[PATCH iproute2 0/9] Cleanup backlog

[PATCH iproute2 0/9] Cleanup backlog

[Jamal Hadi Salim]

From: Jamal Hadi Salim <jhs@mojatatu.com>

Variety of cleanup and new functionality I had sitting around on my
private tree

Craig Dillabaugh (1):
  action gact: list pipe as a valid action

Jamal Hadi Salim (3):
  actions ife: Introduce encoding and decoding of tcindex metadata
  actions:  add skbmod action
  man pages: Add tc-ife to Makefile

Lucas Bates (2):
  man pages: update ife action to include tcindex
  man pages: add man page for skbmod action

Roman Mashak (3):
  ife action: allow specifying index in hex
  ife: print prio, mark and hash as unsigned
  ife: improve help text

 include/linux/tc_act/tc_ife.h |   3 +-
 man/man8/Makefile             |   2 +-
 man/man8/tc-ife.8             |  29 ++++-
 man/man8/tc-skbmod.8          | 137 +++++++++++++++++++++
 tc/Makefile                   |   1 +
 tc/m_gact.c                   |   4 +-
 tc/m_ife.c                    |  38 ++++--
 tc/m_skbmod.c                 | 270 ++++++++++++++++++++++++++++++++++++++++++
 8 files changed, 467 insertions(+), 17 deletions(-)
 create mode 100644 man/man8/tc-skbmod.8
 create mode 100644 tc/m_skbmod.c

-- 
1.9.1

[PATCH iproute2 1/9] ife action: allow specifying index in hex

[Jamal Hadi Salim]

From: Roman Mashak <mrv@mojatatu.com>

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
 tc/m_ife.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tc/m_ife.c b/tc/m_ife.c
index 0219760..a5a7516 100644
--- a/tc/m_ife.c
+++ b/tc/m_ife.c
@@ -152,7 +152,7 @@ static int parse_ife(struct action_util *a, int *argc_p, char ***argv_p,
 	if (argc) {
 		if (matches(*argv, "index") == 0) {
 			NEXT_ARG();
-			if (get_u32(&p.index, *argv, 10)) {
+			if (get_u32(&p.index, *argv, 0)) {
 				fprintf(stderr, "ife: Illegal \"index\"\n");
 				return -1;
 			}
-- 
1.9.1

[PATCH iproute2 2/9] ife: print prio, mark and hash as unsigned

[Jamal Hadi Salim]

From: Roman Mashak <mrv@mojatatu.com>

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
 tc/m_ife.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tc/m_ife.c b/tc/m_ife.c
index a5a7516..588bad7 100644
--- a/tc/m_ife.c
+++ b/tc/m_ife.c
@@ -252,7 +252,7 @@ static int print_ife(struct action_util *au, FILE *f, struct rtattr *arg)
 			len = RTA_PAYLOAD(metalist[IFE_META_SKBMARK]);
 			if (len) {
 				mmark = rta_getattr_u32(metalist[IFE_META_SKBMARK]);
-				fprintf(f, "use mark %d ", mmark);
+				fprintf(f, "use mark %u ", mmark);
 			} else
 				fprintf(f, "allow mark ");
 		}
@@ -261,7 +261,7 @@ static int print_ife(struct action_util *au, FILE *f, struct rtattr *arg)
 			len = RTA_PAYLOAD(metalist[IFE_META_HASHID]);
 			if (len) {
 				mhash = rta_getattr_u32(metalist[IFE_META_HASHID]);
-				fprintf(f, "use hash %d ", mhash);
+				fprintf(f, "use hash %u ", mhash);
 			} else
 				fprintf(f, "allow hash ");
 		}
@@ -270,7 +270,7 @@ static int print_ife(struct action_util *au, FILE *f, struct rtattr *arg)
 			len = RTA_PAYLOAD(metalist[IFE_META_PRIO]);
 			if (len) {
 				mprio = rta_getattr_u32(metalist[IFE_META_PRIO]);
-				fprintf(f, "use prio %d ", mprio);
+				fprintf(f, "use prio %u ", mprio);
 			} else
 				fprintf(f, "allow prio ");
 		}
-- 
1.9.1

[PATCH iproute2 3/9] ife: improve help text

[Jamal Hadi Salim]

