[PATCH net-next v2 0/5] net/sched: flower: match on the number of vlan tags

[PATCH net-next v2 0/5] net/sched: flower: match on the number of vlan tags

[Boris Sukholitko]

[-- Attachment #1: Type: text/plain, Size: 1941 bytes --]

Hi,

Our customers in the fiber telecom world have network configurations
where they would like to control their traffic according to the number
of tags appearing in the packet.

For example, TR247 GPON conformance test suite specification mostly
talks about untagged, single, double tagged packets and gives lax
guidelines on the vlan protocol vs. number of vlan tags.

This is different from the common IT networks where 802.1Q and 802.1ad
protocols are usually describe single and double tagged packet. GPON
configurations that we work with have arbitrary mix the above protocols
and number of vlan tags in the packet.

The following patch series implement number of vlans flower filter. They
add num_of_vlans flower filter as an alternative to vlan ethtype protocol
matching. The end result is that the following command becomes possible:

tc filter add dev eth1 ingress flower \
  num_of_vlans 1 vlan_prio 5 action drop

More about the patch series:
  - patches 1-2 remove duplicate code by introducing is_key_vlan
    helper.
  - patch 3, 4 implement num_of_vlans in the dissector and in the
    flower.
  - patch 5 uses the num_of_vlans filter to allow further matching on
    vlan attributes.

Complementary iproute2 patches are being sent separately.

Thanks,
Boris.

- v2:
    - add suitable subject prefixes
    - more evolved patch 5 description

Boris Sukholitko (5):
  net/sched: flower: Helper function for vlan ethtype checks
  net/sched: flower: Reduce identation after is_key_vlan refactoring
  flow_dissector: Add number of vlan tags dissector
  net/sched: flower: Add number of vlan tags filter
  net/sched: flower: Consider the number of tags for vlan filters

 include/net/flow_dissector.h |  9 ++++
 include/uapi/linux/pkt_cls.h |  2 +
 net/core/flow_dissector.c    | 20 +++++++++
 net/sched/cls_flower.c       | 86 +++++++++++++++++++++++-------------
 4 files changed, 86 insertions(+), 31 deletions(-)

-- 
2.29.2


[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4221 bytes --]

[PATCH net-next v2 1/5] net/sched: flower: Helper function for vlan ethtype checks

[Boris Sukholitko]

[-- Attachment #1: Type: text/plain, Size: 2442 bytes --]

There are somewhat repetitive ethertype checks in fl_set_key. Refactor
them into is_vlan_key helper function.

To make the changes clearer, avoid touching identation levels. This is
the job for the next patch in the series.

Signed-off-by: Boris Sukholitko <boris.sukholitko@broadcom.com>
---
 net/sched/cls_flower.c | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index 87e030dfc328..9a9b7849e657 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -1573,6 +1573,21 @@ static int fl_set_key_ct(struct nlattr **tb,
 	return 0;
 }
 
+static bool is_vlan_key(struct nlattr *tb, __be16 *ethertype,
+			struct fl_flow_key *key, struct fl_flow_key *mask)
+{
+	if (!tb)
+		return false;
+
+	*ethertype = nla_get_be16(tb);
+	if (eth_type_vlan(*ethertype))
+		return true;
+
+	key->basic.n_proto = *ethertype;
+	mask->basic.n_proto = cpu_to_be16(~0);
+	return false;
+}
+
 static int fl_set_key(struct net *net, struct nlattr **tb,
 		      struct fl_flow_key *key, struct fl_flow_key *mask,
 		      struct netlink_ext_ack *extack)
@@ -1595,17 +1610,12 @@ static int fl_set_key(struct net *net, struct nlattr **tb,
 		       mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
 		       sizeof(key->eth.src));
 
-	if (tb[TCA_FLOWER_KEY_ETH_TYPE]) {
-		ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]);
-
-		if (eth_type_vlan(ethertype)) {
+	if (is_vlan_key(tb[TCA_FLOWER_KEY_ETH_TYPE], &ethertype, key, mask)) {
 			fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
 					TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan,
 					&mask->vlan);
 
-			if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) {
-				ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]);
-				if (eth_type_vlan(ethertype)) {
+			if (is_vlan_key(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE], &ethertype, key, mask)) {
 					fl_set_key_vlan(tb, ethertype,
 							TCA_FLOWER_KEY_CVLAN_ID,
 							TCA_FLOWER_KEY_CVLAN_PRIO,
@@ -1615,15 +1625,7 @@ static int fl_set_key(struct net *net, struct nlattr **tb,
 						       &mask->basic.n_proto,
 						       TCA_FLOWER_UNSPEC,
 						       sizeof(key->basic.n_proto));
-				} else {
-					key->basic.n_proto = ethertype;
-					mask->basic.n_proto = cpu_to_be16(~0);
-				}
 			}
-		} else {
-			key->basic.n_proto = ethertype;
-			mask->basic.n_proto = cpu_to_be16(~0);
-		}
 	}
 
 	if (key->basic.n_proto == htons(ETH_P_IP) ||
-- 
2.29.2


[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4221 bytes --]

[PATCH net-next v2 2/5] net/sched: flower: Reduce identation after is_key_vlan refactoring

[Boris Sukholitko]

[-- Attachment #1: Type: text/plain, Size: 1700 bytes --]

Whitespace only.

Signed-off-by: Boris Sukholitko <boris.sukholitko@broadcom.com>
---
 net/sched/cls_flower.c | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index 9a9b7849e657..8725aa1bb21e 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -1611,21 +1611,21 @@ static int fl_set_key(struct net *net, struct nlattr **tb,
 		       sizeof(key->eth.src));
 
 	if (is_vlan_key(tb[TCA_FLOWER_KEY_ETH_TYPE], &ethertype, key, mask)) {
-			fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
-					TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan,
-					&mask->vlan);
-
-			if (is_vlan_key(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE], &ethertype, key, mask)) {
-					fl_set_key_vlan(tb, ethertype,
-							TCA_FLOWER_KEY_CVLAN_ID,
-							TCA_FLOWER_KEY_CVLAN_PRIO,
-							&key->cvlan, &mask->cvlan);
-					fl_set_key_val(tb, &key->basic.n_proto,
-						       TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
-						       &mask->basic.n_proto,
-						       TCA_FLOWER_UNSPEC,
-						       sizeof(key->basic.n_proto));
-			}
+		fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
+				TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan,
+				&mask->vlan);
+
+		if (is_vlan_key(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE], &ethertype, key, mask)) {
+			fl_set_key_vlan(tb, ethertype,
+					TCA_FLOWER_KEY_CVLAN_ID,
+					TCA_FLOWER_KEY_CVLAN_PRIO,
+					&key->cvlan, &mask->cvlan);
+			fl_set_key_val(tb, &key->basic.n_proto,
+				       TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
+				       &mask->basic.n_proto,
+				       TCA_FLOWER_UNSPEC,
+				       sizeof(key->basic.n_proto));
+		}
 	}
 
 	if (key->basic.n_proto == htons(ETH_P_IP) ||
-- 
2.29.2


[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4221 bytes --]

[PATCH net-next v2 3/5] flow_dissector: Add number of vlan tags dissector

[Boris Sukholitko]

[-- Attachment #1: Type: text/plain, Size: 3126 bytes --]

Our customers in the fiber telecom world have network configurations
where they would like to control their traffic according to the number
of tags appearing in the packet.

