* [PATCH iproute2 0/9] Cleanup backlog
@ 2016-10-01 20:48 Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 1/9] ife action: allow specifying index in hex Jamal Hadi Salim
` (8 more replies)
0 siblings, 9 replies; 11+ messages in thread
From: Jamal Hadi Salim @ 2016-10-01 20:48 UTC (permalink / raw)
To: stephen; +Cc: netdev, Jamal Hadi Salim
From: Jamal Hadi Salim <jhs@mojatatu.com>
Variety of cleanup and new functionality I had sitting around on my
private tree
Craig Dillabaugh (1):
action gact: list pipe as a valid action
Jamal Hadi Salim (3):
actions ife: Introduce encoding and decoding of tcindex metadata
actions: add skbmod action
man pages: Add tc-ife to Makefile
Lucas Bates (2):
man pages: update ife action to include tcindex
man pages: add man page for skbmod action
Roman Mashak (3):
ife action: allow specifying index in hex
ife: print prio, mark and hash as unsigned
ife: improve help text
include/linux/tc_act/tc_ife.h | 3 +-
man/man8/Makefile | 2 +-
man/man8/tc-ife.8 | 29 ++++-
man/man8/tc-skbmod.8 | 137 +++++++++++++++++++++
tc/Makefile | 1 +
tc/m_gact.c | 4 +-
tc/m_ife.c | 38 ++++--
tc/m_skbmod.c | 270 ++++++++++++++++++++++++++++++++++++++++++
8 files changed, 467 insertions(+), 17 deletions(-)
create mode 100644 man/man8/tc-skbmod.8
create mode 100644 tc/m_skbmod.c
--
1.9.1
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH iproute2 1/9] ife action: allow specifying index in hex
2016-10-01 20:48 [PATCH iproute2 0/9] Cleanup backlog Jamal Hadi Salim
@ 2016-10-01 20:48 ` Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 2/9] ife: print prio, mark and hash as unsigned Jamal Hadi Salim
` (7 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Jamal Hadi Salim @ 2016-10-01 20:48 UTC (permalink / raw)
To: stephen; +Cc: netdev, Roman Mashak, Jamal Hadi Salim
From: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
tc/m_ife.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tc/m_ife.c b/tc/m_ife.c
index 0219760..a5a7516 100644
--- a/tc/m_ife.c
+++ b/tc/m_ife.c
@@ -152,7 +152,7 @@ static int parse_ife(struct action_util *a, int *argc_p, char ***argv_p,
if (argc) {
if (matches(*argv, "index") == 0) {
NEXT_ARG();
- if (get_u32(&p.index, *argv, 10)) {
+ if (get_u32(&p.index, *argv, 0)) {
fprintf(stderr, "ife: Illegal \"index\"\n");
return -1;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH iproute2 2/9] ife: print prio, mark and hash as unsigned
2016-10-01 20:48 [PATCH iproute2 0/9] Cleanup backlog Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 1/9] ife action: allow specifying index in hex Jamal Hadi Salim
@ 2016-10-01 20:48 ` Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 3/9] ife: improve help text Jamal Hadi Salim
` (6 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Jamal Hadi Salim @ 2016-10-01 20:48 UTC (permalink / raw)
To: stephen; +Cc: netdev, Roman Mashak, Jamal Hadi Salim
From: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
tc/m_ife.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tc/m_ife.c b/tc/m_ife.c
index a5a7516..588bad7 100644
--- a/tc/m_ife.c
+++ b/tc/m_ife.c
@@ -252,7 +252,7 @@ static int print_ife(struct action_util *au, FILE *f, struct rtattr *arg)
len = RTA_PAYLOAD(metalist[IFE_META_SKBMARK]);
if (len) {
mmark = rta_getattr_u32(metalist[IFE_META_SKBMARK]);
- fprintf(f, "use mark %d ", mmark);
+ fprintf(f, "use mark %u ", mmark);
} else
fprintf(f, "allow mark ");
}
@@ -261,7 +261,7 @@ static int print_ife(struct action_util *au, FILE *f, struct rtattr *arg)
len = RTA_PAYLOAD(metalist[IFE_META_HASHID]);
if (len) {
mhash = rta_getattr_u32(metalist[IFE_META_HASHID]);
- fprintf(f, "use hash %d ", mhash);
+ fprintf(f, "use hash %u ", mhash);
} else
fprintf(f, "allow hash ");
}
@@ -270,7 +270,7 @@ static int print_ife(struct action_util *au, FILE *f, struct rtattr *arg)
len = RTA_PAYLOAD(metalist[IFE_META_PRIO]);
if (len) {
mprio = rta_getattr_u32(metalist[IFE_META_PRIO]);
- fprintf(f, "use prio %d ", mprio);
+ fprintf(f, "use prio %u ", mprio);
} else
fprintf(f, "allow prio ");
}
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH iproute2 3/9] ife: improve help text
