diff mbox series

[net-next,v2,5/5] net/sched: flower: Consider the number of tags for vlan filters

Message ID 20220412100236.27244-6-boris.sukholitko@broadcom.com (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series net/sched: flower: match on the number of vlan tags | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for net-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix success Link
netdev/cover_letter success Series has a cover letter
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers warning 1 maintainers not CCed: pabeni@redhat.com
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch warning WARNING: line length of 81 exceeds 80 columns
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Boris Sukholitko April 12, 2022, 10:02 a.m. UTC 
Currently the existence of vlan filters is conditional on the vlan
protocol being matched in the tc rule. I.e. the following rule:

tc filter add dev eth1 ingress flower vlan_prio 5

is illegal because we lack protocol 802.1q in the rule.

Having the num_of_vlans filter configured removes this restriction. The
following rule becomes ok:

tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5

because we know that the packet is single tagged.

We achieve the above by having is_vlan_key helper look at the number of
vlans in addition to the vlan ethertype. Outer tag vlan filters (e.g.
vlan_prio) require the number of vlan tags be greater than 0. Inner
filters (e.g. cvlan_prio) require the number of vlan tags be greater
than 1.

Number of vlans filter may cause ethertype to be set to 0. Check this in
fl_set_key_vlan.

Signed-off-by: Boris Sukholitko <boris.sukholitko@broadcom.com>
---
 net/sched/cls_flower.c | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

Comments

Jiri Pirko April 12, 2022, 11:09 a.m. UTC | #1 
Tue, Apr 12, 2022 at 12:02:36PM CEST, boris.sukholitko@broadcom.com wrote:
>Currently the existence of vlan filters is conditional on the vlan
>protocol being matched in the tc rule. I.e. the following rule:
>
>tc filter add dev eth1 ingress flower vlan_prio 5
>
>is illegal because we lack protocol 802.1q in the rule.
>
>Having the num_of_vlans filter configured removes this restriction. The
>following rule becomes ok:
>
>tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>
>because we know that the packet is single tagged.
>
>We achieve the above by having is_vlan_key helper look at the number of

Sorry to be a nitpicker, but who's "we"? When I read the patch
description, I need to understand clearly what the patch is doing, which
is not this case. You suppose to command the codebase what to do.
I fail to see that :/


>vlans in addition to the vlan ethertype. Outer tag vlan filters (e.g.
>vlan_prio) require the number of vlan tags be greater than 0. Inner
>filters (e.g. cvlan_prio) require the number of vlan tags be greater
>than 1.
>
>Number of vlans filter may cause ethertype to be set to 0. Check this in
>fl_set_key_vlan.
>
Boris Sukholitko April 12, 2022, 11:40 a.m. UTC | #2 
On Tue, Apr 12, 2022 at 01:09:35PM +0200, Jiri Pirko wrote:
> Tue, Apr 12, 2022 at 12:02:36PM CEST, boris.sukholitko@broadcom.com wrote:
> >Currently the existence of vlan filters is conditional on the vlan
> >protocol being matched in the tc rule. I.e. the following rule:
> >
> >tc filter add dev eth1 ingress flower vlan_prio 5
> >
> >is illegal because we lack protocol 802.1q in the rule.
> >
> >Having the num_of_vlans filter configured removes this restriction. The
> >following rule becomes ok:
> >
> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >
> >because we know that the packet is single tagged.
> >
> >We achieve the above by having is_vlan_key helper look at the number of
> 
> Sorry to be a nitpicker, but who's "we"? When I read the patch
> description, I need to understand clearly what the patch is doing, which
> is not this case. You suppose to command the codebase what to do.
> I fail to see that :/
> 
> 

What do you think of the following description? The description consists
of two parts: the first provides motivation for the patch, the second is
the way the motivation is implemented. I've judiciously edited out the
"we"-word. :)

<description>

Currently the existence of vlan filters is conditional on the vlan
protocol being matched in the tc rule. I.e. the following rule:

tc filter add dev eth1 ingress flower vlan_prio 5

is illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.

Having the num_of_vlans filter configured removes this restriction. The
following rule becomes ok:

tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5

because having num_of_vlans==1 implies that the packet is single tagged.

To make the above possible, is_vlan_key helper is changed to look at the
number of vlans in addition to the vlan ethertype.

Outer tag vlan filters (e.g.  vlan_prio) require the number of vlan tags
be greater than 0. Inner filters (e.g. cvlan_prio) require the number of
vlan tags be greater than 1.

Number of vlans filter may cause ethertype to be set to 0.
fl_set_key_vlan is changed to accomodate this.

</description>

Thanks,
Boris.