For example, TR247 GPON conformance test suite specification mostly
talks about untagged, single, double tagged packets and gives lax
guidelines on the vlan protocol vs. number of vlan tags.

This is different from the common IT networks where 802.1Q and 802.1ad
protocols are usually describe single and double tagged packet. GPON
configurations that we work with have arbitrary mix the above protocols
and number of vlan tags in the packet.

This new dissector allows extracting the number of vlan tags existing in
the packet.

Signed-off-by: Boris Sukholitko <boris.sukholitko@broadcom.com>
---
 include/net/flow_dissector.h |  9 +++++++++
 net/core/flow_dissector.c    | 20 ++++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
index aa33e1092e2c..10b83e03af01 100644
--- a/include/net/flow_dissector.h
+++ b/include/net/flow_dissector.h
@@ -251,6 +251,14 @@ struct flow_dissector_key_hash {
 	u32 hash;
 };
 
+/**
+ * struct flow_dissector_key_num_of_vlans:
+ * @num_of_vlans: num_of_vlans value
+ */
+struct flow_dissector_key_num_of_vlans {
+	u8 num_of_vlans;
+};
+
 enum flow_dissector_key_id {
 	FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */
 	FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */
@@ -280,6 +288,7 @@ enum flow_dissector_key_id {
 	FLOW_DISSECTOR_KEY_META, /* struct flow_dissector_key_meta */
 	FLOW_DISSECTOR_KEY_CT, /* struct flow_dissector_key_ct */
 	FLOW_DISSECTOR_KEY_HASH, /* struct flow_dissector_key_hash */
+	FLOW_DISSECTOR_KEY_NUM_OF_VLANS, /* struct flow_dissector_key_num_of_vlans */
 
 	FLOW_DISSECTOR_KEY_MAX,
 };
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 03b6e649c428..19015289c2eb 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -1035,6 +1035,16 @@ bool __skb_flow_dissect(const struct net *net,
 		memcpy(key_eth_addrs, &eth->h_dest, sizeof(*key_eth_addrs));
 	}
 
+	if (dissector_uses_key(flow_dissector,
+			       FLOW_DISSECTOR_KEY_NUM_OF_VLANS)) {
+		struct flow_dissector_key_num_of_vlans *key_num_of_vlans;
+
+		key_num_of_vlans = skb_flow_dissector_target(flow_dissector,
+							     FLOW_DISSECTOR_KEY_NUM_OF_VLANS,
+							     target_container);
+		key_num_of_vlans->num_of_vlans = 0;
+	}
+
 proto_again:
 	fdret = FLOW_DISSECT_RET_CONTINUE;
 
@@ -1158,6 +1168,16 @@ bool __skb_flow_dissect(const struct net *net,
 			nhoff += sizeof(*vlan);
 		}
 
+		if (dissector_uses_key(flow_dissector,
+				       FLOW_DISSECTOR_KEY_NUM_OF_VLANS)) {
+			struct flow_dissector_key_num_of_vlans *key_nvs;
+
+			key_nvs = skb_flow_dissector_target(flow_dissector,
+							    FLOW_DISSECTOR_KEY_NUM_OF_VLANS,
+							    target_container);
+			key_nvs->num_of_vlans++;
+		}
+
 		if (dissector_vlan == FLOW_DISSECTOR_KEY_MAX) {
 			dissector_vlan = FLOW_DISSECTOR_KEY_VLAN;
 		} else if (dissector_vlan == FLOW_DISSECTOR_KEY_VLAN) {
-- 
2.29.2


[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4221 bytes --]

[PATCH net-next v2 4/5] net/sched: flower: Add number of vlan tags filter

[Boris Sukholitko]

[-- Attachment #1: Type: text/plain, Size: 2697 bytes --]

These are bookkeeping parts of the new num_of_vlans filter.
Defines, dump, load and set are being done here.

Signed-off-by: Boris Sukholitko <boris.sukholitko@broadcom.com>
---
 include/uapi/linux/pkt_cls.h |  2 ++
 net/sched/cls_flower.c       | 14 ++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h
index 404f97fb239c..9a2ee1e39fad 100644
--- a/include/uapi/linux/pkt_cls.h
+++ b/include/uapi/linux/pkt_cls.h
@@ -587,6 +587,8 @@ enum {
 	TCA_FLOWER_KEY_HASH,		/* u32 */
 	TCA_FLOWER_KEY_HASH_MASK,	/* u32 */
 
+	TCA_FLOWER_KEY_NUM_OF_VLANS,    /* u8 */
+
 	__TCA_FLOWER_MAX,
 };
 
diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index 8725aa1bb21e..fafb74198c8d 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -72,6 +72,7 @@ struct fl_flow_key {
 	} tp_range;
 	struct flow_dissector_key_ct ct;
 	struct flow_dissector_key_hash hash;
+	struct flow_dissector_key_num_of_vlans num_of_vlans;
 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
 
 struct fl_flow_mask_range {
@@ -712,6 +713,7 @@ static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
 	[TCA_FLOWER_FLAGS]		= { .type = NLA_U32 },
 	[TCA_FLOWER_KEY_HASH]		= { .type = NLA_U32 },
 	[TCA_FLOWER_KEY_HASH_MASK]	= { .type = NLA_U32 },
+	[TCA_FLOWER_KEY_NUM_OF_VLANS]	= { .type = NLA_U8 },
 
 };
 
