From patchwork Mon Aug 30 08:08:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Boris Sukholitko X-Patchwork-Id: 12464715 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,MIME_NO_TEXT, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4DF26C432BE for ; Mon, 30 Aug 2021 08:08:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2794D61004 for ; Mon, 30 Aug 2021 08:08:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234597AbhH3IJV (ORCPT ); Mon, 30 Aug 2021 04:09:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44640 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234529AbhH3IJU (ORCPT ); Mon, 30 Aug 2021 04:09:20 -0400 Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 48194C061575 for ; Mon, 30 Aug 2021 01:08:27 -0700 (PDT) Received: by mail-pl1-x62f.google.com with SMTP id e15so8064217plh.8 for ; Mon, 30 Aug 2021 01:08:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=from:to:cc:subject:date:message-id:mime-version; bh=Wiu1FEXxNi8q3+jf3o6ohTaA6seSu3nnUW/wk1qbuJ8=; b=YgrG4I5pEsBy6Qy1bC0BRYQu3PgnMT7faU4I/WPQRT7N+6vQWYZq4cz+OoYV0zYSTe 7PtHmM8/RtHIf/9hIaGXipPkdVMAiGQcjmU1tv0N7hJnmuXCAyeH9mpsUJ/pqwGQx7Sa hEBOr60zuZq1ghmprrWpWHrFLgfcr69xe/1Ok= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version; bh=Wiu1FEXxNi8q3+jf3o6ohTaA6seSu3nnUW/wk1qbuJ8=; b=emlLkdYFR8Y4cEBHhThcB68fV2v5uDf2Sl6EE9mHj1Hxw+vGCyz/6ZyT9TfQ0yBbKC +6XQvZGeEQwoy+FH9qCfx4nebr3o16Duir5tUqKMZRw3J5/Xzupkn2Vvgd4M8t2FmOyr h0jVpOrvLknz7uc3O6IKubIqFUheBcwgUt9kZclHx+uhGBalFb1IwZYg4GYU78iVsf0s eRUzJz9d2xNARk9F1KQOZ4RP4Y8VOvrMKIDkc/iyse9z6JOJdOQx/AKCycJGMvK6wNvM tsswUYUMl1zZ/BdvWCrc0e9npwbJXbJf/Z1criXTv9lvj5swnk0sKPu5PTMeiUM/6s91 LA7g== X-Gm-Message-State: AOAM531Byj0INOCkez5lJVMQrttzltpluDnZJAG55kc8uoyDlLH/3LDV dtQeLrn5m2BSS+KP3JoyfhO6M5xB0Hd3TXihhhxqhbBITxsu04Lsi+FWJZ9F1/z20Vy47ZwfOuV 0XhPp0YJ+enMBvSDL0PHpgIT58g/ykh2CEODRNXgSMLLHE9A9gRrursWMPLBBy55B5/Iz2Wxxw/ WZcYDpD+19Bg== X-Google-Smtp-Source: ABdhPJzn9utCPDeoTPubseZOFARNUeAul+TRSpFmgLOdGDZbXQ2CCgCRZ5w/zHJNfHcDNJ4UTmmHzA== X-Received: by 2002:a17:90a:a88b:: with SMTP id h11mr25166904pjq.44.1630310905969; Mon, 30 Aug 2021 01:08:25 -0700 (PDT) Received: from localhost.localdomain ([192.19.250.250]) by smtp.gmail.com with ESMTPSA id h21sm16052088pgg.8.2021.08.30.01.08.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Aug 2021 01:08:25 -0700 (PDT) From: Boris Sukholitko To: netdev@vger.kernel.org, Jamal Hadi Salim , Jiri Pirko , Cong Wang Cc: "David S . Miller" , Jakub Kicinski , Vladimir Oltean , Vadym Kochan , Ilya Lifshits , Boris Sukholitko Subject: [PATCH net-next] net/sched: cls_flower: Add orig_ethtype Date: Mon, 30 Aug 2021 11:08:00 +0300 Message-Id: <20210830080800.18591-1-boris.sukholitko@broadcom.com> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org The following flower filter fails to match packets: tc filter add dev eth0 ingress protocol 0x8864 flower \ action simple sdata hi64 The protocol 0x8864 (ETH_P_PPP_SES) is a tunnel protocol. As such, it is being dissected by __skb_flow_dissect and it's internal protocol is being set as key->basic.n_proto. IOW, the existence of ETH_P_PPP_SES tunnel is transparent to the callers of __skb_flow_dissect. OTOH, in the filters above, cls_flower configures its key->basic.n_proto to the ETH_P_PPP_SES value configured by the user. Matching on this key fails because of __skb_flow_dissect "transparency" mentioned above. Therefore there is no way currently to match on such packets using flower. To fix the issue add new orig_ethtype key to the flower along with the necessary changes to the flow dissector etc. To filter the ETH_P_PPP_SES packets the command becomes: tc filter add dev eth0 ingress flower orig_ethtype 0x8864 \ action simple sdata hi64 Corresponding iproute2 patch follows. Signed-off-by: Boris Sukholitko --- include/net/flow_dissector.h | 9 +++++++++ include/uapi/linux/pkt_cls.h | 1 + net/core/flow_dissector.c | 12 ++++++++++++ net/sched/cls_flower.c | 15 +++++++++++++++ 4 files changed, 37 insertions(+) diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h index ffd386ea0dbb..083245a2d408 100644 --- a/include/net/flow_dissector.h +++ b/include/net/flow_dissector.h @@ -251,6 +251,14 @@ struct flow_dissector_key_hash { u32 hash; }; +/** + * struct flow_dissector_key_orig_ethtype: + * @orig_ethtype: eth type as it appears in the packet + */ +struct flow_dissector_key_orig_ethtype { + __be16 orig_ethtype; +}; + enum flow_dissector_key_id { FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */ FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */ @@ -280,6 +288,7 @@ enum flow_dissector_key_id { FLOW_DISSECTOR_KEY_META, /* struct flow_dissector_key_meta */ FLOW_DISSECTOR_KEY_CT, /* struct flow_dissector_key_ct */ FLOW_DISSECTOR_KEY_HASH, /* struct flow_dissector_key_hash */ + FLOW_DISSECTOR_KEY_ORIG_ETH_TYPE, /* struct flow_dissector_key_orig_ethtype */ FLOW_DISSECTOR_KEY_MAX, }; diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h index 025c40fef93d..238dee49f450 100644 --- a/include/uapi/linux/pkt_cls.h +++ b/include/uapi/linux/pkt_cls.h @@ -583,6 +583,7 @@ enum { TCA_FLOWER_KEY_HASH, /* u32 */ TCA_FLOWER_KEY_HASH_MASK, /* u32 */ + TCA_FLOWER_KEY_ORIG_ETH_TYPE, /* be16 */ __TCA_FLOWER_MAX, }; diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c index 4b2415d34873..23051e0d02fd 100644 --- a/net/core/flow_dissector.c +++ b/net/core/flow_dissector.c @@ -924,6 +924,7 @@ bool __skb_flow_dissect(const struct net *net, struct flow_dissector_key_vlan *key_vlan; enum flow_dissect_ret fdret; enum flow_dissector_key_id dissector_vlan = FLOW_DISSECTOR_KEY_MAX; + __be16 orig_proto = proto; bool mpls_el = false; int mpls_lse = 0; int num_hdrs = 0; @@ -934,6 +935,7 @@ bool __skb_flow_dissect(const struct net *net, data = skb->data; proto = skb_vlan_tag_present(skb) ? skb->vlan_proto : skb->protocol; + orig_proto = proto; nhoff = skb_network_offset(skb); hlen = skb_headlen(skb); #if IS_ENABLED(CONFIG_NET_DSA) @@ -1032,6 +1034,16 @@ bool __skb_flow_dissect(const struct net *net, memcpy(key_eth_addrs, ð->h_dest, sizeof(*key_eth_addrs)); } + if (dissector_uses_key(flow_dissector, + FLOW_DISSECTOR_KEY_ORIG_ETH_TYPE)) { + struct flow_dissector_key_orig_ethtype *orig_ethtype; + + orig_ethtype = skb_flow_dissector_target(flow_dissector, + FLOW_DISSECTOR_KEY_ORIG_ETH_TYPE, + target_container); + orig_ethtype->orig_ethtype = orig_proto; + } + proto_again: fdret = FLOW_DISSECT_RET_CONTINUE; diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c index d7869a984881..bf6e88819f7d 100644 --- a/net/sched/cls_flower.c +++ b/net/sched/cls_flower.c @@ -70,6 +70,7 @@ struct fl_flow_key { } tp_range; struct flow_dissector_key_ct ct; struct flow_dissector_key_hash hash; + struct flow_dissector_key_orig_ethtype orig_ethtype; } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */ struct fl_flow_mask_range { @@ -710,6 +711,7 @@ static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = { [TCA_FLOWER_FLAGS] = { .type = NLA_U32 }, [TCA_FLOWER_KEY_HASH] = { .type = NLA_U32 }, [TCA_FLOWER_KEY_HASH_MASK] = { .type = NLA_U32 }, + [TCA_FLOWER_KEY_ORIG_ETH_TYPE] = { .type = NLA_U16 }, }; @@ -1696,6 +1698,11 @@ static int fl_set_key(struct net *net, struct nlattr **tb, &mask->hash.hash, TCA_FLOWER_KEY_HASH_MASK, sizeof(key->hash.hash)); + fl_set_key_val(tb, &key->orig_ethtype.orig_ethtype, + TCA_FLOWER_KEY_ORIG_ETH_TYPE, + &mask->orig_ethtype.orig_ethtype, TCA_FLOWER_UNSPEC, + sizeof(key->orig_ethtype.orig_ethtype)); + if (tb[TCA_FLOWER_KEY_ENC_OPTS]) { ret = fl_set_enc_opt(tb, key, mask, extack); if (ret) @@ -1812,6 +1819,8 @@ static void fl_init_dissector(struct flow_dissector *dissector, FLOW_DISSECTOR_KEY_CT, ct); FL_KEY_SET_IF_MASKED(mask, keys, cnt, FLOW_DISSECTOR_KEY_HASH, hash); + FL_KEY_SET_IF_MASKED(mask, keys, cnt, + FLOW_DISSECTOR_KEY_ORIG_ETH_TYPE, orig_ethtype); skb_flow_dissector_init(dissector, keys, cnt); } @@ -3037,6 +3046,12 @@ static int fl_dump_key(struct sk_buff *skb, struct net *net, sizeof(key->hash.hash))) goto nla_put_failure; + if (fl_dump_key_val(skb, &key->orig_ethtype.orig_ethtype, + TCA_FLOWER_KEY_ORIG_ETH_TYPE, + &mask->orig_ethtype.orig_ethtype, TCA_FLOWER_UNSPEC, + sizeof(key->orig_ethtype.orig_ethtype))) + goto nla_put_failure; + return 0; nla_put_failure: