[net-next,v4,5/5] net/sched: flower: Consider the number of tags for vlan filters

Commit Message

Boris Sukholitko April 19, 2022, 8:14 a.m. UTC

Before this patch the existence of vlan filters was conditional on the vlan
protocol being matched in the tc rule. For example, the following rule:

tc filter add dev eth1 ingress flower vlan_prio 5

was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.

Remove the above restriction by looking at the num_of_vlans filter to
allow further matching on vlan attributes. The following rule becomes
legal as a result of this commit:

tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5

because having num_of_vlans==1 implies that the packet is single tagged.

Change is_vlan_key helper to look at the number of vlans in addition to
the vlan ethertype. The outcome of this change is that outer (e.g. vlan_prio)
and inner (e.g. cvlan_prio) tag vlan filters require the number of vlan
tags to be greater then 0 and 1 accordingly.

As a result of is_vlan_key change, the ethertype may be set to 0 when
matching on the number of vlans. Update fl_set_key_vlan to avoid setting
key, mask vlan_tpid for the 0 ethertype.

Signed-off-by: Boris Sukholitko <boris.sukholitko@broadcom.com>
---
 net/sched/cls_flower.c | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

Patch

diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index 4ec4d742e82f..dcca70144dff 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -1030,8 +1030,10 @@  static void fl_set_key_vlan(struct nlattr **tb,
 			VLAN_PRIORITY_MASK;
 		key_mask->vlan_priority = VLAN_PRIORITY_MASK;
 	}
-	key_val->vlan_tpid = ethertype;
-	key_mask->vlan_tpid = cpu_to_be16(~0);
+	if (ethertype) {
+		key_val->vlan_tpid = ethertype;
+		key_mask->vlan_tpid = cpu_to_be16(~0);
+	}
 	if (tb[vlan_next_eth_type_key]) {
 		key_val->vlan_eth_type =
 			nla_get_be16(tb[vlan_next_eth_type_key]);
@@ -1582,13 +1584,18 @@  static int fl_set_key_ct(struct nlattr **tb,
 }
 
 static bool is_vlan_key(struct nlattr *tb, __be16 *ethertype,
-			struct fl_flow_key *key, struct fl_flow_key *mask)
+			struct fl_flow_key *key, struct fl_flow_key *mask,
+			int vthresh)
 {
-	if (!tb)
-		return false;
+	const bool good_num_of_vlans = key->num_of_vlans.num_of_vlans > vthresh;
+
+	if (!tb) {
+		*ethertype = 0;
+		return good_num_of_vlans;
+	}
 
 	*ethertype = nla_get_be16(tb);
-	if (eth_type_vlan(*ethertype))
+	if (good_num_of_vlans || eth_type_vlan(*ethertype))
 		return true;
 
 	key->basic.n_proto = *ethertype;
@@ -1623,13 +1630,14 @@  static int fl_set_key(struct net *net, struct nlattr **tb,
 		       TCA_FLOWER_UNSPEC,
 		       sizeof(key->num_of_vlans));
 
-	if (is_vlan_key(tb[TCA_FLOWER_KEY_ETH_TYPE], &ethertype, key, mask)) {
+	if (is_vlan_key(tb[TCA_FLOWER_KEY_ETH_TYPE], &ethertype, key, mask, 0)) {
 		fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
 				TCA_FLOWER_KEY_VLAN_PRIO,
 				TCA_FLOWER_KEY_VLAN_ETH_TYPE,
 				&key->vlan, &mask->vlan);
 
-		if (is_vlan_key(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE], &ethertype, key, mask)) {
+		if (is_vlan_key(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE],
+				&ethertype, key, mask, 1)) {
 			fl_set_key_vlan(tb, ethertype,
 					TCA_FLOWER_KEY_CVLAN_ID,
 					TCA_FLOWER_KEY_CVLAN_PRIO,