From: Roman Mashak <mrv@mojatatu.com>

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
 tc/m_ife.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tc/m_ife.c b/tc/m_ife.c
index 588bad7..862461b 100644
--- a/tc/m_ife.c
+++ b/tc/m_ife.c
@@ -29,12 +29,13 @@
 static void ife_explain(void)
 {
 	fprintf(stderr,
-		"Usage:... ife {decode|encode} {ALLOW|USE} [dst DMAC] [src SMAC] [type TYPE] [CONTROL] [index INDEX]\n");
+		"Usage:... ife {decode|encode} [{ALLOW|USE} ATTR] [dst DMAC] [src SMAC] [type TYPE] [CONTROL] [index INDEX]\n");
 	fprintf(stderr,
 		"\tALLOW := Encode direction. Allows encoding specified metadata\n"
 		"\t\t e.g \"allow mark\"\n"
 		"\tUSE := Encode direction. Enforce Static encoding of specified metadata\n"
 		"\t\t e.g \"use mark 0x12\"\n"
+		"\tATTR := mark (32-bit), prio (32-bit), tcindex (16-bit)\n"
 		"\tDMAC := 6 byte Destination MAC address to encode\n"
 		"\tSMAC := optional 6 byte Source MAC address to encode\n"
 		"\tTYPE := optional 16 bit ethertype to encode\n"
-- 
1.9.1

[PATCH iproute2 4/9] actions ife: Introduce encoding and decoding of tcindex metadata

[Jamal Hadi Salim]

From: Jamal Hadi Salim <jhs@mojatatu.com>

Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
 include/linux/tc_act/tc_ife.h |  3 ++-
 tc/m_ife.c                    | 29 +++++++++++++++++++++++------
 2 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/include/linux/tc_act/tc_ife.h b/include/linux/tc_act/tc_ife.h
index 4ece02a..cd18360 100644
--- a/include/linux/tc_act/tc_ife.h
+++ b/include/linux/tc_act/tc_ife.h
@@ -32,8 +32,9 @@ enum {
 #define IFE_META_HASHID 2
 #define	IFE_META_PRIO 3
 #define	IFE_META_QMAP 4
+#define	IFE_META_TCINDEX 5
 /*Can be overridden at runtime by module option*/
-#define	__IFE_META_MAX 5
+#define	__IFE_META_MAX 6
 #define IFE_META_MAX (__IFE_META_MAX - 1)
 
 #endif
diff --git a/tc/m_ife.c b/tc/m_ife.c
index 862461b..e6f6153 100644
--- a/tc/m_ife.c
+++ b/tc/m_ife.c
@@ -67,6 +67,8 @@ static int parse_ife(struct action_util *a, int *argc_p, char ***argv_p,
 	__u32 ife_prio_v = 0;
 	__u32 ife_mark = 0;
 	__u32 ife_mark_v = 0;
+	__u16 ife_tcindex = 0;
+	__u16 ife_tcindex_v = 0;
 	char *daddr = NULL;
 	char *saddr = NULL;
 
@@ -89,6 +91,8 @@ static int parse_ife(struct action_util *a, int *argc_p, char ***argv_p,
 				ife_mark = IFE_META_SKBMARK;
 			} else if (matches(*argv, "prio") == 0) {
 				ife_prio = IFE_META_PRIO;
+			} else if (matches(*argv, "tcindex") == 0) {
+				ife_prio = IFE_META_TCINDEX;
 			} else {
 				fprintf(stderr, "Illegal meta define <%s>\n",
 					*argv);
@@ -106,6 +110,11 @@ static int parse_ife(struct action_util *a, int *argc_p, char ***argv_p,
 				if (get_u32(&ife_prio_v, *argv, 0))
 					invarg("ife prio val is invalid",
 					       *argv);
+			} else if (matches(*argv, "tcindex") == 0) {
+				NEXT_ARG();
+				if (get_u16(&ife_tcindex_v, *argv, 0))
+					invarg("ife tcindex val is invalid",
+					       *argv);
 			} else {
 				fprintf(stderr, "Illegal meta use type <%s>\n",
 					*argv);
@@ -196,6 +205,13 @@ static int parse_ife(struct action_util *a, int *argc_p, char ***argv_p,
 		else
 			addattr_l(n, MAX_MSG, IFE_META_PRIO, NULL, 0);
 	}
+	if (ife_tcindex || ife_tcindex_v) {
+		if (ife_tcindex_v)
+			addattr_l(n, MAX_MSG, IFE_META_TCINDEX, &ife_tcindex_v,
+				  2);
+		else
+			addattr_l(n, MAX_MSG, IFE_META_TCINDEX, NULL, 0);
+	}
 
 	tail2->rta_len = (void *)NLMSG_TAIL(n) - (void *)tail2;
 