@@ -1609,6 +1611,11 @@ static int fl_set_key(struct net *net, struct nlattr **tb,
 	fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
 		       mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
 		       sizeof(key->eth.src));
+	fl_set_key_val(tb, &key->num_of_vlans,
+		       TCA_FLOWER_KEY_NUM_OF_VLANS,
+		       &mask->num_of_vlans,
+		       TCA_FLOWER_UNSPEC,
+		       sizeof(key->num_of_vlans));
 
 	if (is_vlan_key(tb[TCA_FLOWER_KEY_ETH_TYPE], &ethertype, key, mask)) {
 		fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
@@ -1898,6 +1905,8 @@ static void fl_init_dissector(struct flow_dissector *dissector,
 			     FLOW_DISSECTOR_KEY_CT, ct);
 	FL_KEY_SET_IF_MASKED(mask, keys, cnt,
 			     FLOW_DISSECTOR_KEY_HASH, hash);
+	FL_KEY_SET_IF_MASKED(mask, keys, cnt,
+			     FLOW_DISSECTOR_KEY_NUM_OF_VLANS, num_of_vlans);
 
 	skb_flow_dissector_init(dissector, keys, cnt);
 }
@@ -2986,6 +2995,11 @@ static int fl_dump_key(struct sk_buff *skb, struct net *net,
 			    sizeof(key->basic.n_proto)))
 		goto nla_put_failure;
 
+	if (mask->num_of_vlans.num_of_vlans) {
+		if (nla_put_u8(skb, TCA_FLOWER_KEY_NUM_OF_VLANS, key->num_of_vlans.num_of_vlans))
+			goto nla_put_failure;
+	}
+
 	if (fl_dump_key_mpls(skb, &key->mpls, &mask->mpls))
 		goto nla_put_failure;
 
-- 
2.29.2


[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4221 bytes --]

[PATCH net-next v2 5/5] net/sched: flower: Consider the number of tags for vlan filters

[Boris Sukholitko]

[-- Attachment #1: Type: text/plain, Size: 2870 bytes --]

Currently the existence of vlan filters is conditional on the vlan
protocol being matched in the tc rule. I.e. the following rule:

tc filter add dev eth1 ingress flower vlan_prio 5

is illegal because we lack protocol 802.1q in the rule.

Having the num_of_vlans filter configured removes this restriction. The
following rule becomes ok:

tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5

because we know that the packet is single tagged.

We achieve the above by having is_vlan_key helper look at the number of
vlans in addition to the vlan ethertype. Outer tag vlan filters (e.g.
vlan_prio) require the number of vlan tags be greater than 0. Inner
filters (e.g. cvlan_prio) require the number of vlan tags be greater
than 1.

Number of vlans filter may cause ethertype to be set to 0. Check this in
fl_set_key_vlan.

Signed-off-by: Boris Sukholitko <boris.sukholitko@broadcom.com>
---
 net/sched/cls_flower.c | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index fafb74198c8d..9bf15b44292c 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -1029,8 +1029,10 @@ static void fl_set_key_vlan(struct nlattr **tb,
 			VLAN_PRIORITY_MASK;
 		key_mask->vlan_priority = VLAN_PRIORITY_MASK;
 	}
-	key_val->vlan_tpid = ethertype;
-	key_mask->vlan_tpid = cpu_to_be16(~0);
+	if (ethertype) {
+		key_val->vlan_tpid = ethertype;
+		key_mask->vlan_tpid = cpu_to_be16(~0);
+	}
 }
 
 static void fl_set_key_flag(u32 flower_key, u32 flower_mask,
@@ -1576,13 +1578,18 @@ static int fl_set_key_ct(struct nlattr **tb,
 }
 
 static bool is_vlan_key(struct nlattr *tb, __be16 *ethertype,
-			struct fl_flow_key *key, struct fl_flow_key *mask)
+			struct fl_flow_key *key, struct fl_flow_key *mask,
+			int vthresh)
 {
-	if (!tb)
-		return false;
+	const bool good_num_of_vlans = key->num_of_vlans.num_of_vlans > vthresh;
+
+	if (!tb) {
+		*ethertype = 0;
+		return good_num_of_vlans;
+	}
 
 	*ethertype = nla_get_be16(tb);
-	if (eth_type_vlan(*ethertype))
+	if (good_num_of_vlans || eth_type_vlan(*ethertype))
 		return true;
 
 	key->basic.n_proto = *ethertype;
@@ -1617,12 +1624,13 @@ static int fl_set_key(struct net *net, struct nlattr **tb,
 		       TCA_FLOWER_UNSPEC,
 		       sizeof(key->num_of_vlans));
 
-	if (is_vlan_key(tb[TCA_FLOWER_KEY_ETH_TYPE], &ethertype, key, mask)) {
+	if (is_vlan_key(tb[TCA_FLOWER_KEY_ETH_TYPE], &ethertype, key, mask, 0)) {
 		fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
 				TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan,
 				&mask->vlan);
 
-		if (is_vlan_key(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE], &ethertype, key, mask)) {
+		if (is_vlan_key(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE],
+				&ethertype, key, mask, 1)) {
 			fl_set_key_vlan(tb, ethertype,
 					TCA_FLOWER_KEY_CVLAN_ID,
 					TCA_FLOWER_KEY_CVLAN_PRIO,
-- 
2.29.2


[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4221 bytes --]

Re: [PATCH net-next v2 5/5] net/sched: flower: Consider the number of tags for vlan filters

[Jiri Pirko]

Tue, Apr 12, 2022 at 12:02:36PM CEST, boris.sukholitko@broadcom.com wrote:
>Currently the existence of vlan filters is conditional on the vlan
>protocol being matched in the tc rule. I.e. the following rule:
>
>tc filter add dev eth1 ingress flower vlan_prio 5
>
>is illegal because we lack protocol 802.1q in the rule.
>
>Having the num_of_vlans filter configured removes this restriction. The
>following rule becomes ok:
>
>tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>
>because we know that the packet is single tagged.
>
>We achieve the above by having is_vlan_key helper look at the number of

Sorry to be a nitpicker, but who's "we"? When I read the patch
description, I need to understand clearly what the patch is doing, which
is not this case. You suppose to command the codebase what to do.
I fail to see that :/


>vlans in addition to the vlan ethertype. Outer tag vlan filters (e.g.
>vlan_prio) require the number of vlan tags be greater than 0. Inner
>filters (e.g. cvlan_prio) require the number of vlan tags be greater
>than 1.
>
>Number of vlans filter may cause ethertype to be set to 0. Check this in
>fl_set_key_vlan.
>

Re: [PATCH net-next v2 5/5] net/sched: flower: Consider the number of tags for vlan filters

