From patchwork Mon Aug 30 08:08:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Boris Sukholitko X-Patchwork-Id: 504588 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,MIME_NO_TEXT, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AFDE2C432BE for ; Mon, 30 Aug 2021 08:09:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8B6EB60FED for ; Mon, 30 Aug 2021 08:09:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234574AbhH3IKH (ORCPT ); Mon, 30 Aug 2021 04:10:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44822 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234166AbhH3IKG (ORCPT ); Mon, 30 Aug 2021 04:10:06 -0400 Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DC671C061575 for ; Mon, 30 Aug 2021 01:09:12 -0700 (PDT) Received: by mail-pg1-x531.google.com with SMTP id q68so12612202pga.9 for ; Mon, 30 Aug 2021 01:09:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=from:to:cc:subject:date:message-id:mime-version; bh=x2tN/h5+mJI2LGzTVLuuL5eUheia6qyastuCgNr3a38=; b=WwSDzwHrnWmvogvMeffxtfRQh6w9xE2kxdechljRHfyzhZTe0vi5pb1UaI9DYIcejg tMlpHAciY8riwpbHp2+YQjiI7zKQHHO1/NKvuqJjdcPxDMhcKffSJkd0WaUwNO+8r+fq KXUbzUw7DN2k/w0JiLABhAobv4U+CsjE3yvzA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version; bh=x2tN/h5+mJI2LGzTVLuuL5eUheia6qyastuCgNr3a38=; b=tnrOsNxqCYDg8a3dnjnEbiZSwBuN+SY7pqQx07VtAhl+ghgcXckiOyp+Wx3cDtmXuF cN8dtk3FwSnOQ2b66nO0+1pIQRK1KUKAC21k8/LJ7TS2vYGKj3x/QumzIyLf2UK4JqVR VnLcqvxW/yG7fVwtvTxYMmsEjlNbg4nDnNOX5uU6XrXTlr23jrL1kpahO3CzSAMItYCN 6FYFRCGqX1UKP9P0ROo5Z3oqyPLC+96Oh5upuPYBmGwvPA9CS8U2c52FuP2jP8of4Prs gg1qNd20d6ROQD7oWKimC+BWlFukC6M1nyznsQ3D8iMIss2mvc5fsT3Ws7O/5y6+3pPj 3gQA== X-Gm-Message-State: AOAM530xbK/Y53J5fI28VEWEpKh6t+9eCKFgoY1/09ukwkcV8xqhXcm9 XL+YVnNakqdpEc3luNOA9PWs4jjroPQHgECaNnby+pPpHrgIT+CR7SdchnmCbkFA4tA/vBXLUah Avo5yhPUDJMnQ3qZizfDxuW8RXsRJDupE5nndVqlJiLU9NL6aD/QBZxzZ0MDEp/nuIX/JaVUSyA CQj77BqNI= X-Google-Smtp-Source: ABdhPJwmfiqp5PqwoxQUtkbMqOGaT7DRFG9XOg6DZzibc4JjceXCMzNI7CPsDdnufpukT95exqwzQQ== X-Received: by 2002:a63:4b60:: with SMTP id k32mr20683813pgl.198.1630310951917; Mon, 30 Aug 2021 01:09:11 -0700 (PDT) Received: from localhost.localdomain ([192.19.250.250]) by smtp.gmail.com with ESMTPSA id t15sm16178349pgi.80.2021.08.30.01.09.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Aug 2021 01:09:11 -0700 (PDT) From: Boris Sukholitko To: netdev@vger.kernel.org Cc: Ilya Lifshits , Boris Sukholitko Subject: [PATCH iproute2-next] flower: add orig_ethtype key Date: Mon, 30 Aug 2021 11:08:49 +0300 Message-Id: <20210830080849.18695-1-boris.sukholitko@broadcom.com> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The following flower filter fails to match packets: tc filter add dev eth0 ingress protocol 0x8864 flower \ action simple sdata hi64 The following is explanation of the issue on the kernel side. The protocol 0x8864 (ETH_P_PPP_SES) is a tunnel protocol. As such, it is being dissected by __skb_flow_dissect and it's internal protocol is being set as key->basic.n_proto. IOW, the existence of ETH_P_PPP_SES tunnel is transparent to the callers of __skb_flow_dissect. OTOH, in the filters above, cls_flower configures its key->basic.n_proto to the ETH_P_PPP_SES value configured by the user. Matching on this key fails because of __skb_flow_dissect "transparency" mentioned above. Therefore there is no way currently to match on such packets using flower. To fix the issue add new orig_ethtype key to the flower along with the necessary changes to the flow dissector etc. To filter the ETH_P_PPP_SES packets the command becomes: tc filter add dev eth0 ingress flower orig_ethtype 0x8864 \ action simple sdata hi64 Corresponding kernel patch was sent separately. Signed-off-by: Boris Sukholitko --- include/uapi/linux/pkt_cls.h | 1 + tc/f_flower.c | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h index 025c40fe..238dee49 100644 --- a/include/uapi/linux/pkt_cls.h +++ b/include/uapi/linux/pkt_cls.h @@ -583,6 +583,7 @@ enum { TCA_FLOWER_KEY_HASH, /* u32 */ TCA_FLOWER_KEY_HASH_MASK, /* u32 */ + TCA_FLOWER_KEY_ORIG_ETH_TYPE, /* be16 */ __TCA_FLOWER_MAX, }; diff --git a/tc/f_flower.c b/tc/f_flower.c index c5af0276..935d0cbd 100644 --- a/tc/f_flower.c +++ b/tc/f_flower.c @@ -1431,6 +1431,13 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, if (check_ifname(*argv)) invarg("\"indev\" not a valid ifname", *argv); addattrstrz(n, MAX_MSG, TCA_FLOWER_INDEV, *argv); + } else if (matches(*argv, "orig_ethtype") == 0) { + __be16 orig_ethtype; + + NEXT_ARG(); + if (ll_proto_a2n(&orig_ethtype, *argv)) + invarg("invalid orig_ethtype", *argv); + addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ORIG_ETH_TYPE, orig_ethtype); } else if (matches(*argv, "vlan_id") == 0) { __u16 vid; @@ -2582,6 +2589,16 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, rta_getattr_str(attr)); } + if (tb[TCA_FLOWER_KEY_ORIG_ETH_TYPE]) { + SPRINT_BUF(buf); + struct rtattr *attr = tb[TCA_FLOWER_KEY_ORIG_ETH_TYPE]; + + print_nl(); + print_string(PRINT_ANY, "orig_ethtype", " orig_ethtype %s", + ll_proto_n2a(rta_getattr_u16(attr), + buf, sizeof(buf))); + } + open_json_object("keys"); if (tb[TCA_FLOWER_KEY_VLAN_ID]) {