@@ -213,7 +229,7 @@ static int print_ife(struct action_util *au, FILE *f, struct rtattr *arg)
 	struct rtattr *tb[TCA_IFE_MAX + 1];
 	__u16 ife_type = 0;
 	__u32 mmark = 0;
-	__u32 mhash = 0;
+	__u16 mtcindex = 0;
 	__u32 mprio = 0;
 	int has_optional = 0;
 	SPRINT_BUF(b2);
@@ -258,13 +274,14 @@ static int print_ife(struct action_util *au, FILE *f, struct rtattr *arg)
 				fprintf(f, "allow mark ");
 		}
 
-		if (metalist[IFE_META_HASHID]) {
-			len = RTA_PAYLOAD(metalist[IFE_META_HASHID]);
+		if (metalist[IFE_META_TCINDEX]) {
+			len = RTA_PAYLOAD(metalist[IFE_META_TCINDEX]);
 			if (len) {
-				mhash = rta_getattr_u32(metalist[IFE_META_HASHID]);
-				fprintf(f, "use hash %u ", mhash);
+				mtcindex =
+					rta_getattr_u16(metalist[IFE_META_TCINDEX]);
+				fprintf(f, "use tcindex %d ", mtcindex);
 			} else
-				fprintf(f, "allow hash ");
+				fprintf(f, "allow tcindex ");
 		}
 
 		if (metalist[IFE_META_PRIO]) {
-- 
1.9.1

[PATCH iproute2 5/9] action gact: list pipe as a valid action

[Jamal Hadi Salim]

From: Craig Dillabaugh <cdillaba@mojatatu.com>

Signed-off-by: Craig Dillabaugh <cdillaba@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
 tc/m_gact.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tc/m_gact.c b/tc/m_gact.c
index 2bfd9a7..dc04b9f 100644
--- a/tc/m_gact.c
+++ b/tc/m_gact.c
@@ -45,7 +45,7 @@ explain(void)
 #ifdef CONFIG_GACT_PROB
 	fprintf(stderr, "Usage: ... gact <ACTION> [RAND] [INDEX]\n");
 	fprintf(stderr,
-		"Where: \tACTION := reclassify | drop | continue | pass\n"
+		"Where: \tACTION := reclassify | drop | continue | pass | pipe\n"
 			"\tRAND := random <RANDTYPE> <ACTION> <VAL>\n"
 			"\tRANDTYPE := netrand | determ\n"
 			"\tVAL : = value not exceeding 10000\n"
@@ -54,7 +54,7 @@ explain(void)
 #else
 	fprintf(stderr, "Usage: ... gact <ACTION> [INDEX]\n");
 	fprintf(stderr,
-		"Where: \tACTION := reclassify | drop | continue | pass\n"
+		"Where: \tACTION := reclassify | drop | continue | pass | pipe\n"
 		"\tINDEX := index value used\n"
 		"\n");
 #endif
-- 
1.9.1

[PATCH iproute2 6/9] actions: add skbmod action

[Jamal Hadi Salim]

From: Jamal Hadi Salim <jhs@mojatatu.com>

This action is intended to be an upgrade from a usability perspective
from pedit (as well as operational debugability).
Compare this:

sudo tc filter add dev $ETH parent 1: protocol ip prio 10 \
u32 match ip protocol 1 0xff flowid 1:2 \
action pedit munge offset -14 u8 set 0x02 \
    munge offset -13 u8 set 0x15 \
    munge offset -12 u8 set 0x15 \
    munge offset -11 u8 set 0x15 \
    munge offset -10 u16 set 0x1515 \
    pipe

to:

sudo tc filter add dev $ETH parent 1: protocol ip prio 10 \
u32 match ip protocol 1 0xff flowid 1:2 \
action skbmod dmac 02:15:15:15:15:15

Or worse, try to debug a policy with destination mac, source mac and
etherype. Then make that a hundred rules and you'll get my point.

The most important ethernet use case at the moment is when redirecting or
mirroring packets to a remote machine. The dst mac address needs a re-write
so that it doesnt get dropped or confuse an interconnecting (learning) switch
or dropped by a target machine (which looks at the dst mac).

In the future common use cases on pedit can be migrated to this action
(as an example different fields in ip v4/6, transports like tcp/udp/sctp
etc). For this first cut, this allows modifying basic ethernet header.

Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
 tc/Makefile   |   1 +
 tc/m_skbmod.c | 270 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 271 insertions(+)
 create mode 100644 tc/m_skbmod.c

diff --git a/tc/Makefile b/tc/Makefile
index 8917eaf..e2f340c 100644
--- a/tc/Makefile
+++ b/tc/Makefile
@@ -45,6 +45,7 @@ TCMODULES += m_nat.o
 TCMODULES += m_pedit.o
 TCMODULES += m_ife.o
 TCMODULES += m_skbedit.o
+TCMODULES += m_skbmod.o
 TCMODULES += m_csum.o
 TCMODULES += m_simple.o
 TCMODULES += m_vlan.o
diff --git a/tc/m_skbmod.c b/tc/m_skbmod.c
new file mode 100644
index 0000000..38c83a2
--- /dev/null
+++ b/tc/m_skbmod.c
@@ -0,0 +1,270 @@
+/*
+ * m_skbmod.c	skb modifier action module
+ *
+ *		This program is free software; you can distribute it and/or
+ *		modify it under the terms of the GNU General Public License
+ *		as published by the Free Software Foundation; either version
+ *		2 of the License, or (at your option) any later version.
+ *
+ * Authors:  J Hadi Salim (jhs@mojatatu.com)
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <syslog.h>
+#include <fcntl.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <string.h>
+#include <linux/netdevice.h>
+
+#include "rt_names.h"
+#include "utils.h"
+#include "tc_util.h"
+#include <linux/tc_act/tc_skbmod.h>
+
+static void skbmod_explain(void)
+{
+	fprintf(stderr,
+		"Usage:... skbmod {[set <SETTABLE>] [swap <SWAPABLE>]} [CONTROL] [index INDEX]\n");
+	fprintf(stderr, "where SETTABLE is: [dmac DMAC] [smac SMAC] [etype ETYPE] \n");
+	fprintf(stderr, "where SWAPABLE is: \"mac\" to swap mac addresses\n");
+	fprintf(stderr, "note: \"swap mac\" is done after any outstanding D/SMAC change\n");
+	fprintf(stderr,
+		"\tDMAC := 6 byte Destination MAC address\n"
+		"\tSMAC := optional 6 byte Source MAC address\n"
+		"\tETYPE := optional 16 bit ethertype\n"
+		"\tCONTROL := reclassify|pipe|drop|continue|ok\n"
+		"\tINDEX := skbmod index value to use\n");
+}
+
+static void skbmod_usage(void)
+{
+	skbmod_explain();
+	exit(-1);
+}
+
+static int parse_skbmod(struct action_util *a, int *argc_p, char ***argv_p,
+			int tca_id, struct nlmsghdr *n)
+{
+	int argc = *argc_p;
+	char **argv = *argv_p;
+	int ok = 0;
+	struct tc_skbmod p;
+	struct rtattr *tail;
+	char dbuf[ETH_ALEN];
+	char sbuf[ETH_ALEN];
+	__u16 skbmod_etype = 0;
+	char *daddr = NULL;
+	char *saddr = NULL;
+
+	memset(&p, 0, sizeof(p));
+	p.action = TC_ACT_PIPE;	/* good default */
+
+	if (argc <= 0)
+		return -1;
+
+	while (argc > 0) {
+		if (matches(*argv, "skbmod") == 0) {
+			NEXT_ARG();
+			continue;
+		} else if (matches(*argv, "swap") == 0) {
+			NEXT_ARG();
+			continue;
+		} else if (matches(*argv, "mac") == 0) {
+			p.flags |= SKBMOD_F_SWAPMAC;
+			ok +=1;
+		} else if (matches(*argv, "set") == 0) {
+			NEXT_ARG();
+			continue;
+		} else if (matches(*argv, "etype") == 0) {
+			NEXT_ARG();
+			if (get_u16(&skbmod_etype, *argv, 0))
+				invarg("ethertype is invalid", *argv);
+			fprintf(stderr, "skbmod etype 0x%x\n", skbmod_etype);
+			p.flags |= SKBMOD_F_ETYPE;
+			ok +=1;
+		} else if (matches(*argv, "dmac") == 0) {
+			NEXT_ARG();
+			daddr = *argv;
+			if (sscanf(daddr, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx",
+				   dbuf, dbuf + 1, dbuf + 2,
+				   dbuf + 3, dbuf + 4, dbuf + 5) != 6) {
+				fprintf(stderr, "Invalid dst mac address %s\n",
+					daddr);
+				return -1;
+			}
+			p.flags |= SKBMOD_F_DMAC;
+			fprintf(stderr, "dst MAC address <%s>\n", daddr);
+			ok +=1;
+
+		} else if (matches(*argv, "smac") == 0) {
+			NEXT_ARG();
+			saddr = *argv;
+			if (sscanf(saddr, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx",
