@@ -554,6 +554,9 @@ enum {
TCA_FLOWER_KEY_SPI, /* be32 */
TCA_FLOWER_KEY_SPI_MASK, /* be32 */
+ TCA_FLOWER_KEY_ENC_FLAGS, /* be32 */
+ TCA_FLOWER_KEY_ENC_FLAGS_MASK, /* be32 */
+
__TCA_FLOWER_MAX,
};
@@ -674,6 +677,10 @@ enum {
enum {
TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT = (1 << 0),
TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST = (1 << 1),
+ TCA_FLOWER_KEY_FLAGS_TUNNEL_CSUM = (1 << 2),
+ TCA_FLOWER_KEY_FLAGS_TUNNEL_DONT_FRAGMENT = (1 << 3),
+ TCA_FLOWER_KEY_FLAGS_TUNNEL_OAM = (1 << 4),
+ TCA_FLOWER_KEY_FLAGS_TUNNEL_CRIT_OPT = (1 << 5),
};
enum {
@@ -106,7 +106,9 @@ flower \- flow based traffic control filter
.B l2_miss
.IR L2_MISS " | "
.BR cfm
-.IR CFM_OPTIONS " }"
+.IR CFM_OPTIONS " | "
+.BR enc_flags
+.IR ENCFLAG-LIST " }"
.ti -8
.IR LSE_LIST " := [ " LSE_LIST " ] " LSE
@@ -131,6 +133,16 @@ flower \- flow based traffic control filter
.B op
.IR OPCODE "
+.ti -8
+.IR ENCFLAG-LIST " := [ " ENCFLAG-LIST "/ ] " ENCFLAG
+
+.ti -8
+.IR ENCFLAG " := { "
+.BR [no]tuncsum " | "
+.BR [no]tundf " | "
+.BR [no]tunoam " | "
+.BR [no]tuncrit " } "
+
.SH DESCRIPTION
The
.B flower
@@ -538,11 +550,23 @@ Match on the Maintenance Domain (MD) level field.
.BI op " OPCODE "
Match on the CFM opcode field. \fIOPCODE\fR is an unsigned 8 bit value in
decimal format.
+.RE
+.TP
+.BI enc_flags " ENCFLAG-LIST "
+Match on tunnel control flags.
+.I ENCFLAG-LIST
+is a list of the following tunnel control flags:
+.BR [no]tuncsum ", "
+.BR [no]tundf ", "
+.BR [no]tunoam ", "
+.BR [no]tuncrit ", "
+each separated by '/'.
+.TP
.SH NOTES
As stated above where applicable, matches of a certain layer implicitly depend
on the matches of the next lower layer. Precisely, layer one and two matches
-(\fBindev\fR, \fBdst_mac\fR and \fBsrc_mac\fR)
+(\fBindev\fR, \fBdst_mac\fR, \fBsrc_mac\fR and \fBenc_flags\fR)
have no dependency,
MPLS and layer three matches
(\fBmpls\fR, \fBmpls_label\fR, \fBmpls_tc\fR, \fBmpls_bos\fR, \fBmpls_ttl\fR,
@@ -28,6 +28,7 @@
enum flower_matching_flags {
FLOWER_IP_FLAGS,
+ FLOWER_ENC_DST_FLAGS,
};
enum flower_endpoint {
@@ -99,13 +100,16 @@ static void explain(void)
" ct_label MASKED_CT_LABEL |\n"
" ct_mark MASKED_CT_MARK |\n"
" ct_zone MASKED_CT_ZONE |\n"
- " cfm CFM }\n"
+ " cfm CFM |\n"
+ " enc_flags ENCFLAG-LIST }\n"
" LSE-LIST := [ LSE-LIST ] LSE\n"
" LSE := lse depth DEPTH { label LABEL | tc TC | bos BOS | ttl TTL }\n"
" FILTERID := X:Y:Z\n"
" MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n"
" MASKED_CT_STATE := combination of {+|-} and flags trk,est,new,rel,rpl,inv\n"
" CFM := { mdl LEVEL | op OPCODE }\n"
+ " ENCFLAG-LIST := [ ENCFLAG-LIST/ ]ENCFLAG\n"
+ " ENCFLAG := { [no]tuncsum | [no]tundf | [no]tunoam | [no]tuncrit }\n"
" ACTION-SPEC := ... look at individual actions\n"
"\n"
"NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n"
@@ -205,6 +209,10 @@ struct flag_to_string {
static struct flag_to_string flags_str[] = {
{ TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOWER_IP_FLAGS, "frag" },
{ TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST, FLOWER_IP_FLAGS, "firstfrag" },
+ { TCA_FLOWER_KEY_FLAGS_TUNNEL_CSUM, FLOWER_ENC_DST_FLAGS, "tuncsum" },
+ { TCA_FLOWER_KEY_FLAGS_TUNNEL_DONT_FRAGMENT, FLOWER_ENC_DST_FLAGS, "tundf" },
+ { TCA_FLOWER_KEY_FLAGS_TUNNEL_OAM, FLOWER_ENC_DST_FLAGS, "tunoam" },
+ { TCA_FLOWER_KEY_FLAGS_TUNNEL_CRIT_OPT, FLOWER_ENC_DST_FLAGS, "tuncrit" },
};
static int flower_parse_matching_flags(char *str,
@@ -1642,6 +1650,8 @@ static int flower_parse_opt(const struct filter_util *qu, char *handle,
__u32 flags = 0;
__u32 mtf = 0;
__u32 mtf_mask = 0;
+ __u32 dst_flags = 0;
+ __u32 dst_flags_mask = 0;
if (handle) {
ret = get_u32(&t->tcm_handle, handle, 0);
@@ -2248,6 +2258,17 @@ static int flower_parse_opt(const struct filter_util *qu, char *handle,
fprintf(stderr, "Illegal \"pfcp_opts\"\n");
return -1;
}
+ } else if (!strcmp(*argv, "enc_flags")) {
+ NEXT_ARG();
+ ret = flower_parse_matching_flags(*argv,
+ FLOWER_ENC_DST_FLAGS,
+ &dst_flags,
+ &dst_flags_mask);
+
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"enc_flags\"\n");
+ return -1;
+ }
} else if (matches(*argv, "action") == 0) {
NEXT_ARG();
ret = parse_action(&argc, &argv, TCA_FLOWER_ACT, n);
@@ -2286,6 +2307,17 @@ parse_done:
return ret;
}
+ if (dst_flags_mask) {
+ ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_ENC_FLAGS,
+ htonl(dst_flags));
+ if (ret)
+ return ret;
+ ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_ENC_FLAGS_MASK,
+ htonl(dst_flags_mask));
+ if (ret)
+ return ret;
+ }
+
if (tc_proto != htons(ETH_P_ALL)) {
ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, tc_proto);
if (ret)
@@ -3262,6 +3294,10 @@ static int flower_print_opt(const struct filter_util *qu, FILE *f,
tb[TCA_FLOWER_KEY_FLAGS],
tb[TCA_FLOWER_KEY_FLAGS_MASK]);
+ flower_print_matching_flags("enc_flags", FLOWER_ENC_DST_FLAGS,
+ tb[TCA_FLOWER_KEY_ENC_FLAGS],
+ tb[TCA_FLOWER_KEY_ENC_FLAGS_MASK]);
+
if (tb[TCA_FLOWER_L2_MISS]) {
struct rtattr *attr = tb[TCA_FLOWER_L2_MISS];
extend TC flower for matching on tunnel metadata. Changes since v1: - fix incostintent naming in explain() and in tc-flower.8 (Asbjørn) Changes since RFC: - update uAPI bits to Asbjørn's most recent code [1] - add 'tun' prefix to all flag names (Asbjørn) - allow parsing 'enc_flags' multiple times, without clearing the match mask every time, like happens for 'ip_flags' (Asbjørn) - don't use "matches()" for parsing argv[] (Stephen) - (hopefully) improve usage() printout (Asbjørn) - update man page [1] https://lore.kernel.org/netdev/20240709163825.1210046-1-ast@fiberby.net/ Signed-off-by: Davide Caratti <dcaratti@redhat.com> --- include/uapi/linux/pkt_cls.h | 7 +++++++ man/man8/tc-flower.8 | 28 ++++++++++++++++++++++++-- tc/f_flower.c | 38 +++++++++++++++++++++++++++++++++++- 3 files changed, 70 insertions(+), 3 deletions(-)