2016-10-01 20:48 [PATCH iproute2 0/9] Cleanup backlog Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 1/9] ife action: allow specifying index in hex Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 2/9] ife: print prio, mark and hash as unsigned Jamal Hadi Salim
@ 2016-10-01 20:48 ` Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 4/9] actions ife: Introduce encoding and decoding of tcindex metadata Jamal Hadi Salim
` (5 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Jamal Hadi Salim @ 2016-10-01 20:48 UTC (permalink / raw)
To: stephen; +Cc: netdev, Roman Mashak, Jamal Hadi Salim
From: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
tc/m_ife.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tc/m_ife.c b/tc/m_ife.c
index 588bad7..862461b 100644
--- a/tc/m_ife.c
+++ b/tc/m_ife.c
@@ -29,12 +29,13 @@
static void ife_explain(void)
{
fprintf(stderr,
- "Usage:... ife {decode|encode} {ALLOW|USE} [dst DMAC] [src SMAC] [type TYPE] [CONTROL] [index INDEX]\n");
+ "Usage:... ife {decode|encode} [{ALLOW|USE} ATTR] [dst DMAC] [src SMAC] [type TYPE] [CONTROL] [index INDEX]\n");
fprintf(stderr,
"\tALLOW := Encode direction. Allows encoding specified metadata\n"
"\t\t e.g \"allow mark\"\n"
"\tUSE := Encode direction. Enforce Static encoding of specified metadata\n"
"\t\t e.g \"use mark 0x12\"\n"
+ "\tATTR := mark (32-bit), prio (32-bit), tcindex (16-bit)\n"
"\tDMAC := 6 byte Destination MAC address to encode\n"
"\tSMAC := optional 6 byte Source MAC address to encode\n"
"\tTYPE := optional 16 bit ethertype to encode\n"
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH iproute2 4/9] actions ife: Introduce encoding and decoding of tcindex metadata
2016-10-01 20:48 [PATCH iproute2 0/9] Cleanup backlog Jamal Hadi Salim
` (2 preceding siblings ...)
2016-10-01 20:48 ` [PATCH iproute2 3/9] ife: improve help text Jamal Hadi Salim
@ 2016-10-01 20:48 ` Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 5/9] action gact: list pipe as a valid action Jamal Hadi Salim
` (4 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Jamal Hadi Salim @ 2016-10-01 20:48 UTC (permalink / raw)
To: stephen; +Cc: netdev, Jamal Hadi Salim
From: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
include/linux/tc_act/tc_ife.h | 3 ++-
tc/m_ife.c | 29 +++++++++++++++++++++++------
2 files changed, 25 insertions(+), 7 deletions(-)
diff --git a/include/linux/tc_act/tc_ife.h b/include/linux/tc_act/tc_ife.h
index 4ece02a..cd18360 100644
--- a/include/linux/tc_act/tc_ife.h
+++ b/include/linux/tc_act/tc_ife.h
@@ -32,8 +32,9 @@ enum {
#define IFE_META_HASHID 2
#define IFE_META_PRIO 3
#define IFE_META_QMAP 4
+#define IFE_META_TCINDEX 5
/*Can be overridden at runtime by module option*/
-#define __IFE_META_MAX 5
+#define __IFE_META_MAX 6
#define IFE_META_MAX (__IFE_META_MAX - 1)
#endif
diff --git a/tc/m_ife.c b/tc/m_ife.c
index 862461b..e6f6153 100644
--- a/tc/m_ife.c
+++ b/tc/m_ife.c
@@ -67,6 +67,8 @@ static int parse_ife(struct action_util *a, int *argc_p, char ***argv_p,
__u32 ife_prio_v = 0;
__u32 ife_mark = 0;
__u32 ife_mark_v = 0;
+ __u16 ife_tcindex = 0;
+ __u16 ife_tcindex_v = 0;
char *daddr = NULL;
char *saddr = NULL;
@@ -89,6 +91,8 @@ static int parse_ife(struct action_util *a, int *argc_p, char ***argv_p,
ife_mark = IFE_META_SKBMARK;
} else if (matches(*argv, "prio") == 0) {
ife_prio = IFE_META_PRIO;
+ } else if (matches(*argv, "tcindex") == 0) {
+ ife_prio = IFE_META_TCINDEX;
} else {
fprintf(stderr, "Illegal meta define <%s>\n",
*argv);
@@ -106,6 +110,11 @@ static int parse_ife(struct action_util *a, int *argc_p, char ***argv_p,
if (get_u32(&ife_prio_v, *argv, 0))
invarg("ife prio val is invalid",
*argv);
+ } else if (matches(*argv, "tcindex") == 0) {
+ NEXT_ARG();
+ if (get_u16(&ife_tcindex_v, *argv, 0))
+ invarg("ife tcindex val is invalid",
+ *argv);
} else {
fprintf(stderr, "Illegal meta use type <%s>\n",
*argv);
@@ -196,6 +205,13 @@ static int parse_ife(struct action_util *a, int *argc_p, char ***argv_p,
else
addattr_l(n, MAX_MSG, IFE_META_PRIO, NULL, 0);
}