[Boris Sukholitko]

[-- Attachment #1: Type: text/plain, Size: 2471 bytes --]

On Tue, Apr 12, 2022 at 01:09:35PM +0200, Jiri Pirko wrote:
> Tue, Apr 12, 2022 at 12:02:36PM CEST, boris.sukholitko@broadcom.com wrote:
> >Currently the existence of vlan filters is conditional on the vlan
> >protocol being matched in the tc rule. I.e. the following rule:
> >
> >tc filter add dev eth1 ingress flower vlan_prio 5
> >
> >is illegal because we lack protocol 802.1q in the rule.
> >
> >Having the num_of_vlans filter configured removes this restriction. The
> >following rule becomes ok:
> >
> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >
> >because we know that the packet is single tagged.
> >
> >We achieve the above by having is_vlan_key helper look at the number of
> 
> Sorry to be a nitpicker, but who's "we"? When I read the patch
> description, I need to understand clearly what the patch is doing, which
> is not this case. You suppose to command the codebase what to do.
> I fail to see that :/
> 
> 

What do you think of the following description? The description consists
of two parts: the first provides motivation for the patch, the second is
the way the motivation is implemented. I've judiciously edited out the
"we"-word. :)

<description>

Currently the existence of vlan filters is conditional on the vlan
protocol being matched in the tc rule. I.e. the following rule:

tc filter add dev eth1 ingress flower vlan_prio 5

is illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.

Having the num_of_vlans filter configured removes this restriction. The
following rule becomes ok:

tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5

because having num_of_vlans==1 implies that the packet is single tagged.

To make the above possible, is_vlan_key helper is changed to look at the
number of vlans in addition to the vlan ethertype.

Outer tag vlan filters (e.g.  vlan_prio) require the number of vlan tags
be greater than 0. Inner filters (e.g. cvlan_prio) require the number of
vlan tags be greater than 1.

Number of vlans filter may cause ethertype to be set to 0.
fl_set_key_vlan is changed to accomodate this.

</description>

Thanks,
Boris.

> >vlans in addition to the vlan ethertype. Outer tag vlan filters (e.g.
> >vlan_prio) require the number of vlan tags be greater than 0. Inner
> >filters (e.g. cvlan_prio) require the number of vlan tags be greater
> >than 1.
> >
> >Number of vlans filter may cause ethertype to be set to 0. Check this in
> >fl_set_key_vlan.
> >

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4221 bytes --]

Re: [PATCH net-next v2 5/5] net/sched: flower: Consider the number of tags for vlan filters

[Jiri Pirko]

Tue, Apr 12, 2022 at 01:40:49PM CEST, boris.sukholitko@broadcom.com wrote:
>On Tue, Apr 12, 2022 at 01:09:35PM +0200, Jiri Pirko wrote:
>> Tue, Apr 12, 2022 at 12:02:36PM CEST, boris.sukholitko@broadcom.com wrote:
>> >Currently the existence of vlan filters is conditional on the vlan
>> >protocol being matched in the tc rule. I.e. the following rule:
>> >
>> >tc filter add dev eth1 ingress flower vlan_prio 5
>> >
>> >is illegal because we lack protocol 802.1q in the rule.
>> >
>> >Having the num_of_vlans filter configured removes this restriction. The
>> >following rule becomes ok:
>> >
>> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>> >
>> >because we know that the packet is single tagged.
>> >
>> >We achieve the above by having is_vlan_key helper look at the number of
>> 
>> Sorry to be a nitpicker, but who's "we"? When I read the patch
>> description, I need to understand clearly what the patch is doing, which
>> is not this case. You suppose to command the codebase what to do.
>> I fail to see that :/
>> 
>> 
>
>What do you think of the following description? The description consists
>of two parts: the first provides motivation for the patch, the second is
>the way the motivation is implemented. I've judiciously edited out the
>"we"-word. :)
>
><description>
>
>Currently the existence of vlan filters is conditional on the vlan
>protocol being matched in the tc rule. I.e. the following rule:
>
>tc filter add dev eth1 ingress flower vlan_prio 5
>
>is illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
>
>Having the num_of_vlans filter configured removes this restriction. The
>following rule becomes ok:
>
>tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5

So this is what this patch allows? You are talking about it as it is
already possible with the code before this patch being applied.


>
>because having num_of_vlans==1 implies that the packet is single tagged.
>
>To make the above possible, is_vlan_key helper is changed to look at the
>number of vlans in addition to the vlan ethertype.

What "is changed"? You should tell the codebase what to do, what toadd,
remove or change. If you did that, it would be very clear to the reader
what the patch is supposed to do.


>
>Outer tag vlan filters (e.g.  vlan_prio) require the number of vlan tags
>be greater than 0. Inner filters (e.g. cvlan_prio) require the number of
>vlan tags be greater than 1.

Again, unclear what this describes, if the current code before the patch
or the state after this patch.


>
>Number of vlans filter may cause ethertype to be set to 0.
>fl_set_key_vlan is changed to accomodate this.
>
></description>
>
>Thanks,
>Boris.
>
>> >vlans in addition to the vlan ethertype. Outer tag vlan filters (e.g.
>> >vlan_prio) require the number of vlan tags be greater than 0. Inner
>> >filters (e.g. cvlan_prio) require the number of vlan tags be greater
>> >than 1.
>> >
>> >Number of vlans filter may cause ethertype to be set to 0. Check this in
>> >fl_set_key_vlan.
>> >

Re: [PATCH net-next v2 5/5] net/sched: flower: Consider the number of tags for vlan filters

[Boris Sukholitko]

[-- Attachment #1: Type: text/plain, Size: 4123 bytes --]

