naccyde / rpms / iproute

Forked from rpms/iproute 9 months ago
Clone

Blame SOURCES/0013-tc-flower-Add-match-on-encapsulating-tos-ttl.patch

7e752c
From 23c57e53c5dfdaf113ecf1ebde8e04e8c7a10c50 Mon Sep 17 00:00:00 2001
7e752c
From: Phil Sutter <psutter@redhat.com>
7e752c
Date: Thu, 13 Sep 2018 20:56:18 +0200
7e752c
Subject: [PATCH] tc/flower: Add match on encapsulating tos/ttl
7e752c
7e752c
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1615915
7e752c
Upstream Status: iproute2.git commit 761ec9e29ff86
7e752c
7e752c
commit 761ec9e29ff867452057f59dc6ca430688b409ea
7e752c
Author: Or Gerlitz <ogerlitz@mellanox.com>
7e752c
Date:   Thu Jul 19 14:02:15 2018 +0300
7e752c
7e752c
    tc/flower: Add match on encapsulating tos/ttl
7e752c
7e752c
    Add matching on tos/ttl of the IP tunnel headers.
7e752c
7e752c
    For example, here's decap rule that matches on the tunnel tos:
7e752c
7e752c
    tc filter add dev vxlan_sys_4789 protocol ip parent ffff: prio 10 flower \
7e752c
       enc_src_ip 192.168.10.2 enc_dst_ip 192.168.10.1 enc_key_id 100 enc_dst_port 4789 enc_tos 0x30 \
7e752c
       src_mac e4:11:22:33:44:70 dst_mac e4:11:22:33:44:50  \
7e752c
       action tunnel_key unset \
7e752c
       action mirred egress redirect dev eth0_0
7e752c
7e752c
    Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
7e752c
    Reviewed-by: Roi Dayan <roid@mellanox.com>
7e752c
    Acked-by: Jiri Pirko <jiri@mellanox.com>
7e752c
    Signed-off-by: David Ahern <dsahern@gmail.com>
7e752c
---
7e752c
 man/man8/tc-flower.8 | 14 +++++++++++++-
7e752c
 tc/f_flower.c        | 27 +++++++++++++++++++++++++++
7e752c
 2 files changed, 40 insertions(+), 1 deletion(-)
7e752c
7e752c
diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
7e752c
index 4f3714b..f917f24 100644
7e752c
--- a/man/man8/tc-flower.8
7e752c
+++ b/man/man8/tc-flower.8
7e752c
@@ -70,6 +70,10 @@ flower \- flow based traffic control filter
7e752c
 .IR ipv4_address " | " ipv6_address " } | "
7e752c
 .B enc_dst_port
7e752c
 .IR port_number " | "
7e752c
+.B enc_tos
7e752c
+.IR TOS " | "
7e752c
+.B enc_ttl
7e752c
+.IR TTL " | "
7e752c
 .BR ip_flags
7e752c
 .IR IP_FLAGS
7e752c
 .SH DESCRIPTION
7e752c
@@ -252,6 +256,10 @@ bits is assumed.
7e752c
 .BI enc_src_ip " PREFIX"
7e752c
 .TQ
7e752c
 .BI enc_dst_port " NUMBER"
7e752c
+.TQ
7e752c
+.BI enc_tos " NUMBER"
7e752c
+.TQ
7e752c
+.BI enc_ttl " NUMBER"
7e752c
 Match on IP tunnel metadata. Key id
7e752c
 .I NUMBER
7e752c
 is a 32 bit tunnel key id (e.g. VNI for VXLAN tunnel).
7e752c
@@ -260,7 +268,11 @@ must be a valid IPv4 or IPv6 address optionally followed by a slash and the
7e752c
 prefix length. If the prefix is missing, \fBtc\fR assumes a full-length
7e752c
 host match.  Dst port
