what was set:
+
+.P
+# dcb apptrust show dev eth0
+.br
+trust-order: any pcp eth
+
+.SH EXIT STATUS
+Exit status is 0 if command was successful or a positive integer upon failure.
+
+.SH SEE ALSO
+.BR dcb (8)
+
+.SH REPORTING BUGS
+Report any bugs to the Network Developers mailing list
+.B <netdev@vger.kernel.org>
+where the development and maintenance is primarily done.
+You do not have to be subscribed to the list to send a message there.
+
+.SH AUTHOR
+Daniel Machon <daniel.machon@microchip.com>
-- 
2.34.1

Re: [RFC PATCH iproute2-next 2/2] dcb: add new subcommand for apptrust object

[Stephen Hemminger]

On Fri, 9 Sep 2022 12:37:01 +0200
Daniel Machon <daniel.machon@microchip.com> wrote:

>  	} else if (matches(*argv, "app") == 0) {
>  		return dcb_cmd_app(dcb, argc - 1, argv + 1);
> +	} else if (matches(*argv, "apptrust") == 0) {
> +		return dcb_cmd_apptrust(dcb, argc - 1, argv + 1);
>  	} else if (matches(*argv, "buffer") == 0) {

Yet another example of why matches() is bad.

Perhaps this should be named trust instead of apptrust.

Re: [RFC PATCH iproute2-next 2/2] dcb: add new subcommand for apptrust object

[Daniel.Machon]

Den Fri, Sep 09, 2022 at 08:06:31AM -0700 skrev Stephen Hemminger:
> [You don't often get email from stephen@networkplumber.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
> 
> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
> 
> On Fri, 9 Sep 2022 12:37:01 +0200
> Daniel Machon <daniel.machon@microchip.com> wrote:
> 
> >       } else if (matches(*argv, "app") == 0) {
> >               return dcb_cmd_app(dcb, argc - 1, argv + 1);
> > +     } else if (matches(*argv, "apptrust") == 0) {
> > +             return dcb_cmd_apptrust(dcb, argc - 1, argv + 1);
> >       } else if (matches(*argv, "buffer") == 0) {
> 
> Yet another example of why matches() is bad.
> 
> Perhaps this should be named trust instead of apptrust.

Hah, that slipped my mind.

Obviously this wont do. Will have to come up with some different naming 
in an eventual non-RFC patch.

Re: [RFC PATCH iproute2-next 2/2] dcb: add new subcommand for apptrust object

[Petr Machata]

<Daniel.Machon@microchip.com> writes:

> Den Fri, Sep 09, 2022 at 08:06:31AM -0700 skrev Stephen Hemminger:
>> [You don't often get email from stephen@networkplumber.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
>> 
>> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
>> 
>> On Fri, 9 Sep 2022 12:37:01 +0200
>> Daniel Machon <daniel.machon@microchip.com> wrote:
>> 
>> >       } else if (matches(*argv, "app") == 0) {
>> >               return dcb_cmd_app(dcb, argc - 1, argv + 1);
>> > +     } else if (matches(*argv, "apptrust") == 0) {
>> > +             return dcb_cmd_apptrust(dcb, argc - 1, argv + 1);
>> >       } else if (matches(*argv, "buffer") == 0) {
>> 
>> Yet another example of why matches() is bad.
>> 
>> Perhaps this should be named trust instead of apptrust.
>
> Hah, that slipped my mind.
>
> Obviously this wont do. Will have to come up with some different naming 
> in an eventual non-RFC patch.

Wait, this doesn't change anything, does it? "a", "ap" and "app"
previously referred to dcb_cmd_app, which they still do with the patch.
"appt" etc. were previously rejected, now refer to apptrust.

I've been known to miss issues in this area in the past, and for that
reason agree with the sentiment on matches(). But what problem does this
patch introduce?

And yeah, +1 for "trust".