> >vlans in addition to the vlan ethertype. Outer tag vlan filters (e.g.
> >vlan_prio) require the number of vlan tags be greater than 0. Inner
> >filters (e.g. cvlan_prio) require the number of vlan tags be greater
> >than 1.
> >
> >Number of vlans filter may cause ethertype to be set to 0. Check this in
> >fl_set_key_vlan.
> >
Jiri Pirko April 12, 2022, 12:12 p.m. UTC | #3 
Tue, Apr 12, 2022 at 01:40:49PM CEST, boris.sukholitko@broadcom.com wrote:
>On Tue, Apr 12, 2022 at 01:09:35PM +0200, Jiri Pirko wrote:
>> Tue, Apr 12, 2022 at 12:02:36PM CEST, boris.sukholitko@broadcom.com wrote:
>> >Currently the existence of vlan filters is conditional on the vlan
>> >protocol being matched in the tc rule. I.e. the following rule:
>> >
>> >tc filter add dev eth1 ingress flower vlan_prio 5
>> >
>> >is illegal because we lack protocol 802.1q in the rule.
>> >
>> >Having the num_of_vlans filter configured removes this restriction. The
>> >following rule becomes ok:
>> >
>> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>> >
>> >because we know that the packet is single tagged.
>> >
>> >We achieve the above by having is_vlan_key helper look at the number of
>> 
>> Sorry to be a nitpicker, but who's "we"? When I read the patch
>> description, I need to understand clearly what the patch is doing, which
>> is not this case. You suppose to command the codebase what to do.
>> I fail to see that :/
>> 
>> 
>
>What do you think of the following description? The description consists
>of two parts: the first provides motivation for the patch, the second is
>the way the motivation is implemented. I've judiciously edited out the
>"we"-word. :)
>
><description>
>
>Currently the existence of vlan filters is conditional on the vlan
>protocol being matched in the tc rule. I.e. the following rule:
>
>tc filter add dev eth1 ingress flower vlan_prio 5
>
>is illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
>
>Having the num_of_vlans filter configured removes this restriction. The
>following rule becomes ok:
>
>tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5

So this is what this patch allows? You are talking about it as it is
already possible with the code before this patch being applied.


>
>because having num_of_vlans==1 implies that the packet is single tagged.
>
>To make the above possible, is_vlan_key helper is changed to look at the
>number of vlans in addition to the vlan ethertype.

What "is changed"? You should tell the codebase what to do, what toadd,
remove or change. If you did that, it would be very clear to the reader
what the patch is supposed to do.


>
>Outer tag vlan filters (e.g.  vlan_prio) require the number of vlan tags
>be greater than 0. Inner filters (e.g. cvlan_prio) require the number of
>vlan tags be greater than 1.

Again, unclear what this describes, if the current code before the patch
or the state after this patch.


>
>Number of vlans filter may cause ethertype to be set to 0.
>fl_set_key_vlan is changed to accomodate this.
>
></description>
>
>Thanks,
>Boris.
>
>> >vlans in addition to the vlan ethertype. Outer tag vlan filters (e.g.
>> >vlan_prio) require the number of vlan tags be greater than 0. Inner
>> >filters (e.g. cvlan_prio) require the number of vlan tags be greater
>> >than 1.
>> >
>> >Number of vlans filter may cause ethertype to be set to 0. Check this in
>> >fl_set_key_vlan.
>> >
Boris Sukholitko April 12, 2022, 1:16 p.m. UTC | #4 
On Tue, Apr 12, 2022 at 02:12:15PM +0200, Jiri Pirko wrote:
> Tue, Apr 12, 2022 at 01:40:49PM CEST, boris.sukholitko@broadcom.com wrote:
> >On Tue, Apr 12, 2022 at 01:09:35PM +0200, Jiri Pirko wrote:
> >> Tue, Apr 12, 2022 at 12:02:36PM CEST, boris.sukholitko@broadcom.com wrote:
> >> >Currently the existence of vlan filters is conditional on the vlan
> >> >protocol being matched in the tc rule. I.e. the following rule:
> >> >
> >> >tc filter add dev eth1 ingress flower vlan_prio 5
> >> >
> >> >is illegal because we lack protocol 802.1q in the rule.
> >> >
> >> >Having the num_of_vlans filter configured removes this restriction. The
> >> >following rule becomes ok:
> >> >
> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >> >
> >> >because we know that the packet is single tagged.
> >> >
> >> >We achieve the above by having is_vlan_key helper look at the number of
> >> 
> >> Sorry to be a nitpicker, but who's "we"? When I read the patch
> >> description, I need to understand clearly what the patch is doing, which
> >> is not this case. You suppose to command the codebase what to do.
> >> I fail to see that :/
> >> 
> >> 
> >
> >What do you think of the following description? The description consists
> >of two parts: the first provides motivation for the patch, the second is
> >the way the motivation is implemented. I've judiciously edited out the
> >"we"-word. :)
> >
> ><description>
> >
> >Currently the existence of vlan filters is conditional on the vlan
> >protocol being matched in the tc rule. I.e. the following rule:
> >
> >tc filter add dev eth1 ingress flower vlan_prio 5
> >
> >is illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
> >
> >Having the num_of_vlans filter configured removes this restriction. The
> >following rule becomes ok:
> >
> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> 
> So this is what this patch allows?

