From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jamal Hadi Salim Subject: Re: [Patch net] net_sched: refetch skb protocol for each filter Date: Sat, 12 Jan 2019 10:41:24 -0500 Message-ID: <2c84f3cc-b1ad-5316-4813-e7e433bf9f5e@mojatatu.com> References: <20190112025542.397-1-xiyou.wangcong@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Cc: Martin Olsson , Jiri Pirko , Lucas Bates To: Cong Wang , netdev@vger.kernel.org Return-path: Received: from mail-it1-f175.google.com ([209.85.166.175]:40795 "EHLO mail-it1-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725842AbfALPl2 (ORCPT ); Sat, 12 Jan 2019 10:41:28 -0500 Received: by mail-it1-f175.google.com with SMTP id h193so6817253ita.5 for ; Sat, 12 Jan 2019 07:41:28 -0800 (PST) In-Reply-To: Content-Language: en-US Sender: netdev-owner@vger.kernel.org List-ID: On 2019-01-12 7:23 a.m., Jamal Hadi Salim wrote: > Do we have a test case for a setup like this in tdc? > i.e incoming tagged and then vlan popped by action? > Otherwise a test with IFE which resets the ethertype > would be sufficient i.e just something that will messup > with skb->protocol. And here is a slightly complex test with IFE. Wanted to show both reclassify and continue in play as well as something that change skb->protocol. I used VMs to test, but two hosts or two containers with veth between them will do. Martin, if you have the cycles please test this out. TLDR: Suspect is the vlan part. ----------- #Sender side egress setup. We are going to encode #all outgoing pings(icmp) to carry an skbmark 17 on the wire #and set the ethertype to 0xDEAD sudo $TC qdisc del dev $ETH root sudo $TC qdisc add dev $ETH root handle 1: prio sudo $TC filter add dev $ETH parent 1: protocol ip prio 10 u32 \ match ip protocol 1 0xff \ flowid 1:2 \ action skbedit mark 17 \ action ife encode type 0xDEAD allow mark #receiver side ingress setup sudo $TC qdisc del dev $ETH ingress sudo $TC qdisc add dev $ETH ingress #decapsulate based on skb proto and then #reclassify sudo $TC filter add dev $ETH parent ffff: prio 2 protocol 0xdead u32 \ match u32 0 0 flowid 1:1 action ife decode reclassify #match icmp sudo $TC filter add dev $ETH parent ffff: prio 4 protocol ip u32 \ match ip protocol 1 0xff flowid 1:1 action continue # #now classify based on mark 17 (hex 11). # sudo $TC filter add dev $ETH parent ffff: prio 5 protocol ip \ handle 0x11 fw flowid 1:1 \ action ok On sender side, send 10 pings to receiver. Now lets see the receiver stats: --------------- root@jhs-foobar:# uname -a Linux jhs-foobar 4.20.0-rc7+ #2 SMP Fri Jan 12 9:29:35 EST 2019 x86_64 x86_64 x86_64 GNU/Linux root@jhs-foobar:# $TC -s filter ls dev $ETH parent ffff: filter protocol [57005] pref 2 u32 filter protocol [57005] pref 2 u32 fh 800: ht divisor 1 filter protocol [57005] pref 2 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1 (rule hit 10 success 10) match 00000000/00000000 at 0 (success 10 ) action order 1: ife decode action reclassify type 0x0 allow mark allow prio index 1 ref 1 bind 1 installed 40 sec used 19 sec Action statistics: Sent 1080 bytes 10 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 filter protocol ip pref 4 u32 filter protocol ip pref 4 u32 fh 801: ht divisor 1 filter protocol ip pref 4 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 1:1 (rule hit 33 success 10) match 00010000/00ff0000 at 8 (success 10 ) action order 1: gact action continue random type none pass val 0 index 1 ref 1 bind 1 installed 40 sec used 19 sec Action statistics: Sent 1080 bytes 10 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 filter protocol ip pref 5 fw filter protocol ip pref 5 fw handle 0x11 classid 1:1 action order 1: gact action pass random type none pass val 0 index 2 ref 1 bind 1 installed 39 sec used 19 sec Action statistics: Sent 1080 bytes 10 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 --------------- As can be observed all the rules are hit as expected. cheers, jamal