+				   sbuf, sbuf + 1, sbuf + 2,
+				   sbuf + 3, sbuf + 4, sbuf + 5) != 6) {
+				fprintf(stderr, "Invalid smac address %s\n",
+					saddr);
+				return -1;
+			}
+			p.flags |= SKBMOD_F_SMAC;
+			fprintf(stderr, "src MAC address <%s>\n", saddr);
+			ok +=1;
+		} else if (matches(*argv, "help") == 0) {
+			skbmod_usage();
+		} else {
+			break;
+		}
+
+		argc--;
+		argv++;
+	}
+
+#if 0
+	if (p.flags & SKBMOD_F_SWAPMAC) {
+		if ((p.flags & SKBMOD_F_DMAC) || (p.flags & SKBMOD_F_SMAC)) {
+			fprintf(stderr, "Not allowed to mix S/MAC and swapping\n");
+			skbmod_usage();
+		}
+	}
+#endif
+
+	if (argc) {
+		if (matches(*argv, "reclassify") == 0) {
+			p.action = TC_ACT_RECLASSIFY;
+			argc--;
+			argv++;
+		} else if (matches(*argv, "pipe") == 0) {
+			p.action = TC_ACT_PIPE;
+			argc--;
+			argv++;
+		} else if (matches(*argv, "drop") == 0 ||
+			   matches(*argv, "shot") == 0) {
+			p.action = TC_ACT_SHOT;
+			argc--;
+			argv++;
+		} else if (matches(*argv, "continue") == 0) {
+			p.action = TC_ACT_UNSPEC;
+			argc--;
+			argv++;
+		} else if (matches(*argv, "pass") == 0 ||
+			   matches(*argv, "ok") == 0) {
+			p.action = TC_ACT_OK;
+			argc--;
+			argv++;
+		}
+	}
+
+	if (argc) {
+		if (matches(*argv, "index") == 0) {
+			NEXT_ARG();
+			if (get_u32(&p.index, *argv, 0)) {
+				fprintf(stderr, "skbmod: Illegal \"index\"\n");
+				return -1;
+			}
+			ok++;
+			argc--;
+			argv++;
+		}
+	}
+
+	if (!ok) {
+		fprintf(stderr, "skbmod requires at least one option\n");
+		skbmod_usage();
+	}
+
+	tail = NLMSG_TAIL(n);
+	addattr_l(n, MAX_MSG, tca_id, NULL, 0);
+	addattr_l(n, MAX_MSG, TCA_SKBMOD_PARMS, &p, sizeof(p));
+
+	if (daddr)
+		addattr_l(n, MAX_MSG, TCA_SKBMOD_DMAC, dbuf, ETH_ALEN);
+	if (skbmod_etype)
+		addattr16(n, MAX_MSG, TCA_SKBMOD_ETYPE, skbmod_etype);
+	if (saddr)
+		addattr_l(n, MAX_MSG, TCA_SKBMOD_SMAC, sbuf, ETH_ALEN);
+
+	tail->rta_len = (void *)NLMSG_TAIL(n) - (void *)tail;
+
+	*argc_p = argc;
+	*argv_p = argv;
+	return 0;
+}
+
+static int print_skbmod(struct action_util *au, FILE *f, struct rtattr *arg)
+{
+	struct tc_skbmod *p = NULL;
+	struct rtattr *tb[TCA_SKBMOD_MAX + 1];
+	__u16 skbmod_etype = 0;
+	int has_optional = 0;
+        SPRINT_BUF(b1);
+        SPRINT_BUF(b2);
+
+	if (arg == NULL)
+		return -1;
+
+	parse_rtattr_nested(tb, TCA_SKBMOD_MAX, arg);
+
+	if (tb[TCA_SKBMOD_PARMS] == NULL) {
+		fprintf(f, "[NULL skbmod parameters]");
+		return -1;
+	}
+
+	p = RTA_DATA(tb[TCA_SKBMOD_PARMS]);
+
+	fprintf(f, "skbmod action %s ", action_n2a(p->action));
+
+	if (tb[TCA_SKBMOD_ETYPE]) {
+		skbmod_etype = rta_getattr_u16(tb[TCA_SKBMOD_ETYPE]);
+		has_optional = 1;
+		fprintf(f, "set etype 0x%X ", skbmod_etype);
+	}
+
+	if (has_optional)
+		fprintf(f, "\n\t ");
+
+	if (tb[TCA_SKBMOD_DMAC]) {
+		has_optional = 1;
+		fprintf(f, "set dmac %s ",
+			ll_addr_n2a(RTA_DATA(tb[TCA_SKBMOD_DMAC]),
+				    RTA_PAYLOAD(tb[TCA_SKBMOD_DMAC]), 0, b1,
+				    sizeof(b1)));
+
+	}
+
+	if (tb[TCA_SKBMOD_SMAC]) {
+		has_optional = 1;
+		fprintf(f, "set smac %s ",
+			ll_addr_n2a(RTA_DATA(tb[TCA_SKBMOD_SMAC]),
+				    RTA_PAYLOAD(tb[TCA_SKBMOD_SMAC]), 0, b2,
+				    sizeof(b2)));
+	}
+
+	if (p->flags & SKBMOD_F_SWAPMAC) {
+		fprintf(f, "swap mac ");
+	}
+
+	fprintf(f, "\n\t index %d ref %d bind %d", p->index, p->refcnt,
+		p->bindcnt);
+	if (show_stats) {
+		if (tb[TCA_SKBMOD_TM]) {
+			struct tcf_t *tm = RTA_DATA(tb[TCA_SKBMOD_TM]);
+
+			print_tm(f, tm);
+		}
+	}
+
+	fprintf(f, "\n");
+
+	return 0;
+}
+
+struct action_util skbmod_action_util = {
+	.id = "skbmod",
+	.parse_aopt = parse_skbmod,
+	.print_aopt = print_skbmod,
+};
-- 
1.9.1