Yes.

> You are talking about it as it is
> already possible with the code before this patch being applied.
> 

Sorry for the confusion. In the updated description I try to make the
distinction much clearer.

> 
> >
> >because having num_of_vlans==1 implies that the packet is single tagged.
> >
> >To make the above possible, is_vlan_key helper is changed to look at the
> >number of vlans in addition to the vlan ethertype.
> 
> What "is changed"? You should tell the codebase what to do, what toadd,
> remove or change. If you did that, it would be very clear to the reader
> what the patch is supposed to do.
> 

The "changed" refers to the code of is_vlan_key function which is
changed by this patch. Please see the updated description.

> 
> >
> >Outer tag vlan filters (e.g.  vlan_prio) require the number of vlan tags
> >be greater than 0. Inner filters (e.g. cvlan_prio) require the number of
> >vlan tags be greater than 1.
> 
> Again, unclear what this describes, if the current code before the patch
> or the state after this patch.
> 

What about the following:

<description>

Before this commit the existence of vlan filters was conditional on the vlan
protocol being matched in the tc rule. For example, the following rule:

tc filter add dev eth1 ingress flower vlan_prio 5

was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.

This commit removes the above restriction. Having the num_of_vlans
filter configured allows further matching on vlan attributes. The
following rule is ok now:

tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5

because having num_of_vlans==1 implies that the packet is single tagged.

To do this, this commit changes is_vlan_key helper to look at the number
of vlans in addition to the vlan ethertype. Outer (e.g. vlan_prio) and
inner (e.g. cvlan_prio) tag vlan filters require the number of vlan tags
to be greater then 0 and 1 accordingly.

As a result of this commit, the ethertype may be set to 0 when matching
on the number of vlans. This commit changes fl_set_key_vlan to avoid
setting key, mask vlan_tpid for the 0 ethertype.

</description>

Is this going into the right direction?

Thanks,
Boris.
Jiri Pirko April 12, 2022, 2:17 p.m. UTC | #5 
Tue, Apr 12, 2022 at 03:16:10PM CEST, boris.sukholitko@broadcom.com wrote:
>On Tue, Apr 12, 2022 at 02:12:15PM +0200, Jiri Pirko wrote:
>> Tue, Apr 12, 2022 at 01:40:49PM CEST, boris.sukholitko@broadcom.com wrote:
>> >On Tue, Apr 12, 2022 at 01:09:35PM +0200, Jiri Pirko wrote:
>> >> Tue, Apr 12, 2022 at 12:02:36PM CEST, boris.sukholitko@broadcom.com wrote:
>> >> >Currently the existence of vlan filters is conditional on the vlan
>> >> >protocol being matched in the tc rule. I.e. the following rule:
>> >> >
>> >> >tc filter add dev eth1 ingress flower vlan_prio 5
>> >> >
>> >> >is illegal because we lack protocol 802.1q in the rule.
>> >> >
>> >> >Having the num_of_vlans filter configured removes this restriction. The
>> >> >following rule becomes ok:
>> >> >
>> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>> >> >
>> >> >because we know that the packet is single tagged.
>> >> >
>> >> >We achieve the above by having is_vlan_key helper look at the number of
>> >> 
>> >> Sorry to be a nitpicker, but who's "we"? When I read the patch
>> >> description, I need to understand clearly what the patch is doing, which
>> >> is not this case. You suppose to command the codebase what to do.
>> >> I fail to see that :/
>> >> 
>> >> 
>> >
>> >What do you think of the following description? The description consists
>> >of two parts: the first provides motivation for the patch, the second is
>> >the way the motivation is implemented. I've judiciously edited out the
>> >"we"-word. :)
>> >
>> ><description>
>> >
>> >Currently the existence of vlan filters is conditional on the vlan
>> >protocol being matched in the tc rule. I.e. the following rule:
>> >
>> >tc filter add dev eth1 ingress flower vlan_prio 5
>> >
>> >is illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
>> >
>> >Having the num_of_vlans filter configured removes this restriction. The
>> >following rule becomes ok:
>> >
>> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>> 
>> So this is what this patch allows?
>
>Yes.
>
>> You are talking about it as it is
>> already possible with the code before this patch being applied.
>> 
>
>Sorry for the confusion. In the updated description I try to make the
>distinction much clearer.
>
>> 
>> >
>> >because having num_of_vlans==1 implies that the packet is single tagged.
>> >
>> >To make the above possible, is_vlan_key helper is changed to look at the
>> >number of vlans in addition to the vlan ethertype.
>> 
>> What "is changed"? You should tell the codebase what to do, what toadd,
>> remove or change. If you did that, it would be very clear to the reader
>> what the patch is supposed to do.
>> 
>
>The "changed" refers to the code of is_vlan_key function which is
>changed by this patch. Please see the updated description.
>
>> 
>> >
>> >Outer tag vlan filters (e.g.  vlan_prio) require the number of vlan tags
>> >be greater than 0. Inner filters (e.g. cvlan_prio) require the number of
>> >vlan tags be greater than 1.
>> 
>> Again, unclear what this describes, if the current code before the patch
>> or the state after this patch.
>> 
>
>What about the following:
>
><description>
>
>Before this commit the existence of vlan filters was conditional on the vlan
>protocol being matched in the tc rule. For example, the following rule:
>
>tc filter add dev eth1 ingress flower vlan_prio 5
>
>was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
>
>This commit removes the above restriction. Having the num_of_vlans