+ if (ife_tcindex || ife_tcindex_v) {
+ if (ife_tcindex_v)
+ addattr_l(n, MAX_MSG, IFE_META_TCINDEX, &ife_tcindex_v,
+ 2);
+ else
+ addattr_l(n, MAX_MSG, IFE_META_TCINDEX, NULL, 0);
+ }
tail2->rta_len = (void *)NLMSG_TAIL(n) - (void *)tail2;
@@ -213,7 +229,7 @@ static int print_ife(struct action_util *au, FILE *f, struct rtattr *arg)
struct rtattr *tb[TCA_IFE_MAX + 1];
__u16 ife_type = 0;
__u32 mmark = 0;
- __u32 mhash = 0;
+ __u16 mtcindex = 0;
__u32 mprio = 0;
int has_optional = 0;
SPRINT_BUF(b2);
@@ -258,13 +274,14 @@ static int print_ife(struct action_util *au, FILE *f, struct rtattr *arg)
fprintf(f, "allow mark ");
}
- if (metalist[IFE_META_HASHID]) {
- len = RTA_PAYLOAD(metalist[IFE_META_HASHID]);
+ if (metalist[IFE_META_TCINDEX]) {
+ len = RTA_PAYLOAD(metalist[IFE_META_TCINDEX]);
if (len) {
- mhash = rta_getattr_u32(metalist[IFE_META_HASHID]);
- fprintf(f, "use hash %u ", mhash);
+ mtcindex =
+ rta_getattr_u16(metalist[IFE_META_TCINDEX]);
+ fprintf(f, "use tcindex %d ", mtcindex);
} else
- fprintf(f, "allow hash ");
+ fprintf(f, "allow tcindex ");
}
if (metalist[IFE_META_PRIO]) {
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH iproute2 5/9] action gact: list pipe as a valid action
2016-10-01 20:48 [PATCH iproute2 0/9] Cleanup backlog Jamal Hadi Salim
` (3 preceding siblings ...)
2016-10-01 20:48 ` [PATCH iproute2 4/9] actions ife: Introduce encoding and decoding of tcindex metadata Jamal Hadi Salim
@ 2016-10-01 20:48 ` Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 6/9] actions: add skbmod action Jamal Hadi Salim
` (3 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Jamal Hadi Salim @ 2016-10-01 20:48 UTC (permalink / raw)
To: stephen; +Cc: netdev, Craig Dillabaugh, Jamal Hadi Salim
From: Craig Dillabaugh <cdillaba@mojatatu.com>
Signed-off-by: Craig Dillabaugh <cdillaba@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
tc/m_gact.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tc/m_gact.c b/tc/m_gact.c
index 2bfd9a7..dc04b9f 100644
--- a/tc/m_gact.c
+++ b/tc/m_gact.c
@@ -45,7 +45,7 @@ explain(void)
#ifdef CONFIG_GACT_PROB
fprintf(stderr, "Usage: ... gact <ACTION> [RAND] [INDEX]\n");
fprintf(stderr,
- "Where: \tACTION := reclassify | drop | continue | pass\n"
+ "Where: \tACTION := reclassify | drop | continue | pass | pipe\n"
"\tRAND := random <RANDTYPE> <ACTION> <VAL>\n"
"\tRANDTYPE := netrand | determ\n"
"\tVAL : = value not exceeding 10000\n"
@@ -54,7 +54,7 @@ explain(void)
#else
fprintf(stderr, "Usage: ... gact <ACTION> [INDEX]\n");
fprintf(stderr,
- "Where: \tACTION := reclassify | drop | continue | pass\n"
+ "Where: \tACTION := reclassify | drop | continue | pass | pipe\n"
"\tINDEX := index value used\n"
"\n");
#endif
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH iproute2 6/9] actions: add skbmod action
2016-10-01 20:48 [PATCH iproute2 0/9] Cleanup backlog Jamal Hadi Salim
` (4 preceding siblings ...)
2016-10-01 20:48 ` [PATCH iproute2 5/9] action gact: list pipe as a valid action Jamal Hadi Salim
@ 2016-10-01 20:48 ` Jamal Hadi Salim
2016-10-10 2:08 ` Stephen Hemminger
2016-10-01 20:48 ` [PATCH iproute2 7/9] man pages: update ife action to include tcindex Jamal Hadi Salim
` (2 subsequent siblings)
8 siblings, 1 reply; 11+ messages in thread
From: Jamal Hadi Salim @ 2016-10-01 20:48 UTC (permalink / raw)
To: stephen; +Cc: netdev, Jamal Hadi Salim
From: Jamal Hadi Salim <jhs@mojatatu.com>
This action is intended to be an upgrade from a usability perspective
from pedit (as well as operational debugability).
Compare this:
sudo tc filter add dev $ETH parent 1: protocol ip prio 10 \
u32 match ip protocol 1 0xff flowid 1:2 \
action pedit munge offset -14 u8 set 0x02 \
munge offset -13 u8 set 0x15 \
munge offset -12 u8 set 0x15 \
munge offset -11 u8 set 0x15 \
munge offset -10 u16 set 0x1515 \
pipe
to:
sudo tc filter add dev $ETH parent 1: protocol ip prio 10 \
u32 match ip protocol 1 0xff flowid 1:2 \
action skbmod dmac 02:15:15:15:15:15
Or worse, try to debug a policy with destination mac, source mac and
etherype. Then make that a hundred rules and you'll get my point.