[PATCH iproute2 7/9] man pages: update ife action to include tcindex

[Jamal Hadi Salim]

From: Lucas Bates <lucasb@mojatatu.com>

Signed-off-by: Lucas Bates <lucasb@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
 man/man8/tc-ife.8 | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/man/man8/tc-ife.8 b/man/man8/tc-ife.8
index 7b3601e..aaf0f97 100644
--- a/man/man8/tc-ife.8
+++ b/man/man8/tc-ife.8
@@ -5,8 +5,8 @@ IFE - encapsulate/decapsulate metadata
 .SH SYNOPSIS
 .in +8
 .ti -8
-.BR tc " ... " action ife"
-.I DIRECTION ACTION
+.BR tc " ... " " action ife"
+.IR DIRECTION " [ " ACTION " ] "
 .RB "[ " dst
 .IR DMAC " ] "
 .RB "[ " src
@@ -24,7 +24,13 @@ IFE - encapsulate/decapsulate metadata
 
 .ti -8
 .IR ACTION " := { "
-.BR allow " | " use " }"
+.BI allow " ATTR"
+.RB "| " use
+.IR "ATTR value" " }"
+
+.ti -8
+.IR ATTR " := { "
+.BR mark " | " prio " | " tcindex " }"
 
 .ti -8
 .IR CONTROL " := { "
@@ -50,6 +56,23 @@ Encode direction only. Allows encoding specified metadata.
 .B use
 Encode direction only. Enforce static encoding of specified metadata.
 .TP
+.BR mark " [ "
+.IR u32_value " ]"
+The value to set for the skb mark. The u32 value is required only when
+.BR use " is specified."
+.TP
+.BR prio " [ "
+.IR u32_value " ]"
+The value to set for priority in the skb structure. The u32 value is required
+only when
+.BR use " is specified."
+.TP
+.BR tcindex " ["
+.IR u16_value " ]"
+Value to set for the traffic control index in the skb structure. The u16 value
+is required only when
+.BR use " is specified."
+.TP
 .BI dmac " DMAC"
 .TQ
 .BI smac " SMAC"
-- 
1.9.1

[PATCH iproute2 8/9] man pages: Add tc-ife to Makefile

[Jamal Hadi Salim]

From: Jamal Hadi Salim <jhs@mojatatu.com>

Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
 man/man8/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/man/man8/Makefile b/man/man8/Makefile
index 9213769..4ad96ce 100644
--- a/man/man8/Makefile
+++ b/man/man8/Makefile
@@ -16,7 +16,7 @@ MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 rtpr.8 ss.
 	tc-basic.8 tc-cgroup.8 tc-flow.8 tc-flower.8 tc-fw.8 tc-route.8 \
 	tc-tcindex.8 tc-u32.8 tc-matchall.8 \
 	tc-connmark.8 tc-csum.8 tc-mirred.8 tc-nat.8 tc-pedit.8 tc-police.8 \
-	tc-simple.8 tc-skbedit.8 tc-vlan.8 tc-xt.8 \
+	tc-simple.8 tc-skbedit.8 tc-vlan.8 tc-xt.8  tc-ife.8 \
 	devlink.8 devlink-dev.8 devlink-monitor.8 devlink-port.8 devlink-sb.8
 
 all: $(TARGETS)
-- 
1.9.1

[PATCH iproute2 9/9] man pages: add man page for skbmod action

[Jamal Hadi Salim]