7e752c
 .I NUMBER
7e752c
-is a 16 bit UDP dst port.
7e752c
+is a 16 bit UDP dst port. Tos
7e752c
+.I NUMBER
7e752c
+is an 8 bit tos (dscp+ecn) value, ttl
7e752c
+.I NUMBER
7e752c
+is an 8 bit time-to-live value.
7e752c
 .TP
7e752c
 .BI ip_flags " IP_FLAGS"
7e752c
 .I IP_FLAGS
7e752c
diff --git a/tc/f_flower.c b/tc/f_flower.c
7e752c
index 1dfd57d..cd102f2 100644
7e752c
--- a/tc/f_flower.c
7e752c
+++ b/tc/f_flower.c
7e752c
@@ -74,6 +74,8 @@ static void explain(void)
7e752c
 		"                       enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
7e752c
 		"                       enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
7e752c
 		"                       enc_key_id [ KEY-ID ] |\n"
7e752c
+		"                       enc_tos MASKED-IP_TOS |\n"
7e752c
+		"                       enc_ttl MASKED-IP_TTL |\n"
7e752c
 		"                       ip_flags IP-FLAGS | \n"
7e752c
 		"                       enc_dst_port [ port_number ] }\n"
7e752c
 		"       FILTERID := X:Y:Z\n"
7e752c
@@ -972,6 +974,26 @@ static int flower_parse_opt(struct filter_util *qu, char *handle,
7e752c
 				fprintf(stderr, "Illegal \"enc_dst_port\"\n");
7e752c
 				return -1;
7e752c
 			}
7e752c
+		} else if (matches(*argv, "enc_tos") == 0) {
7e752c
+			NEXT_ARG();
7e752c
+			ret = flower_parse_ip_tos_ttl(*argv,
7e752c
+						      TCA_FLOWER_KEY_ENC_IP_TOS,
7e752c
+						      TCA_FLOWER_KEY_ENC_IP_TOS_MASK,
7e752c
+						      n);
7e752c
+			if (ret < 0) {
7e752c
+				fprintf(stderr, "Illegal \"enc_tos\"\n");
7e752c
+				return -1;
7e752c
+			}
7e752c
+		} else if (matches(*argv, "enc_ttl") == 0) {
7e752c
+			NEXT_ARG();
7e752c
+			ret = flower_parse_ip_tos_ttl(*argv,
7e752c
+						      TCA_FLOWER_KEY_ENC_IP_TTL,
7e752c
+						      TCA_FLOWER_KEY_ENC_IP_TTL_MASK,
7e752c
+						      n);
7e752c
+			if (ret < 0) {
7e752c
+				fprintf(stderr, "Illegal \"enc_ttl\"\n");
7e752c
+				return -1;
7e752c
+			}
7e752c
 		} else if (matches(*argv, "action") == 0) {
7e752c
 			NEXT_ARG();
7e752c
 			ret = parse_action(&argc, &argv, TCA_FLOWER_ACT, n);
7e752c
@@ -1463,6 +1485,11 @@ static int flower_print_opt(struct filter_util *qu, FILE *f,
7e752c
 
7e752c
 	flower_print_port("enc_dst_port", tb[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]);
7e752c
 
7e752c
+	flower_print_ip_attr("enc_tos", tb[TCA_FLOWER_KEY_ENC_IP_TOS],
7e752c
+			    tb[TCA_FLOWER_KEY_ENC_IP_TOS_MASK]);
7e752c
+	flower_print_ip_attr("enc_ttl", tb[TCA_FLOWER_KEY_ENC_IP_TTL],
7e752c
+			    tb[TCA_FLOWER_KEY_ENC_IP_TTL_MASK]);
7e752c
+
7e752c
 	flower_print_matching_flags("ip_flags", FLOWER_IP_FLAGS,
7e752c
 				    tb[TCA_FLOWER_KEY_FLAGS],
7e752c
 				    tb[TCA_FLOWER_KEY_FLAGS_MASK]);
7e752c
-- 
7e752c
1.8.3.1
7e752c