Say rather just "Remove the above restriction. ..."


>filter configured allows further matching on vlan attributes. The
>following rule is ok now:
>
>tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>
>because having num_of_vlans==1 implies that the packet is single tagged.
>
>To do this, this commit changes is_vlan_key helper to look at the number

"Change the is_vlan_key helper to look..."

Don't talk about "this commit".


>of vlans in addition to the vlan ethertype. Outer (e.g. vlan_prio) and
>inner (e.g. cvlan_prio) tag vlan filters require the number of vlan tags
>to be greater then 0 and 1 accordingly.
>
>As a result of this commit, the ethertype may be set to 0 when matching
>on the number of vlans. This commit changes fl_set_key_vlan to avoid
>setting key, mask vlan_tpid for the 0 ethertype.
>
></description>
>
>Is this going into the right direction?
>
>Thanks,
>Boris.
Boris Sukholitko April 13, 2022, 8:14 a.m. UTC | #6 
On Tue, Apr 12, 2022 at 04:17:01PM +0200, Jiri Pirko wrote:
> Tue, Apr 12, 2022 at 03:16:10PM CEST, boris.sukholitko@broadcom.com wrote:
> >On Tue, Apr 12, 2022 at 02:12:15PM +0200, Jiri Pirko wrote:
> >> Tue, Apr 12, 2022 at 01:40:49PM CEST, boris.sukholitko@broadcom.com wrote:
> >> >On Tue, Apr 12, 2022 at 01:09:35PM +0200, Jiri Pirko wrote:
> >> >> Tue, Apr 12, 2022 at 12:02:36PM CEST, boris.sukholitko@broadcom.com wrote:
> >> >> >Currently the existence of vlan filters is conditional on the vlan
> >> >> >protocol being matched in the tc rule. I.e. the following rule:
> >> >> >
> >> >> >tc filter add dev eth1 ingress flower vlan_prio 5
> >> >> >
> >> >> >is illegal because we lack protocol 802.1q in the rule.
> >> >> >
> >> >> >Having the num_of_vlans filter configured removes this restriction. The
> >> >> >following rule becomes ok:
> >> >> >
> >> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >> >> >
> >> >> >because we know that the packet is single tagged.
> >> >> >
> >> >> >We achieve the above by having is_vlan_key helper look at the number of
> >> >> 
> >> >> Sorry to be a nitpicker, but who's "we"? When I read the patch
> >> >> description, I need to understand clearly what the patch is doing, which
> >> >> is not this case. You suppose to command the codebase what to do.
> >> >> I fail to see that :/
> >> >> 
> >> >> 
> >> >
> >> >What do you think of the following description? The description consists
> >> >of two parts: the first provides motivation for the patch, the second is
> >> >the way the motivation is implemented. I've judiciously edited out the
> >> >"we"-word. :)
> >> >
> >> ><description>
> >> >
> >> >Currently the existence of vlan filters is conditional on the vlan
> >> >protocol being matched in the tc rule. I.e. the following rule:
> >> >
> >> >tc filter add dev eth1 ingress flower vlan_prio 5
> >> >
> >> >is illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
> >> >
> >> >Having the num_of_vlans filter configured removes this restriction. The
> >> >following rule becomes ok:
> >> >
> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >> 
> >> So this is what this patch allows?
> >
> >Yes.
> >
> >> You are talking about it as it is
> >> already possible with the code before this patch being applied.
> >> 
> >
> >Sorry for the confusion. In the updated description I try to make the
> >distinction much clearer.
> >
> >> 
> >> >
> >> >because having num_of_vlans==1 implies that the packet is single tagged.
> >> >
> >> >To make the above possible, is_vlan_key helper is changed to look at the
> >> >number of vlans in addition to the vlan ethertype.
> >> 
> >> What "is changed"? You should tell the codebase what to do, what toadd,
> >> remove or change. If you did that, it would be very clear to the reader
> >> what the patch is supposed to do.
> >> 
> >
> >The "changed" refers to the code of is_vlan_key function which is
> >changed by this patch. Please see the updated description.
> >
> >> 
> >> >
> >> >Outer tag vlan filters (e.g.  vlan_prio) require the number of vlan tags
> >> >be greater than 0. Inner filters (e.g. cvlan_prio) require the number of
> >> >vlan tags be greater than 1.
> >> 
> >> Again, unclear what this describes, if the current code before the patch
> >> or the state after this patch.
> >> 
> >
> >What about the following:
> >
> ><description>
> >
> >Before this commit the existence of vlan filters was conditional on the vlan
> >protocol being matched in the tc rule. For example, the following rule:
> >
> >tc filter add dev eth1 ingress flower vlan_prio 5
> >
> >was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
> >
> >This commit removes the above restriction. Having the num_of_vlans
> 
> Say rather just "Remove the above restriction. ..."
> 
> 
> >filter configured allows further matching on vlan attributes. The
> >following rule is ok now:
> >
> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >
> >because having num_of_vlans==1 implies that the packet is single tagged.
> >
> >To do this, this commit changes is_vlan_key helper to look at the number
> 
> "Change the is_vlan_key helper to look..."
> 
> Don't talk about "this commit".
> 