The most important ethernet use case at the moment is when redirecting or
mirroring packets to a remote machine. The dst mac address needs a re-write
so that it doesnt get dropped or confuse an interconnecting (learning) switch
or dropped by a target machine (which looks at the dst mac).
In the future common use cases on pedit can be migrated to this action
(as an example different fields in ip v4/6, transports like tcp/udp/sctp
etc). For this first cut, this allows modifying basic ethernet header.
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
tc/Makefile | 1 +
tc/m_skbmod.c | 270 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 271 insertions(+)
create mode 100644 tc/m_skbmod.c
diff --git a/tc/Makefile b/tc/Makefile
index 8917eaf..e2f340c 100644
--- a/tc/Makefile
+++ b/tc/Makefile
@@ -45,6 +45,7 @@ TCMODULES += m_nat.o
TCMODULES += m_pedit.o
TCMODULES += m_ife.o
TCMODULES += m_skbedit.o
+TCMODULES += m_skbmod.o
TCMODULES += m_csum.o
TCMODULES += m_simple.o
TCMODULES += m_vlan.o
diff --git a/tc/m_skbmod.c b/tc/m_skbmod.c
new file mode 100644
index 0000000..38c83a2
--- /dev/null
+++ b/tc/m_skbmod.c
@@ -0,0 +1,270 @@
+/*
+ * m_skbmod.c skb modifier action module
+ *
+ * This program is free software; you can distribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: J Hadi Salim (jhs@mojatatu.com)
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <syslog.h>
+#include <fcntl.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <string.h>
+#include <linux/netdevice.h>
+
+#include "rt_names.h"
+#include "utils.h"
+#include "tc_util.h"
+#include <linux/tc_act/tc_skbmod.h>
+
+static void skbmod_explain(void)
+{
+ fprintf(stderr,
+ "Usage:... skbmod {[set <SETTABLE>] [swap <SWAPABLE>]} [CONTROL] [index INDEX]\n");
+ fprintf(stderr, "where SETTABLE is: [dmac DMAC] [smac SMAC] [etype ETYPE] \n");
+ fprintf(stderr, "where SWAPABLE is: \"mac\" to swap mac addresses\n");
+ fprintf(stderr, "note: \"swap mac\" is done after any outstanding D/SMAC change\n");
+ fprintf(stderr,
+ "\tDMAC := 6 byte Destination MAC address\n"
+ "\tSMAC := optional 6 byte Source MAC address\n"
+ "\tETYPE := optional 16 bit ethertype\n"
+ "\tCONTROL := reclassify|pipe|drop|continue|ok\n"
+ "\tINDEX := skbmod index value to use\n");
+}
+
+static void skbmod_usage(void)
+{
+ skbmod_explain();
+ exit(-1);
+}
+
+static int parse_skbmod(struct action_util *a, int *argc_p, char ***argv_p,
+ int tca_id, struct nlmsghdr *n)
+{
+ int argc = *argc_p;
+ char **argv = *argv_p;
+ int ok = 0;
+ struct tc_skbmod p;
+ struct rtattr *tail;
+ char dbuf[ETH_ALEN];
+ char sbuf[ETH_ALEN];
+ __u16 skbmod_etype = 0;
+ char *daddr = NULL;
+ char *saddr = NULL;
+
+ memset(&p, 0, sizeof(p));
+ p.action = TC_ACT_PIPE; /* good default */
+
+ if (argc <= 0)
+ return -1;
+
+ while (argc > 0) {
+ if (matches(*argv, "skbmod") == 0) {
+ NEXT_ARG();
+ continue;
+ } else if (matches(*argv, "swap") == 0) {
+ NEXT_ARG();
+ continue;
+ } else if (matches(*argv, "mac") == 0) {
+ p.flags |= SKBMOD_F_SWAPMAC;
+ ok +=1;
+ } else if (matches(*argv, "set") == 0) {
+ NEXT_ARG();
+ continue;
+ } else if (matches(*argv, "etype") == 0) {
+ NEXT_ARG();
+ if (get_u16(&skbmod_etype, *argv, 0))
+ invarg("ethertype is invalid", *argv);
+ fprintf(stderr, "skbmod etype 0x%x\n", skbmod_etype);
+ p.flags |= SKBMOD_F_ETYPE;
+ ok +=1;
+ } else if (matches(*argv, "dmac") == 0) {
+ NEXT_ARG();
+ daddr = *argv;
+ if (sscanf(daddr, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx",
+ dbuf, dbuf + 1, dbuf + 2,
+ dbuf + 3, dbuf + 4, dbuf + 5) != 6) {
+ fprintf(stderr, "Invalid dst mac address %s\n",
+ daddr);
+ return -1;
+ }
+ p.flags |= SKBMOD_F_DMAC;
+ fprintf(stderr, "dst MAC address <%s>\n", daddr);
+ ok +=1;
+
+ } else if (matches(*argv, "smac") == 0) {