On Tue, Apr 12, 2022 at 02:12:15PM +0200, Jiri Pirko wrote:
> Tue, Apr 12, 2022 at 01:40:49PM CEST, boris.sukholitko@broadcom.com wrote:
> >On Tue, Apr 12, 2022 at 01:09:35PM +0200, Jiri Pirko wrote:
> >> Tue, Apr 12, 2022 at 12:02:36PM CEST, boris.sukholitko@broadcom.com wrote:
> >> >Currently the existence of vlan filters is conditional on the vlan
> >> >protocol being matched in the tc rule. I.e. the following rule:
> >> >
> >> >tc filter add dev eth1 ingress flower vlan_prio 5
> >> >
> >> >is illegal because we lack protocol 802.1q in the rule.
> >> >
> >> >Having the num_of_vlans filter configured removes this restriction. The
> >> >following rule becomes ok:
> >> >
> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >> >
> >> >because we know that the packet is single tagged.
> >> >
> >> >We achieve the above by having is_vlan_key helper look at the number of
> >> 
> >> Sorry to be a nitpicker, but who's "we"? When I read the patch
> >> description, I need to understand clearly what the patch is doing, which
> >> is not this case. You suppose to command the codebase what to do.
> >> I fail to see that :/
> >> 
> >> 
> >
> >What do you think of the following description? The description consists
> >of two parts: the first provides motivation for the patch, the second is
> >the way the motivation is implemented. I've judiciously edited out the
> >"we"-word. :)
> >
> ><description>
> >
> >Currently the existence of vlan filters is conditional on the vlan
> >protocol being matched in the tc rule. I.e. the following rule:
> >
> >tc filter add dev eth1 ingress flower vlan_prio 5
> >
> >is illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
> >
> >Having the num_of_vlans filter configured removes this restriction. The
> >following rule becomes ok:
> >
> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> 
> So this is what this patch allows?

Yes.

> You are talking about it as it is
> already possible with the code before this patch being applied.
> 

Sorry for the confusion. In the updated description I try to make the
distinction much clearer.

> 
> >
> >because having num_of_vlans==1 implies that the packet is single tagged.
> >
> >To make the above possible, is_vlan_key helper is changed to look at the
> >number of vlans in addition to the vlan ethertype.
> 
> What "is changed"? You should tell the codebase what to do, what toadd,
> remove or change. If you did that, it would be very clear to the reader
> what the patch is supposed to do.
> 

The "changed" refers to the code of is_vlan_key function which is
changed by this patch. Please see the updated description.

> 
> >
> >Outer tag vlan filters (e.g.  vlan_prio) require the number of vlan tags
> >be greater than 0. Inner filters (e.g. cvlan_prio) require the number of
> >vlan tags be greater than 1.
> 
> Again, unclear what this describes, if the current code before the patch
> or the state after this patch.
> 

What about the following:

<description>

Before this commit the existence of vlan filters was conditional on the vlan
protocol being matched in the tc rule. For example, the following rule:

tc filter add dev eth1 ingress flower vlan_prio 5

was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.

This commit removes the above restriction. Having the num_of_vlans
filter configured allows further matching on vlan attributes. The
following rule is ok now:

tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5

because having num_of_vlans==1 implies that the packet is single tagged.

To do this, this commit changes is_vlan_key helper to look at the number
of vlans in addition to the vlan ethertype. Outer (e.g. vlan_prio) and
inner (e.g. cvlan_prio) tag vlan filters require the number of vlan tags
to be greater then 0 and 1 accordingly.

As a result of this commit, the ethertype may be set to 0 when matching
on the number of vlans. This commit changes fl_set_key_vlan to avoid
setting key, mask vlan_tpid for the 0 ethertype.

</description>

Is this going into the right direction?

Thanks,
Boris.

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4221 bytes --]

Re: [PATCH net-next v2 5/5] net/sched: flower: Consider the number of tags for vlan filters

[Jiri Pirko]

Tue, Apr 12, 2022 at 03:16:10PM CEST, boris.sukholitko@broadcom.com wrote:
>On Tue, Apr 12, 2022 at 02:12:15PM +0200, Jiri Pirko wrote:
>> Tue, Apr 12, 2022 at 01:40:49PM CEST, boris.sukholitko@broadcom.com wrote:
>> >On Tue, Apr 12, 2022 at 01:09:35PM +0200, Jiri Pirko wrote:
>> >> Tue, Apr 12, 2022 at 12:02:36PM CEST, boris.sukholitko@broadcom.com wrote:
>> >> >Currently the existence of vlan filters is conditional on the vlan
>> >> >protocol being matched in the tc rule. I.e. the following rule:
>> >> >
>> >> >tc filter add dev eth1 ingress flower vlan_prio 5
>> >> >
>> >> >is illegal because we lack protocol 802.1q in the rule.
>> >> >
>> >> >Having the num_of_vlans filter configured removes this restriction. The
>> >> >following rule becomes ok:
>> >> >
>> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>> >> >
>> >> >because we know that the packet is single tagged.
>> >> >
>> >> >We achieve the above by having is_vlan_key helper look at the number of
>> >> 
>> >> Sorry to be a nitpicker, but who's "we"? When I read the patch
>> >> description, I need to understand clearly what the patch is doing, which
>> >> is not this case. You suppose to command the codebase what to do.
>> >> I fail to see that :/
>> >> 
>> >> 
>> >
>> >What do you think of the following description? The description consists
>> >of two parts: the first provides motivation for the patch, the second is
>> >the way the motivation is implemented. I've judiciously edited out the
>> >"we"-word. :)
>> >
>> ><description>
>> >
>> >Currently the existence of vlan filters is conditional on the vlan
>> >protocol being matched in the tc rule. I.e. the following rule:
>> >
>> >tc filter add dev eth1 ingress flower vlan_prio 5
>> >
>> >is illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
>> >
>> >Having the num_of_vlans filter configured removes this restriction. The
>> >following rule becomes ok:
>> >
>> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>> 
>> So this is what this patch allows?
>
>Yes.
>
>> You are talking about it as it is
>> already possible with the code before this patch being applied.
>> 
>
>Sorry for the confusion. In the updated description I try to make the
>distinction much clearer.
>
>> 
>> >
>> >because having num_of_vlans==1 implies that the packet is single tagged.
>> >
>> >To make the above possible, is_vlan_key helper is changed to look at the
>> >number of vlans in addition to the vlan ethertype.
>> 
>> What "is changed"? You should tell the codebase what to do, what toadd,
>> remove or change. If you did that, it would be very clear to the reader
>> what the patch is supposed to do.
>> 
>
>The "changed" refers to the code of is_vlan_key function which is
>changed by this patch. Please see the updated description.
>
>> 
>> >
>> >Outer tag vlan filters (e.g.  vlan_prio) require the number of vlan tags
>> >be greater than 0. Inner filters (e.g. cvlan_prio) require the number of
>> >vlan tags be greater than 1.
>> 
>> Again, unclear what this describes, if the current code before the patch
>> or the state after this patch.
>> 
>
>What about the following:
>
><description>
>
>Before this commit the existence of vlan filters was conditional on the vlan
>protocol being matched in the tc rule. For example, the following rule:
>
>tc filter add dev eth1 ingress flower vlan_prio 5
>
>was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
>
>This commit removes the above restriction. Having the num_of_vlans

Say rather just "Remove the above restriction. ..."