OK. The following incorporates both of the above suggestions:

<description>

Before this commit the existence of vlan filters was conditional on the vlan
protocol being matched in the tc rule. For example, the following rule:

tc filter add dev eth1 ingress flower vlan_prio 5

was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.

Remove the above restriction by looking at the num_of_vlans filter to
allow further matching on vlan attributes. The following rule is ok now:

tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5

because having num_of_vlans==1 implies that the packet is single tagged.

Change is_vlan_key helper to look at the number of vlans in addition to
the vlan ethertype. Outer (e.g. vlan_prio) and inner (e.g.  cvlan_prio)
tag vlan filters require the number of vlan tags to be greater then 0
and 1 accordingly.

As a result of is_vlan_key change, the ethertype may be set to 0 when
matching on the number of vlans. Update fl_set_key_vlan to avoid setting
key, mask vlan_tpid for the 0 ethertype.

</description>

Thanks,
Boris.
Jiri Pirko April 13, 2022, 11:44 a.m. UTC | #7 
Wed, Apr 13, 2022 at 10:14:17AM CEST, boris.sukholitko@broadcom.com wrote:
>On Tue, Apr 12, 2022 at 04:17:01PM +0200, Jiri Pirko wrote:
>> Tue, Apr 12, 2022 at 03:16:10PM CEST, boris.sukholitko@broadcom.com wrote:
>> >On Tue, Apr 12, 2022 at 02:12:15PM +0200, Jiri Pirko wrote:
>> >> Tue, Apr 12, 2022 at 01:40:49PM CEST, boris.sukholitko@broadcom.com wrote:
>> >> >On Tue, Apr 12, 2022 at 01:09:35PM +0200, Jiri Pirko wrote:
>> >> >> Tue, Apr 12, 2022 at 12:02:36PM CEST, boris.sukholitko@broadcom.com wrote:
>> >> >> >Currently the existence of vlan filters is conditional on the vlan
>> >> >> >protocol being matched in the tc rule. I.e. the following rule:
>> >> >> >
>> >> >> >tc filter add dev eth1 ingress flower vlan_prio 5
>> >> >> >
>> >> >> >is illegal because we lack protocol 802.1q in the rule.
>> >> >> >
>> >> >> >Having the num_of_vlans filter configured removes this restriction. The
>> >> >> >following rule becomes ok:
>> >> >> >
>> >> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>> >> >> >
>> >> >> >because we know that the packet is single tagged.
>> >> >> >
>> >> >> >We achieve the above by having is_vlan_key helper look at the number of
>> >> >> 
>> >> >> Sorry to be a nitpicker, but who's "we"? When I read the patch
>> >> >> description, I need to understand clearly what the patch is doing, which
>> >> >> is not this case. You suppose to command the codebase what to do.
>> >> >> I fail to see that :/
>> >> >> 
>> >> >> 
>> >> >
>> >> >What do you think of the following description? The description consists
>> >> >of two parts: the first provides motivation for the patch, the second is
>> >> >the way the motivation is implemented. I've judiciously edited out the
>> >> >"we"-word. :)
>> >> >
>> >> ><description>
>> >> >
>> >> >Currently the existence of vlan filters is conditional on the vlan
>> >> >protocol being matched in the tc rule. I.e. the following rule:
>> >> >
>> >> >tc filter add dev eth1 ingress flower vlan_prio 5
>> >> >
>> >> >is illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
>> >> >
>> >> >Having the num_of_vlans filter configured removes this restriction. The