From: Lucas Bates <lucasb@mojatatu.com>

Signed-off-by: Lucas Bates <lucasb@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
 man/man8/Makefile    |   2 +-
 man/man8/tc-skbmod.8 | 137 +++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 138 insertions(+), 1 deletion(-)
 create mode 100644 man/man8/tc-skbmod.8

diff --git a/man/man8/Makefile b/man/man8/Makefile
index 4ad96ce..de6f249 100644
--- a/man/man8/Makefile
+++ b/man/man8/Makefile
@@ -16,7 +16,7 @@ MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 rtpr.8 ss.
 	tc-basic.8 tc-cgroup.8 tc-flow.8 tc-flower.8 tc-fw.8 tc-route.8 \
 	tc-tcindex.8 tc-u32.8 tc-matchall.8 \
 	tc-connmark.8 tc-csum.8 tc-mirred.8 tc-nat.8 tc-pedit.8 tc-police.8 \
-	tc-simple.8 tc-skbedit.8 tc-vlan.8 tc-xt.8  tc-ife.8 \
+	tc-simple.8 tc-skbedit.8 tc-vlan.8 tc-xt.8  tc-ife.8 tc-skbmod.8 \
 	devlink.8 devlink-dev.8 devlink-monitor.8 devlink-port.8 devlink-sb.8
 
 all: $(TARGETS)
diff --git a/man/man8/tc-skbmod.8 b/man/man8/tc-skbmod.8
new file mode 100644
index 0000000..6efe9b6
--- /dev/null
+++ b/man/man8/tc-skbmod.8
@@ -0,0 +1,137 @@
+.TH "skbmod action in tc" 8 "21 Sep 2016" "iproute2" "Linux"
+
+.SH NAME
+skbmod - user-friendly packet editor action
+.SH SYNOPSIS
+.in +8
+.ti -8
+.BR tc " ... " "action skbmod " "{ [ " "set "
+.IR SETTABLE " ] [ "
+.BI swap " SWAPPABLE"
+.RI " ] [ " CONTROL " ] [ "
+.BI index " INDEX "
+] }
+
+.ti -8
+.IR SETTABLE " := "
+.RB " [ " dmac
+.IR DMAC " ] "
+.RB " [ " smac
+.IR SMAC " ] "
+.RB " [ " etype
+.IR ETYPE " ] "
+
+.ti -8
+.IR SWAPPABLE " := "
+.B mac
+.ti -8                                                                          
+.IR CONTROL " := {"                                                             
+.BR reclassify " | " pipe " | " drop " | " shot " | " continue " | " pass " }"
+.SH DESCRIPTION
+The
+.B skbmod
+action is intended as a usability upgrade to the existing
+.B pedit
+action. Instead of having to manually edit 8-, 16-, or 32-bit chunks of an
+ethernet header, 
+.B skbmod
+allows complete substitution of supported elements.
+.SH OPTIONS
+.TP
+.BI dmac " DMAC"
+Change the destination mac to the specified address.
+.TP
+.BI smac " SMAC"
+Change the source mac to the specified address.
+.TP
+.BI etype " ETYPE"
+Change the ethertype to the specified value.
+.TP
+.BI mac
+Used to swap mac addresses. The 
+.B swap mac
+directive is performed
+after any outstanding D/SMAC changes.
+.TP                                                                             
+.I CONTROL                                                                      
+The following keywords allow to control how the tree of qdisc, classes,         
+filters and actions is further traversed after this action.                     
+.RS                                                                             
+.TP                                                                             
+.B reclassify                                                                   
+Restart with the first filter in the current list.                              
+.TP                                                                             
+.B pipe                                                                         
+Continue with the next action attached to the same filter.                      
+.TP                                                                             
+.B drop                                                                         
+.TQ                                                                             
+.B shot                                                                         
+Drop the packet.                                                                
+.TP                                                                             
+.B continue                                                                     
+Continue classification with the next filter in line.                           
+.TP
+.B pass                                                                         
+Finish classification process and return to calling qdisc for further packet    
+processing. This is the default.
+.SH EXAMPLES
+To start, observe the following filter with a pedit action:
+
+.RS
+.EX
+tc filter add dev eth1 parent 1: protocol ip prio 10 \\
+	u32 match ip protocol 1 0xff flowid 1:2 \\
+	action pedit munge offset -14 u8 set 0x02 \\
+	munge offset -13 u8 set 0x15 \\
+	munge offset -12 u8 set 0x15 \\
+	munge offset -11 u8 set 0x15 \\
+	munge offset -10 u16 set 0x1515 \\
+	pipe
+.EE
+.RE
+
+Using the skbmod action, this command can be simplified to:
+
+.RS
+.EX
+tc filter add dev eth1 parent 1: protocol ip prio 10 \\
+	u32 match ip protocol 1 0xff flowid 1:2 \\
+	action skbmod set dmac 02:15:15:15:15:15 \\
+	pipe
+.EE
+.RE
+
+Complexity will increase if source mac and ethertype are also being edited
+as part of the action. If all three fields are to be changed with skbmod:
+
+.RS
+.EX
+tc filter add dev eth5 parent 1: protocol ip prio 10 \\
+	u32 match ip protocol 1 0xff flowid 1:2 \\
+	action skbmod \\
+	set etype 0xBEEF \\
+	set dmac 02:12:13:14:15:16 \\
+	set smac 02:22:23:24:25:26
+.EE
+.RE
+
+Finally, swap the destination and source mac addresses in the header:
+
+.RS
+.EX
+tc filter add dev eth3 parent 1: protocol ip prio 10 \\
+	u32 match ip protocol 1 0xff flowid 1:2 \\
+	action skbmod \\
+	swap mac
+.EE
+.RE
+
+As mentioned above, the swap action will occur after any
+.B " smac/dmac "
+substitutions are executed, if they are present.
+
+.SH SEE ALSO
+.BR tc (8),
+.BR tc-u32 (8),
+.BR tc-pedit (8)
-- 
1.9.1