>filter configured allows further matching on vlan attributes. The
>following rule is ok now:
>
>tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>
>because having num_of_vlans==1 implies that the packet is single tagged.
>
>To do this, this commit changes is_vlan_key helper to look at the number

"Change the is_vlan_key helper to look..."

Don't talk about "this commit".


>of vlans in addition to the vlan ethertype. Outer (e.g. vlan_prio) and
>inner (e.g. cvlan_prio) tag vlan filters require the number of vlan tags
>to be greater then 0 and 1 accordingly.
>
>As a result of this commit, the ethertype may be set to 0 when matching
>on the number of vlans. This commit changes fl_set_key_vlan to avoid
>setting key, mask vlan_tpid for the 0 ethertype.
>
></description>
>
>Is this going into the right direction?
>
>Thanks,
>Boris.

Re: [PATCH net-next v2 5/5] net/sched: flower: Consider the number of tags for vlan filters

[Boris Sukholitko]

[-- Attachment #1: Type: text/plain, Size: 5361 bytes --]

On Tue, Apr 12, 2022 at 04:17:01PM +0200, Jiri Pirko wrote:
> Tue, Apr 12, 2022 at 03:16:10PM CEST, boris.sukholitko@broadcom.com wrote:
> >On Tue, Apr 12, 2022 at 02:12:15PM +0200, Jiri Pirko wrote:
> >> Tue, Apr 12, 2022 at 01:40:49PM CEST, boris.sukholitko@broadcom.com wrote:
> >> >On Tue, Apr 12, 2022 at 01:09:35PM +0200, Jiri Pirko wrote:
> >> >> Tue, Apr 12, 2022 at 12:02:36PM CEST, boris.sukholitko@broadcom.com wrote:
> >> >> >Currently the existence of vlan filters is conditional on the vlan
> >> >> >protocol being matched in the tc rule. I.e. the following rule:
> >> >> >
> >> >> >tc filter add dev eth1 ingress flower vlan_prio 5
> >> >> >
> >> >> >is illegal because we lack protocol 802.1q in the rule.
> >> >> >
> >> >> >Having the num_of_vlans filter configured removes this restriction. The
> >> >> >following rule becomes ok:
> >> >> >
> >> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >> >> >
> >> >> >because we know that the packet is single tagged.
> >> >> >
> >> >> >We achieve the above by having is_vlan_key helper look at the number of
> >> >> 
> >> >> Sorry to be a nitpicker, but who's "we"? When I read the patch
> >> >> description, I need to understand clearly what the patch is doing, which
> >> >> is not this case. You suppose to command the codebase what to do.
> >> >> I fail to see that :/
> >> >> 
> >> >> 
> >> >
> >> >What do you think of the following description? The description consists
> >> >of two parts: the first provides motivation for the patch, the second is
> >> >the way the motivation is implemented. I've judiciously edited out the
> >> >"we"-word. :)
> >> >
> >> ><description>
> >> >
> >> >Currently the existence of vlan filters is conditional on the vlan
> >> >protocol being matched in the tc rule. I.e. the following rule:
> >> >
> >> >tc filter add dev eth1 ingress flower vlan_prio 5
> >> >
> >> >is illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
> >> >
> >> >Having the num_of_vlans filter configured removes this restriction. The
> >> >following rule becomes ok:
> >> >
> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >> 
> >> So this is what this patch allows?
> >
> >Yes.
> >
> >> You are talking about it as it is
> >> already possible with the code before this patch being applied.
> >> 
> >
> >Sorry for the confusion. In the updated description I try to make the
> >distinction much clearer.
> >
> >> 
> >> >
> >> >because having num_of_vlans==1 implies that the packet is single tagged.
> >> >
> >> >To make the above possible, is_vlan_key helper is changed to look at the
> >> >number of vlans in addition to the vlan ethertype.
> >> 
> >> What "is changed"? You should tell the codebase what to do, what toadd,
> >> remove or change. If you did that, it would be very clear to the reader
> >> what the patch is supposed to do.
> >> 
> >
> >The "changed" refers to the code of is_vlan_key function which is
> >changed by this patch. Please see the updated description.
> >
> >> 
> >> >
> >> >Outer tag vlan filters (e.g.  vlan_prio) require the number of vlan tags
> >> >be greater than 0. Inner filters (e.g. cvlan_prio) require the number of
> >> >vlan tags be greater than 1.
> >> 
> >> Again, unclear what this describes, if the current code before the patch
> >> or the state after this patch.
> >> 
> >
> >What about the following:
> >
> ><description>
> >
> >Before this commit the existence of vlan filters was conditional on the vlan
> >protocol being matched in the tc rule. For example, the following rule:
> >
> >tc filter add dev eth1 ingress flower vlan_prio 5
> >
> >was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
> >
> >This commit removes the above restriction. Having the num_of_vlans
> 
> Say rather just "Remove the above restriction. ..."
> 
> 
> >filter configured allows further matching on vlan attributes. The
> >following rule is ok now:
> >
> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >
> >because having num_of_vlans==1 implies that the packet is single tagged.
> >
> >To do this, this commit changes is_vlan_key helper to look at the number
> 
> "Change the is_vlan_key helper to look..."
> 
> Don't talk about "this commit".
> 

OK. The following incorporates both of the above suggestions:

<description>

Before this commit the existence of vlan filters was conditional on the vlan
protocol being matched in the tc rule. For example, the following rule:

tc filter add dev eth1 ingress flower vlan_prio 5

was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.

Remove the above restriction by looking at the num_of_vlans filter to
allow further matching on vlan attributes. The following rule is ok now:

tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5

because having num_of_vlans==1 implies that the packet is single tagged.

Change is_vlan_key helper to look at the number of vlans in addition to
the vlan ethertype. Outer (e.g. vlan_prio) and inner (e.g.  cvlan_prio)
tag vlan filters require the number of vlan tags to be greater then 0
and 1 accordingly.

As a result of is_vlan_key change, the ethertype may be set to 0 when
matching on the number of vlans. Update fl_set_key_vlan to avoid setting
key, mask vlan_tpid for the 0 ethertype.

</description>

Thanks,
Boris.