>> >> >following rule becomes ok:
>> >> >
>> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>> >> 
>> >> So this is what this patch allows?
>> >
>> >Yes.
>> >
>> >> You are talking about it as it is
>> >> already possible with the code before this patch being applied.
>> >> 
>> >
>> >Sorry for the confusion. In the updated description I try to make the
>> >distinction much clearer.
>> >
>> >> 
>> >> >
>> >> >because having num_of_vlans==1 implies that the packet is single tagged.
>> >> >
>> >> >To make the above possible, is_vlan_key helper is changed to look at the
>> >> >number of vlans in addition to the vlan ethertype.
>> >> 
>> >> What "is changed"? You should tell the codebase what to do, what toadd,
>> >> remove or change. If you did that, it would be very clear to the reader
>> >> what the patch is supposed to do.
>> >> 
>> >
>> >The "changed" refers to the code of is_vlan_key function which is
>> >changed by this patch. Please see the updated description.
>> >
>> >> 
>> >> >
>> >> >Outer tag vlan filters (e.g.  vlan_prio) require the number of vlan tags
>> >> >be greater than 0. Inner filters (e.g. cvlan_prio) require the number of
>> >> >vlan tags be greater than 1.
>> >> 
>> >> Again, unclear what this describes, if the current code before the patch
>> >> or the state after this patch.
>> >> 
>> >
>> >What about the following:
>> >
>> ><description>
>> >
>> >Before this commit the existence of vlan filters was conditional on the vlan
>> >protocol being matched in the tc rule. For example, the following rule:
>> >
>> >tc filter add dev eth1 ingress flower vlan_prio 5
>> >
>> >was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
>> >
>> >This commit removes the above restriction. Having the num_of_vlans
>> 
>> Say rather just "Remove the above restriction. ..."
>> 
>> 
>> >filter configured allows further matching on vlan attributes. The
>> >following rule is ok now:
>> >
>> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>> >
>> >because having num_of_vlans==1 implies that the packet is single tagged.
>> >
>> >To do this, this commit changes is_vlan_key helper to look at the number
>> 
>> "Change the is_vlan_key helper to look..."
>> 
>> Don't talk about "this commit".
>> 
>
>OK. The following incorporates both of the above suggestions:
>
><description>
>
>Before this commit the existence of vlan filters was conditional on the vlan
>protocol being matched in the tc rule. For example, the following rule:
>
>tc filter add dev eth1 ingress flower vlan_prio 5
>
>was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
>
>Remove the above restriction by looking at the num_of_vlans filter to
>allow further matching on vlan attributes. The following rule is ok now:

What's "now"?


>
>tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
>
>because having num_of_vlans==1 implies that the packet is single tagged.
>
>Change is_vlan_key helper to look at the number of vlans in addition to
>the vlan ethertype. Outer (e.g. vlan_prio) and inner (e.g.  cvlan_prio)
>tag vlan filters require the number of vlan tags to be greater then 0
>and 1 accordingly.

I don't get this last sentence. "filters require". Do you do the change
or are you stating what's in before the patch?