+ NEXT_ARG();
+ saddr = *argv;
+ if (sscanf(saddr, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx",
+ sbuf, sbuf + 1, sbuf + 2,
+ sbuf + 3, sbuf + 4, sbuf + 5) != 6) {
+ fprintf(stderr, "Invalid smac address %s\n",
+ saddr);
+ return -1;
+ }
+ p.flags |= SKBMOD_F_SMAC;
+ fprintf(stderr, "src MAC address <%s>\n", saddr);
+ ok +=1;
+ } else if (matches(*argv, "help") == 0) {
+ skbmod_usage();
+ } else {
+ break;
+ }
+
+ argc--;
+ argv++;
+ }
+
+#if 0
+ if (p.flags & SKBMOD_F_SWAPMAC) {
+ if ((p.flags & SKBMOD_F_DMAC) || (p.flags & SKBMOD_F_SMAC)) {
+ fprintf(stderr, "Not allowed to mix S/MAC and swapping\n");
+ skbmod_usage();
+ }
+ }
+#endif
+
+ if (argc) {
+ if (matches(*argv, "reclassify") == 0) {
+ p.action = TC_ACT_RECLASSIFY;
+ argc--;
+ argv++;
+ } else if (matches(*argv, "pipe") == 0) {
+ p.action = TC_ACT_PIPE;
+ argc--;
+ argv++;
+ } else if (matches(*argv, "drop") == 0 ||
+ matches(*argv, "shot") == 0) {
+ p.action = TC_ACT_SHOT;
+ argc--;
+ argv++;
+ } else if (matches(*argv, "continue") == 0) {
+ p.action = TC_ACT_UNSPEC;
+ argc--;
+ argv++;
+ } else if (matches(*argv, "pass") == 0 ||
+ matches(*argv, "ok") == 0) {
+ p.action = TC_ACT_OK;
+ argc--;
+ argv++;
+ }
+ }
+
+ if (argc) {
+ if (matches(*argv, "index") == 0) {
+ NEXT_ARG();
+ if (get_u32(&p.index, *argv, 0)) {
+ fprintf(stderr, "skbmod: Illegal \"index\"\n");
+ return -1;
+ }
+ ok++;
+ argc--;
+ argv++;
+ }
+ }
+
+ if (!ok) {
+ fprintf(stderr, "skbmod requires at least one option\n");
+ skbmod_usage();
+ }
+
+ tail = NLMSG_TAIL(n);
+ addattr_l(n, MAX_MSG, tca_id, NULL, 0);
+ addattr_l(n, MAX_MSG, TCA_SKBMOD_PARMS, &p, sizeof(p));
+
+ if (daddr)
+ addattr_l(n, MAX_MSG, TCA_SKBMOD_DMAC, dbuf, ETH_ALEN);
+ if (skbmod_etype)
+ addattr16(n, MAX_MSG, TCA_SKBMOD_ETYPE, skbmod_etype);
+ if (saddr)
+ addattr_l(n, MAX_MSG, TCA_SKBMOD_SMAC, sbuf, ETH_ALEN);
+
+ tail->rta_len = (void *)NLMSG_TAIL(n) - (void *)tail;
+
+ *argc_p = argc;
+ *argv_p = argv;
+ return 0;
+}
+
+static int print_skbmod(struct action_util *au, FILE *f, struct rtattr *arg)
+{
+ struct tc_skbmod *p = NULL;
+ struct rtattr *tb[TCA_SKBMOD_MAX + 1];
+ __u16 skbmod_etype = 0;
+ int has_optional = 0;
+ SPRINT_BUF(b1);
+ SPRINT_BUF(b2);
+
+ if (arg == NULL)
+ return -1;
+
+ parse_rtattr_nested(tb, TCA_SKBMOD_MAX, arg);
+
+ if (tb[TCA_SKBMOD_PARMS] == NULL) {
+ fprintf(f, "[NULL skbmod parameters]");
+ return -1;
+ }
+
+ p = RTA_DATA(tb[TCA_SKBMOD_PARMS]);
+
+ fprintf(f, "skbmod action %s ", action_n2a(p->action));
+
+ if (tb[TCA_SKBMOD_ETYPE]) {
+ skbmod_etype = rta_getattr_u16(tb[TCA_SKBMOD_ETYPE]);
+ has_optional = 1;
+ fprintf(f, "set etype 0x%X ", skbmod_etype);
+ }
+
+ if (has_optional)
+ fprintf(f, "\n\t ");
+
+ if (tb[TCA_SKBMOD_DMAC]) {
+ has_optional = 1;
+ fprintf(f, "set dmac %s ",
+ ll_addr_n2a(RTA_DATA(tb[TCA_SKBMOD_DMAC]),
+ RTA_PAYLOAD(tb[TCA_SKBMOD_DMAC]), 0, b1,
+ sizeof(b1)));
+
+ }
+
+ if (tb[TCA_SKBMOD_SMAC]) {
+ has_optional = 1;
+ fprintf(f, "set smac %s ",
+ ll_addr_n2a(RTA_DATA(tb[TCA_SKBMOD_SMAC]),
+ RTA_PAYLOAD(tb[TCA_SKBMOD_SMAC]), 0, b2,
+ sizeof(b2)));
+ }
+
+ if (p->flags & SKBMOD_F_SWAPMAC) {
+ fprintf(f, "swap mac ");
+ }
+
+ fprintf(f, "\n\t index %d ref %d bind %d", p->index, p->refcnt,
+ p->bindcnt);
+ if (show_stats) {
+ if (tb[TCA_SKBMOD_TM]) {
+ struct tcf_t *tm = RTA_DATA(tb[TCA_SKBMOD_TM]);
+
+ print_tm(f, tm);
+ }
+ }
+
+ fprintf(f, "\n");
+
+ return 0;
+}
+
+struct action_util skbmod_action_util = {
+ .id = "skbmod",
+ .parse_aopt = parse_skbmod,
+ .print_aopt = print_skbmod,
+};
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH iproute2 7/9] man pages: update ife action to include tcindex
2016-10-01 20:48 [PATCH iproute2 0/9] Cleanup backlog Jamal Hadi Salim
` (5 preceding siblings ...)