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4221 bytes --]

Re: [PATCH net-next v2 5/5] net/sched: flower: Consider the number of tags for vlan filters

[Jiri Pirko]

Wed, Apr 13, 2022 at 10:14:17AM CEST, boris.sukholitko@broadcom.com wrote:
>On Tue, Apr 12, 2022 at 04:17:01PM +0200, Jiri Pirko wrote:
>> Tue, Apr 12, 2022 at 03:16:10PM CEST, boris.sukholitko@broadcom.com wrote:
>> >On Tue, Apr 12, 2022 at 02:12:15PM +0200, Jiri Pirko wrote:
>> >> Tue, Apr 12, 2022 at 01:40:49PM CEST, boris.sukholitko@broadcom.com wrote:
>> >> >On Tue, Apr 12, 2022 at 01:09:35PM +0200, Jiri Pirko wrote:
>> >> >> Tue, Apr 12, 2022 at 12:02:36PM CEST, boris.sukholitko@broadcom.com wrote:
>> >> >> >Currently the existence of vlan filters is conditional on the vlan
>> >> >> >protocol being matched in the tc rule. I.e. the following rule:
>> >> >> >
>> >> >> >tc filter add dev eth1 ingress flower vlan_prio 5
>> >> >> >
>> >> >> >is illegal because we lack protocol 802.1q in the rule.
>> >> >> >
>> >> >> >Having the num_of_vlans filter configured removes this restriction. The
>> >> >> >following rule becomes ok:
>> >> >> >
>> >> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>> >> >> >
>> >> >> >because we know that the packet is single tagged.
>> >> >> >
>> >> >> >We achieve the above by having is_vlan_key helper look at the number of
>> >> >> 
>> >> >> Sorry to be a nitpicker, but who's "we"? When I read the patch
>> >> >> description, I need to understand clearly what the patch is doing, which
>> >> >> is not this case. You suppose to command the codebase what to do.
>> >> >> I fail to see that :/
>> >> >> 
>> >> >> 
>> >> >
>> >> >What do you think of the following description? The description consists
>> >> >of two parts: the first provides motivation for the patch, the second is
>> >> >the way the motivation is implemented. I've judiciously edited out the
>> >> >"we"-word. :)
>> >> >
>> >> ><description>
>> >> >
>> >> >Currently the existence of vlan filters is conditional on the vlan
>> >> >protocol being matched in the tc rule. I.e. the following rule:
>> >> >
>> >> >tc filter add dev eth1 ingress flower vlan_prio 5
>> >> >
>> >> >is illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
>> >> >
>> >> >Having the num_of_vlans filter configured removes this restriction. The
>> >> >following rule becomes ok:
>> >> >
>> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>> >> 
>> >> So this is what this patch allows?
>> >
>> >Yes.
>> >
>> >> You are talking about it as it is
>> >> already possible with the code before this patch being applied.
>> >> 
>> >
>> >Sorry for the confusion. In the updated description I try to make the
>> >distinction much clearer.
>> >
>> >> 
>> >> >
>> >> >because having num_of_vlans==1 implies that the packet is single tagged.
>> >> >
>> >> >To make the above possible, is_vlan_key helper is changed to look at the
>> >> >number of vlans in addition to the vlan ethertype.
>> >> 
>> >> What "is changed"? You should tell the codebase what to do, what toadd,
>> >> remove or change. If you did that, it would be very clear to the reader
>> >> what the patch is supposed to do.
>> >> 
>> >
>> >The "changed" refers to the code of is_vlan_key function which is
>> >changed by this patch. Please see the updated description.
>> >
>> >> 
>> >> >
>> >> >Outer tag vlan filters (e.g.  vlan_prio) require the number of vlan tags
>> >> >be greater than 0. Inner filters (e.g. cvlan_prio) require the number of
>> >> >vlan tags be greater than 1.
>> >> 
>> >> Again, unclear what this describes, if the current code before the patch
>> >> or the state after this patch.
>> >> 
>> >
>> >What about the following:
>> >
>> ><description>
>> >
>> >Before this commit the existence of vlan filters was conditional on the vlan
>> >protocol being matched in the tc rule. For example, the following rule:
>> >
>> >tc filter add dev eth1 ingress flower vlan_prio 5
>> >
>> >was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
>> >
>> >This commit removes the above restriction. Having the num_of_vlans
>> 
>> Say rather just "Remove the above restriction. ..."
>> 
>> 
>> >filter configured allows further matching on vlan attributes. The
>> >following rule is ok now:
>> >
>> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>> >
>> >because having num_of_vlans==1 implies that the packet is single tagged.
>> >
>> >To do this, this commit changes is_vlan_key helper to look at the number
>> 
>> "Change the is_vlan_key helper to look..."
>> 
>> Don't talk about "this commit".
>> 
>
>OK. The following incorporates both of the above suggestions:
>
><description>
>
>Before this commit the existence of vlan filters was conditional on the vlan
>protocol being matched in the tc rule. For example, the following rule:
>
>tc filter add dev eth1 ingress flower vlan_prio 5
>
>was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
>
>Remove the above restriction by looking at the num_of_vlans filter to
>allow further matching on vlan attributes. The following rule is ok now:

What's "now"?


>
>tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>
>because having num_of_vlans==1 implies that the packet is single tagged.
>
>Change is_vlan_key helper to look at the number of vlans in addition to
>the vlan ethertype. Outer (e.g. vlan_prio) and inner (e.g.  cvlan_prio)
>tag vlan filters require the number of vlan tags to be greater then 0
>and 1 accordingly.

I don't get this last sentence. "filters require". Do you do the change
or are you stating what's in before the patch?


>
>As a result of is_vlan_key change, the ethertype may be set to 0 when
>matching on the number of vlans. Update fl_set_key_vlan to avoid setting
>key, mask vlan_tpid for the 0 ethertype.
>
></description>
>
>Thanks,
>Boris.