>
>As a result of is_vlan_key change, the ethertype may be set to 0 when
>matching on the number of vlans. Update fl_set_key_vlan to avoid setting
>key, mask vlan_tpid for the 0 ethertype.
>
></description>
>
>Thanks,
>Boris.
Boris Sukholitko April 13, 2022, 12:11 p.m. UTC | #8 
On Wed, Apr 13, 2022 at 01:44:56PM +0200, Jiri Pirko wrote:
> Wed, Apr 13, 2022 at 10:14:17AM CEST, boris.sukholitko@broadcom.com wrote:
> >On Tue, Apr 12, 2022 at 04:17:01PM +0200, Jiri Pirko wrote:
> >> Tue, Apr 12, 2022 at 03:16:10PM CEST, boris.sukholitko@broadcom.com wrote:
> >> >On Tue, Apr 12, 2022 at 02:12:15PM +0200, Jiri Pirko wrote:
> >> >> Tue, Apr 12, 2022 at 01:40:49PM CEST, boris.sukholitko@broadcom.com wrote:
> >> >> >On Tue, Apr 12, 2022 at 01:09:35PM +0200, Jiri Pirko wrote:
> >> >> >> Tue, Apr 12, 2022 at 12:02:36PM CEST, boris.sukholitko@broadcom.com wrote:
> >> >> >> >Currently the existence of vlan filters is conditional on the vlan
> >> >> >> >protocol being matched in the tc rule. I.e. the following rule:
> >> >> >> >
> >> >> >> >tc filter add dev eth1 ingress flower vlan_prio 5
> >> >> >> >
> >> >> >> >is illegal because we lack protocol 802.1q in the rule.
> >> >> >> >
> >> >> >> >Having the num_of_vlans filter configured removes this restriction. The
> >> >> >> >following rule becomes ok:
> >> >> >> >
> >> >> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >> >> >> >
> >> >> >> >because we know that the packet is single tagged.
> >> >> >> >
> >> >> >> >We achieve the above by having is_vlan_key helper look at the number of
> >> >> >> 
> >> >> >> Sorry to be a nitpicker, but who's "we"? When I read the patch
> >> >> >> description, I need to understand clearly what the patch is doing, which
> >> >> >> is not this case. You suppose to command the codebase what to do.
> >> >> >> I fail to see that :/
> >> >> >> 
> >> >> >> 
> >> >> >
> >> >> >What do you think of the following description? The description consists
> >> >> >of two parts: the first provides motivation for the patch, the second is
> >> >> >the way the motivation is implemented. I've judiciously edited out the
> >> >> >"we"-word. :)
> >> >> >
> >> >> ><description>
> >> >> >
> >> >> >Currently the existence of vlan filters is conditional on the vlan
> >> >> >protocol being matched in the tc rule. I.e. the following rule:
> >> >> >
> >> >> >tc filter add dev eth1 ingress flower vlan_prio 5
> >> >> >
> >> >> >is illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
> >> >> >
> >> >> >Having the num_of_vlans filter configured removes this restriction. The
> >> >> >following rule becomes ok:
> >> >> >
> >> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >> >> 
> >> >> So this is what this patch allows?
> >> >
> >> >Yes.
> >> >
> >> >> You are talking about it as it is
> >> >> already possible with the code before this patch being applied.
> >> >> 
> >> >
> >> >Sorry for the confusion. In the updated description I try to make the
> >> >distinction much clearer.
> >> >
> >> >> 
> >> >> >
> >> >> >because having num_of_vlans==1 implies that the packet is single tagged.
> >> >> >
> >> >> >To make the above possible, is_vlan_key helper is changed to look at the
> >> >> >number of vlans in addition to the vlan ethertype.
> >> >> 
> >> >> What "is changed"? You should tell the codebase what to do, what toadd,
> >> >> remove or change. If you did that, it would be very clear to the reader
> >> >> what the patch is supposed to do.
> >> >> 
> >> >
> >> >The "changed" refers to the code of is_vlan_key function which is
> >> >changed by this patch. Please see the updated description.
> >> >
> >> >> 
> >> >> >
> >> >> >Outer tag vlan filters (e.g.  vlan_prio) require the number of vlan tags
> >> >> >be greater than 0. Inner filters (e.g. cvlan_prio) require the number of
> >> >> >vlan tags be greater than 1.
> >> >> 
> >> >> Again, unclear what this describes, if the current code before the patch
> >> >> or the state after this patch.
> >> >> 
> >> >
> >> >What about the following:
> >> >
> >> ><description>
> >> >
> >> >Before this commit the existence of vlan filters was conditional on the vlan
> >> >protocol being matched in the tc rule. For example, the following rule:
> >> >
> >> >tc filter add dev eth1 ingress flower vlan_prio 5
> >> >
> >> >was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
> >> >
> >> >This commit removes the above restriction. Having the num_of_vlans
> >> 
> >> Say rather just "Remove the above restriction. ..."
> >> 
> >> 
> >> >filter configured allows further matching on vlan attributes. The
> >> >following rule is ok now:
> >> >
> >> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >> >
> >> >because having num_of_vlans==1 implies that the packet is single tagged.
> >> >
> >> >To do this, this commit changes is_vlan_key helper to look at the number
> >> 
> >> "Change the is_vlan_key helper to look..."
> >> 
> >> Don't talk about "this commit".
> >> 
> >
> >OK. The following incorporates both of the above suggestions:
> >
> ><description>
> >
> >Before this commit the existence of vlan filters was conditional on the vlan
> >protocol being matched in the tc rule. For example, the following rule:
> >
> >tc filter add dev eth1 ingress flower vlan_prio 5
> >
> >was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.
> >
> >Remove the above restriction by looking at the num_of_vlans filter to
> >allow further matching on vlan attributes. The following rule is ok now:
> 
> What's "now"?