Re: [PATCH iproute2 6/9] actions: add skbmod action

[Stephen Hemminger]

On Sat,  1 Oct 2016 16:48:34 -0400
Jamal Hadi Salim <jhs@mojatatu.com> wrote:

> From: Jamal Hadi Salim <jhs@mojatatu.com>
> 
> This action is intended to be an upgrade from a usability perspective
> from pedit (as well as operational debugability).
> Compare this:
> 
> sudo tc filter add dev $ETH parent 1: protocol ip prio 10 \
> u32 match ip protocol 1 0xff flowid 1:2 \
> action pedit munge offset -14 u8 set 0x02 \
>     munge offset -13 u8 set 0x15 \
>     munge offset -12 u8 set 0x15 \
>     munge offset -11 u8 set 0x15 \
>     munge offset -10 u16 set 0x1515 \
>     pipe
> 
> to:
> 
> sudo tc filter add dev $ETH parent 1: protocol ip prio 10 \
> u32 match ip protocol 1 0xff flowid 1:2 \
> action skbmod dmac 02:15:15:15:15:15
> 
> Or worse, try to debug a policy with destination mac, source mac and
> etherype. Then make that a hundred rules and you'll get my point.
> 
> The most important ethernet use case at the moment is when redirecting or
> mirroring packets to a remote machine. The dst mac address needs a re-write
> so that it doesnt get dropped or confuse an interconnecting (learning) switch
> or dropped by a target machine (which looks at the dst mac).
> 
> In the future common use cases on pedit can be migrated to this action
> (as an example different fields in ip v4/6, transports like tcp/udp/sctp
> etc). For this first cut, this allows modifying basic ethernet header.
> 
> Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>

Lots of checkpatch errors on this. Please fix and resubmit series.
For example:

ERROR: spaces required around that '+=' (ctx:WxV)
#442: FILE: tc/m_skbmod.c:79:
+			ok +=1;


ERROR: code indent should use tabs where possible
#567: FILE: tc/m_skbmod.c:204:
+        SPRINT_BUF(b1);$

WARNING: please, no spaces at the start of a line
#567: FILE: tc/m_skbmod.c:204:
+        SPRINT_BUF(b1);$

ERROR: code indent should use tabs where possible
#568: FILE: tc/m_skbmod.c:205:
+        SPRINT_BUF(b2);$

WARNING: please, no spaces at the start of a line
#568: FILE: tc/m_skbmod.c:205:
+        SPRINT_BUF(b2);$

WARNING: braces {} are not necessary for single statement blocks
#610: FILE: tc/m_skbmod.c:247:
+	if (p->flags & SKBMOD_F_SWAPMAC) {
+		fprintf(f, "swap mac ");
+	}


ERROR: trailing whitespace
#816: FILE: man/man8/tc-skbmod.8:28:
+.IR CONTROL " := {"                                                             $