2016-10-01 20:48 ` [PATCH iproute2 6/9] actions: add skbmod action Jamal Hadi Salim
@ 2016-10-01 20:48 ` Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 8/9] man pages: Add tc-ife to Makefile Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 9/9] man pages: add man page for skbmod action Jamal Hadi Salim
8 siblings, 0 replies; 11+ messages in thread
From: Jamal Hadi Salim @ 2016-10-01 20:48 UTC (permalink / raw)
To: stephen; +Cc: netdev, Lucas Bates, Jamal Hadi Salim
From: Lucas Bates <lucasb@mojatatu.com>
Signed-off-by: Lucas Bates <lucasb@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
man/man8/tc-ife.8 | 29 ++++++++++++++++++++++++++---
1 file changed, 26 insertions(+), 3 deletions(-)
diff --git a/man/man8/tc-ife.8 b/man/man8/tc-ife.8
index 7b3601e..aaf0f97 100644
--- a/man/man8/tc-ife.8
+++ b/man/man8/tc-ife.8
@@ -5,8 +5,8 @@ IFE - encapsulate/decapsulate metadata
.SH SYNOPSIS
.in +8
.ti -8
-.BR tc " ... " action ife"
-.I DIRECTION ACTION
+.BR tc " ... " " action ife"
+.IR DIRECTION " [ " ACTION " ] "
.RB "[ " dst
.IR DMAC " ] "
.RB "[ " src
@@ -24,7 +24,13 @@ IFE - encapsulate/decapsulate metadata
.ti -8
.IR ACTION " := { "
-.BR allow " | " use " }"
+.BI allow " ATTR"
+.RB "| " use
+.IR "ATTR value" " }"
+
+.ti -8
+.IR ATTR " := { "
+.BR mark " | " prio " | " tcindex " }"
.ti -8
.IR CONTROL " := { "
@@ -50,6 +56,23 @@ Encode direction only. Allows encoding specified metadata.
.B use
Encode direction only. Enforce static encoding of specified metadata.
.TP
+.BR mark " [ "
+.IR u32_value " ]"
+The value to set for the skb mark. The u32 value is required only when
+.BR use " is specified."
+.TP
+.BR prio " [ "
+.IR u32_value " ]"
+The value to set for priority in the skb structure. The u32 value is required
+only when
+.BR use " is specified."
+.TP
+.BR tcindex " ["
+.IR u16_value " ]"
+Value to set for the traffic control index in the skb structure. The u16 value
+is required only when
+.BR use " is specified."
+.TP
.BI dmac " DMAC"
.TQ
.BI smac " SMAC"
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH iproute2 8/9] man pages: Add tc-ife to Makefile
2016-10-01 20:48 [PATCH iproute2 0/9] Cleanup backlog Jamal Hadi Salim
` (6 preceding siblings ...)
2016-10-01 20:48 ` [PATCH iproute2 7/9] man pages: update ife action to include tcindex Jamal Hadi Salim
@ 2016-10-01 20:48 ` Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 9/9] man pages: add man page for skbmod action Jamal Hadi Salim
8 siblings, 0 replies; 11+ messages in thread
From: Jamal Hadi Salim @ 2016-10-01 20:48 UTC (permalink / raw)
To: stephen; +Cc: netdev, Jamal Hadi Salim
From: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
man/man8/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/man8/Makefile b/man/man8/Makefile
index 9213769..4ad96ce 100644
--- a/man/man8/Makefile
+++ b/man/man8/Makefile
@@ -16,7 +16,7 @@ MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 rtpr.8 ss.
tc-basic.8 tc-cgroup.8 tc-flow.8 tc-flower.8 tc-fw.8 tc-route.8 \
tc-tcindex.8 tc-u32.8 tc-matchall.8 \
tc-connmark.8 tc-csum.8 tc-mirred.8 tc-nat.8 tc-pedit.8 tc-police.8 \
- tc-simple.8 tc-skbedit.8 tc-vlan.8 tc-xt.8 \
+ tc-simple.8 tc-skbedit.8 tc-vlan.8 tc-xt.8 tc-ife.8 \
devlink.8 devlink-dev.8 devlink-monitor.8 devlink-port.8 devlink-sb.8
all: $(TARGETS)
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH iproute2 9/9] man pages: add man page for skbmod action
2016-10-01 20:48 [PATCH iproute2 0/9] Cleanup backlog Jamal Hadi Salim
` (7 preceding siblings ...)