"Now" is the situation after applying the patch. I'll mention this fact
in the description below.

> 
> 
> >
> >tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5
> >
> >because having num_of_vlans==1 implies that the packet is single tagged.
> >
> >Change is_vlan_key helper to look at the number of vlans in addition to
> >the vlan ethertype. Outer (e.g. vlan_prio) and inner (e.g.  cvlan_prio)
> >tag vlan filters require the number of vlan tags to be greater then 0
> >and 1 accordingly.
> 
> I don't get this last sentence. "filters require". Do you do the change
> or are you stating what's in before the patch?
> 

The whole paragraph starting with "Change..." talks about what happens
after the patch. I'll make it more explicit in the description below.

The updated description follows:

<description>

Before this commit the existence of vlan filters was conditional on the vlan
protocol being matched in the tc rule. For example, the following rule:

tc filter add dev eth1 ingress flower vlan_prio 5

was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.

Remove the above restriction by looking at the num_of_vlans filter to
allow further matching on vlan attributes. The following rule becomes
legal as a result of this commit:

tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5

because having num_of_vlans==1 implies that the packet is single tagged.

Change is_vlan_key helper to look at the number of vlans in addition to
the vlan ethertype. The outcome of this change is that outer (e.g. vlan_prio)
and inner (e.g. cvlan_prio) tag vlan filters require the number of vlan
tags to be greater then 0 and 1 accordingly.

As a result of is_vlan_key change, the ethertype may be set to 0 when
matching on the number of vlans. Update fl_set_key_vlan to avoid setting
key, mask vlan_tpid for the 0 ethertype.

</description>

Thanks,
Boris.
diff mbox series

Patch

diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index fafb74198c8d..9bf15b44292c 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -1029,8 +1029,10 @@  static void fl_set_key_vlan(struct nlattr **tb,
 			VLAN_PRIORITY_MASK;
 		key_mask->vlan_priority = VLAN_PRIORITY_MASK;
 	}
-	key_val->vlan_tpid = ethertype;
-	key_mask->vlan_tpid = cpu_to_be16(~0);
+	if (ethertype) {
+		key_val->vlan_tpid = ethertype;
+		key_mask->vlan_tpid = cpu_to_be16(~0);
+	}
 }
 
 static void fl_set_key_flag(u32 flower_key, u32 flower_mask,
@@ -1576,13 +1578,18 @@  static int fl_set_key_ct(struct nlattr **tb,
 }
 
 static bool is_vlan_key(struct nlattr *tb, __be16 *ethertype,
-			struct fl_flow_key *key, struct fl_flow_key *mask)
+			struct fl_flow_key *key, struct fl_flow_key *mask,
+			int vthresh)
 {
-	if (!tb)
-		return false;
+	const bool good_num_of_vlans = key->num_of_vlans.num_of_vlans > vthresh;
+
+	if (!tb) {
+		*ethertype = 0;
+		return good_num_of_vlans;
+	}
 
 	*ethertype = nla_get_be16(tb);
-	if (eth_type_vlan(*ethertype))
+	if (good_num_of_vlans || eth_type_vlan(*ethertype))
 		return true;
 
 	key->basic.n_proto = *ethertype;
@@ -1617,12 +1624,13 @@  static int fl_set_key(struct net *net, struct nlattr **tb,
 		       TCA_FLOWER_UNSPEC,
 		       sizeof(key->num_of_vlans));
 
-	if (is_vlan_key(tb[TCA_FLOWER_KEY_ETH_TYPE], &ethertype, key, mask)) {
+	if (is_vlan_key(tb[TCA_FLOWER_KEY_ETH_TYPE], &ethertype, key, mask, 0)) {
 		fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
 				TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan,
 				&mask->vlan);
 
-		if (is_vlan_key(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE], &ethertype, key, mask)) {
+		if (is_vlan_key(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE],
+				&ethertype, key, mask, 1)) {
 			fl_set_key_vlan(tb, ethertype,
 					TCA_FLOWER_KEY_CVLAN_ID,
 					TCA_FLOWER_KEY_CVLAN_PRIO,