Re: [PATCH net-next v2 5/5] net/sched: flower: Consider the number of tags for vlan filters

[Boris Sukholitko]

[-- Attachment #1: Type: text/plain, Size: 7213 bytes --]

On Wed, Apr 13, 2022 at 01:44:56PM +0200, Jiri Pirko wrote:
> Wed, Apr 13, 2022 at 10:14:17AM CEST, boris.sukholitko@broadcom.com wrote:
> >On Tue, Apr 12, 2022 at 04:17:01PM +0200, Jiri Pirko wrote:
> >> Tue, Apr 12, 2022 at 03:16:10PM CEST, boris.sukholitko@broadcom.com wrote:
> >> >On Tue, Apr 12, 2022 at 02:12:15PM +0200, Jiri Pirko wrote:
> >> >> Tue, Apr 12, 2022 at 01:40:49PM CEST, boris.sukholitko@broadcom.com wrote:
> >> >> >On Tue, Apr 12, 2022 at 01:09:35PM +0200, Jiri Pirko wrote:
> >> >> >> Tue, Apr 12, 2022 at 12:02:36PM CEST, boris.sukholitko@broadcom.com wrote:
> >> >> >> >Currently the existence of vlan filters is conditional on the vlan
> >> >> >> >protocol being matched in the tc rule. I.e. the following rule:
> >> >> >> >
> >> >> >> >tc filter add dev eth1 ingress flower vlan_prio 5
> >> >> >> >
> >> >> >> >is illegal because we lack protocol 802.1q in the rule.
> >> >> >> >
> >> >> >> >Having the num_of_vlans filter configured removes this restriction. The
> >> >> >> >following rule becomes ok:
> >> >> >> >
> >> >> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >> >> >> >
> >> >> >> >because we know that the packet is single tagged.
> >> >> >> >
> >> >> >> >We achieve the above by having is_vlan_key helper look at the number of
> >> >> >> 
> >> >> >> Sorry to be a nitpicker, but who's "we"? When I read the patch
> >> >> >> description, I need to understand clearly what the patch is doing, which
> >> >> >> is not this case. You suppose to command the codebase what to do.
> >> >> >> I fail to see that :/
> >> >> >> 
> >> >> >> 
> >> >> >
> >> >> >What do you think of the following description? The description consists
> >> >> >of two parts: the first provides motivation for the patch, the second is
> >> >> >the way the motivation is implemented. I've judiciously edited out the
> >> >> >"we"-word. :)
> >> >> >
> >> >> ><description>
> >> >> >
> >> >> >Currently the existence of vlan filters is conditional on the vlan
> >> >> >protocol being matched in the tc rule. I.e. the following rule:
> >> >> >
> >> >> >tc filter add dev eth1 ingress flower vlan_prio 5
> >> >> >
> >> >> >is illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
> >> >> >
> >> >> >Having the num_of_vlans filter configured removes this restriction. The
> >> >> >following rule becomes ok:
> >> >> >
> >> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >> >> 
> >> >> So this is what this patch allows?
> >> >
> >> >Yes.
> >> >
> >> >> You are talking about it as it is
> >> >> already possible with the code before this patch being applied.
> >> >> 
> >> >
> >> >Sorry for the confusion. In the updated description I try to make the
> >> >distinction much clearer.
> >> >
> >> >> 
> >> >> >
> >> >> >because having num_of_vlans==1 implies that the packet is single tagged.
> >> >> >
> >> >> >To make the above possible, is_vlan_key helper is changed to look at the
> >> >> >number of vlans in addition to the vlan ethertype.
> >> >> 
> >> >> What "is changed"? You should tell the codebase what to do, what toadd,
> >> >> remove or change. If you did that, it would be very clear to the reader
> >> >> what the patch is supposed to do.
> >> >> 
> >> >
> >> >The "changed" refers to the code of is_vlan_key function which is
> >> >changed by this patch. Please see the updated description.
> >> >
> >> >> 
> >> >> >
> >> >> >Outer tag vlan filters (e.g.  vlan_prio) require the number of vlan tags
> >> >> >be greater than 0. Inner filters (e.g. cvlan_prio) require the number of
> >> >> >vlan tags be greater than 1.
> >> >> 
> >> >> Again, unclear what this describes, if the current code before the patch
> >> >> or the state after this patch.
> >> >> 
> >> >
> >> >What about the following:
> >> >
> >> ><description>
> >> >
> >> >Before this commit the existence of vlan filters was conditional on the vlan
> >> >protocol being matched in the tc rule. For example, the following rule:
> >> >
> >> >tc filter add dev eth1 ingress flower vlan_prio 5
> >> >
> >> >was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
> >> >
> >> >This commit removes the above restriction. Having the num_of_vlans
> >> 
> >> Say rather just "Remove the above restriction. ..."
> >> 
> >> 
> >> >filter configured allows further matching on vlan attributes. The
> >> >following rule is ok now:
> >> >
> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >> >
> >> >because having num_of_vlans==1 implies that the packet is single tagged.
> >> >
> >> >To do this, this commit changes is_vlan_key helper to look at the number
> >> 
> >> "Change the is_vlan_key helper to look..."
> >> 
> >> Don't talk about "this commit".
> >> 
> >
> >OK. The following incorporates both of the above suggestions:
> >
> ><description>
> >
> >Before this commit the existence of vlan filters was conditional on the vlan
> >protocol being matched in the tc rule. For example, the following rule:
> >
> >tc filter add dev eth1 ingress flower vlan_prio 5
> >
> >was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
> >
> >Remove the above restriction by looking at the num_of_vlans filter to
> >allow further matching on vlan attributes. The following rule is ok now:
> 
> What's "now"?

"Now" is the situation after applying the patch. I'll mention this fact
in the description below.

> 
> 
> >
> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >
> >because having num_of_vlans==1 implies that the packet is single tagged.
> >
> >Change is_vlan_key helper to look at the number of vlans in addition to
> >the vlan ethertype. Outer (e.g. vlan_prio) and inner (e.g.  cvlan_prio)
> >tag vlan filters require the number of vlan tags to be greater then 0
> >and 1 accordingly.
> 
> I don't get this last sentence. "filters require". Do you do the change
> or are you stating what's in before the patch?
> 

The whole paragraph starting with "Change..." talks about what happens
after the patch. I'll make it more explicit in the description below.

The updated description follows:

<description>

Before this commit the existence of vlan filters was conditional on the vlan
protocol being matched in the tc rule. For example, the following rule:

tc filter add dev eth1 ingress flower vlan_prio 5

was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.

Remove the above restriction by looking at the num_of_vlans filter to
allow further matching on vlan attributes. The following rule becomes
legal as a result of this commit:

tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5

because having num_of_vlans==1 implies that the packet is single tagged.

Change is_vlan_key helper to look at the number of vlans in addition to
the vlan ethertype. The outcome of this change is that outer (e.g. vlan_prio)
and inner (e.g. cvlan_prio) tag vlan filters require the number of vlan
tags to be greater then 0 and 1 accordingly.

As a result of is_vlan_key change, the ethertype may be set to 0 when
matching on the number of vlans. Update fl_set_key_vlan to avoid setting
key, mask vlan_tpid for the 0 ethertype.

</description>

Thanks,
Boris.

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4221 bytes --]