2016-10-01 20:48 ` [PATCH iproute2 8/9] man pages: Add tc-ife to Makefile Jamal Hadi Salim
@ 2016-10-01 20:48 ` Jamal Hadi Salim
8 siblings, 0 replies; 11+ messages in thread
From: Jamal Hadi Salim @ 2016-10-01 20:48 UTC (permalink / raw)
To: stephen; +Cc: netdev, Lucas Bates, Jamal Hadi Salim
From: Lucas Bates <lucasb@mojatatu.com>
Signed-off-by: Lucas Bates <lucasb@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
man/man8/Makefile | 2 +-
man/man8/tc-skbmod.8 | 137 +++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 138 insertions(+), 1 deletion(-)
create mode 100644 man/man8/tc-skbmod.8
diff --git a/man/man8/Makefile b/man/man8/Makefile
index 4ad96ce..de6f249 100644
--- a/man/man8/Makefile
+++ b/man/man8/Makefile
@@ -16,7 +16,7 @@ MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 rtpr.8 ss.
tc-basic.8 tc-cgroup.8 tc-flow.8 tc-flower.8 tc-fw.8 tc-route.8 \
tc-tcindex.8 tc-u32.8 tc-matchall.8 \
tc-connmark.8 tc-csum.8 tc-mirred.8 tc-nat.8 tc-pedit.8 tc-police.8 \
- tc-simple.8 tc-skbedit.8 tc-vlan.8 tc-xt.8 tc-ife.8 \
+ tc-simple.8 tc-skbedit.8 tc-vlan.8 tc-xt.8 tc-ife.8 tc-skbmod.8 \
devlink.8 devlink-dev.8 devlink-monitor.8 devlink-port.8 devlink-sb.8
all: $(TARGETS)
diff --git a/man/man8/tc-skbmod.8 b/man/man8/tc-skbmod.8
new file mode 100644
index 0000000..6efe9b6
--- /dev/null
+++ b/man/man8/tc-skbmod.8
@@ -0,0 +1,137 @@
+.TH "skbmod action in tc" 8 "21 Sep 2016" "iproute2" "Linux"
+
+.SH NAME
+skbmod - user-friendly packet editor action
+.SH SYNOPSIS
+.in +8
+.ti -8
+.BR tc " ... " "action skbmod " "{ [ " "set "
+.IR SETTABLE " ] [ "
+.BI swap " SWAPPABLE"
+.RI " ] [ " CONTROL " ] [ "
+.BI index " INDEX "
+] }
+
+.ti -8
+.IR SETTABLE " := "
+.RB " [ " dmac
+.IR DMAC " ] "
+.RB " [ " smac
+.IR SMAC " ] "
+.RB " [ " etype
+.IR ETYPE " ] "
+
+.ti -8
+.IR SWAPPABLE " := "
+.B mac
+.ti -8
+.IR CONTROL " := {"
+.BR reclassify " | " pipe " | " drop " | " shot " | " continue " | " pass " }"
+.SH DESCRIPTION
+The
+.B skbmod
+action is intended as a usability upgrade to the existing
+.B pedit
+action. Instead of having to manually edit 8-, 16-, or 32-bit chunks of an
+ethernet header,
+.B skbmod
+allows complete substitution of supported elements.
+.SH OPTIONS
+.TP
+.BI dmac " DMAC"
+Change the destination mac to the specified address.
+.TP
+.BI smac " SMAC"
+Change the source mac to the specified address.
+.TP
+.BI etype " ETYPE"
+Change the ethertype to the specified value.
+.TP
+.BI mac
+Used to swap mac addresses. The
+.B swap mac
+directive is performed
+after any outstanding D/SMAC changes.
+.TP
+.I CONTROL
+The following keywords allow to control how the tree of qdisc, classes,
+filters and actions is further traversed after this action.
+.RS
+.TP
+.B reclassify
+Restart with the first filter in the current list.
+.TP
+.B pipe
+Continue with the next action attached to the same filter.
+.TP
+.B drop
+.TQ
+.B shot
+Drop the packet.
+.TP
+.B continue
+Continue classification with the next filter in line.
+.TP
+.B pass
+Finish classification process and return to calling qdisc for further packet
+processing. This is the default.
+.SH EXAMPLES
+To start, observe the following filter with a pedit action:
+
+.RS
+.EX
+tc filter add dev eth1 parent 1: protocol ip prio 10 \\
+ u32 match ip protocol 1 0xff flowid 1:2 \\
+ action pedit munge offset -14 u8 set 0x02 \\
+ munge offset -13 u8 set 0x15 \\
+ munge offset -12 u8 set 0x15 \\
+ munge offset -11 u8 set 0x15 \\
+ munge offset -10 u16 set 0x1515 \\
+ pipe
+.EE
+.RE
+
+Using the skbmod action, this command can be simplified to:
+
+.RS
+.EX
+tc filter add dev eth1 parent 1: protocol ip prio 10 \\
+ u32 match ip protocol 1 0xff flowid 1:2 \\
+ action skbmod set dmac 02:15:15:15:15:15 \\
+ pipe
+.EE
+.RE
+
+Complexity will increase if source mac and ethertype are also being edited
+as part of the action. If all three fields are to be changed with skbmod:
+
+.RS
+.EX
+tc filter add dev eth5 parent 1: protocol ip prio 10 \\
+ u32 match ip protocol 1 0xff flowid 1:2 \\
+ action skbmod \\
+ set etype 0xBEEF \\
+ set dmac 02:12:13:14:15:16 \\
+ set smac 02:22:23:24:25:26
+.EE
+.RE
+
+Finally, swap the destination and source mac addresses in the header:
+
+.RS
+.EX
+tc filter add dev eth3 parent 1: protocol ip prio 10 \\
+ u32 match ip protocol 1 0xff flowid 1:2 \\
+ action skbmod \\
+ swap mac
+.EE
+.RE
+
+As mentioned above, the swap action will occur after any
+.B " smac/dmac "
+substitutions are executed, if they are present.
+
+.SH SEE ALSO
+.BR tc (8),
+.BR tc-u32 (8),
+.BR tc-pedit (8)
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH iproute2 6/9] actions: add skbmod action
2016-10-01 20:48 ` [PATCH iproute2 6/9] actions: add skbmod action Jamal Hadi Salim
@ 2016-10-10 2:08 ` Stephen Hemminger
0 siblings, 0 replies; 11+ messages in thread
From: Stephen Hemminger @ 2016-10-10 2:08 UTC (permalink / raw)
To: Jamal Hadi Salim; +Cc: netdev
On Sat, 1 Oct 2016 16:48:34 -0400
Jamal Hadi Salim <jhs@mojatatu.com> wrote:
> From: Jamal Hadi Salim <jhs@mojatatu.com>
>
> This action is intended to be an upgrade from a usability perspective
> from pedit (as well as operational debugability).
> Compare this:
>
> sudo tc filter add dev $ETH parent 1: protocol ip prio 10 \
> u32 match ip protocol 1 0xff flowid 1:2 \
> action pedit munge offset -14 u8 set 0x02 \
> munge offset -13 u8 set 0x15 \
> munge offset -12 u8 set 0x15 \
> munge offset -11 u8 set 0x15 \
> munge offset -10 u16 set 0x1515 \
> pipe
>
> to:
>
> sudo tc filter add dev $ETH parent 1: protocol ip prio 10 \
> u32 match ip protocol 1 0xff flowid 1:2 \
> action skbmod dmac 02:15:15:15:15:15
>
> Or worse, try to debug a policy with destination mac, source mac and
> etherype. Then make that a hundred rules and you'll get my point.
>
> The most important ethernet use case at the moment is when redirecting or
> mirroring packets to a remote machine. The dst mac address needs a re-write
> so that it doesnt get dropped or confuse an interconnecting (learning) switch
> or dropped by a target machine (which looks at the dst mac).
>
> In the future common use cases on pedit can be migrated to this action
> (as an example different fields in ip v4/6, transports like tcp/udp/sctp
> etc). For this first cut, this allows modifying basic ethernet header.
>
> Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Lots of checkpatch errors on this. Please fix and resubmit series.
For example:
ERROR: spaces required around that '+=' (ctx:WxV)
#442: FILE: tc/m_skbmod.c:79:
+ ok +=1;
ERROR: code indent should use tabs where possible
#567: FILE: tc/m_skbmod.c:204:
+ SPRINT_BUF(b1);$
WARNING: please, no spaces at the start of a line
#567: FILE: tc/m_skbmod.c:204:
+ SPRINT_BUF(b1);$
ERROR: code indent should use tabs where possible
#568: FILE: tc/m_skbmod.c:205:
+ SPRINT_BUF(b2);$
WARNING: please, no spaces at the start of a line
#568: FILE: tc/m_skbmod.c:205:
+ SPRINT_BUF(b2);$
WARNING: braces {} are not necessary for single statement blocks
#610: FILE: tc/m_skbmod.c:247:
+ if (p->flags & SKBMOD_F_SWAPMAC) {
+ fprintf(f, "swap mac ");
+ }
ERROR: trailing whitespace
#816: FILE: man/man8/tc-skbmod.8:28:
+.IR CONTROL " := {" $
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2016-10-10 2:08 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-10-01 20:48 [PATCH iproute2 0/9] Cleanup backlog Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 1/9] ife action: allow specifying index in hex Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 2/9] ife: print prio, mark and hash as unsigned Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 3/9] ife: improve help text Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 4/9] actions ife: Introduce encoding and decoding of tcindex metadata Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 5/9] action gact: list pipe as a valid action Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 6/9] actions: add skbmod action Jamal Hadi Salim
2016-10-10 2:08 ` Stephen Hemminger
2016-10-01 20:48 ` [PATCH iproute2 7/9] man pages: update ife action to include tcindex Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 8/9] man pages: Add tc-ife to Makefile Jamal Hadi Salim
2016-10-01 20:48 ` [PATCH iproute2 9/9] man pages: add man page for skbmod action Jamal Hadi Salim
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).