|
|
99be8f |
From 738c49477eb843b37cb799115e5b562303bfcd9e Mon Sep 17 00:00:00 2001
|
|
|
99be8f |
From: Phil Sutter <psutter@redhat.com>
|
|
|
99be8f |
Date: Wed, 6 Feb 2019 14:51:12 +0100
|
|
|
99be8f |
Subject: [PATCH] tc/flower: Add match on encapsulating tos/ttl
|
|
|
99be8f |
|
|
|
99be8f |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1641909
|
|
|
99be8f |
Upstream Status: iproute2.git commit 761ec9e29ff86
|
|
|
99be8f |
Conflicts: Adjusted code to missing commit e28b88a464c49
|
|
|
99be8f |
("tc: jsonify flower filter").
|
|
|
99be8f |
|
|
|
99be8f |
commit 761ec9e29ff867452057f59dc6ca430688b409ea
|
|
|
99be8f |
Author: Or Gerlitz <ogerlitz@mellanox.com>
|
|
|
99be8f |
Date: Thu Jul 19 14:02:15 2018 +0300
|
|
|
99be8f |
|
|
|
99be8f |
tc/flower: Add match on encapsulating tos/ttl
|
|
|
99be8f |
|
|
|
99be8f |
Add matching on tos/ttl of the IP tunnel headers.
|
|
|
99be8f |
|
|
|
99be8f |
For example, here's decap rule that matches on the tunnel tos:
|
|
|
99be8f |
|
|
|
99be8f |
tc filter add dev vxlan_sys_4789 protocol ip parent ffff: prio 10 flower \
|
|
|
99be8f |
enc_src_ip 192.168.10.2 enc_dst_ip 192.168.10.1 enc_key_id 100 enc_dst_port 4789 enc_tos 0x30 \
|
|
|
99be8f |
src_mac e4:11:22:33:44:70 dst_mac e4:11:22:33:44:50 \
|
|
|
99be8f |
action tunnel_key unset \
|
|
|
99be8f |
action mirred egress redirect dev eth0_0
|
|
|
99be8f |
|
|
|
99be8f |
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
|
|
|
99be8f |
Reviewed-by: Roi Dayan <roid@mellanox.com>
|
|
|
99be8f |
Acked-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
99be8f |
Signed-off-by: David Ahern <dsahern@gmail.com>
|
|
|
99be8f |
---
|
|
|
99be8f |
man/man8/tc-flower.8 | 14 +++++++++++++-
|
|
|
99be8f |
tc/f_flower.c | 27 +++++++++++++++++++++++++++
|
|
|
99be8f |
2 files changed, 40 insertions(+), 1 deletion(-)
|
|
|
99be8f |
|
|
|
99be8f |
diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
|
|
|
d30c09 |
index be46f0278b4ff..af19708d9649e 100644
|
|
|
99be8f |
--- a/man/man8/tc-flower.8
|
|
|
99be8f |
+++ b/man/man8/tc-flower.8
|
|
|
99be8f |
@@ -57,6 +57,10 @@ flower \- flow based traffic control filter
|
|
|
99be8f |
.IR ipv4_address " | " ipv6_address " } | "
|
|
|
99be8f |
.B enc_dst_port
|
|
|
99be8f |
.IR port_number " | "
|
|
|
99be8f |
+.B enc_tos
|
|
|
99be8f |
+.IR TOS " | "
|
|
|
99be8f |
+.B enc_ttl
|
|
|
99be8f |
+.IR TTL " | "
|
|
|
99be8f |
.BR ip_flags
|
|
|
99be8f |
.IR IP_FLAGS
|
|
|
99be8f |
.SH DESCRIPTION
|
|
|
99be8f |
@@ -207,6 +211,10 @@ bits is assumed.
|
|
|
99be8f |
.BI enc_src_ip " PREFIX"
|
|
|
99be8f |
.TQ
|
|
|
99be8f |
.BI enc_dst_port " NUMBER"
|
|
|
99be8f |
+.TQ
|
|
|
99be8f |
+.BI enc_tos " NUMBER"
|
|
|
99be8f |
+.TQ
|
|
|
99be8f |
+.BI enc_ttl " NUMBER"
|
|
|
99be8f |
Match on IP tunnel metadata. Key id
|
|
|
99be8f |
.I NUMBER
|
|
|
99be8f |
is a 32 bit tunnel key id (e.g. VNI for VXLAN tunnel).
|
|
|
99be8f |
@@ -215,7 +223,11 @@ must be a valid IPv4 or IPv6 address optionally followed by a slash and the
|
|
|
99be8f |
prefix length. If the prefix is missing, \fBtc\fR assumes a full-length
|
|
|
99be8f |
host match. Dst port
|
|
|
99be8f |
.I NUMBER
|
|
|
99be8f |
-is a 16 bit UDP dst port.
|
|
|
99be8f |
+is a 16 bit UDP dst port. Tos
|
|
|
99be8f |
+.I NUMBER
|
|
|
99be8f |
+is an 8 bit tos (dscp+ecn) value, ttl
|
|
|
99be8f |
+.I NUMBER
|
|
|
99be8f |
+is an 8 bit time-to-live value.
|
|
|
99be8f |
.TP
|
|
|
99be8f |
.BI ip_flags " IP_FLAGS"
|
|
|
99be8f |
.I IP_FLAGS
|
|
|
99be8f |
diff --git a/tc/f_flower.c b/tc/f_flower.c
|
|
|
d30c09 |
index 5be693ab7f6af..5f5236ca523f8 100644
|
|
|
99be8f |
--- a/tc/f_flower.c
|
|
|
99be8f |
+++ b/tc/f_flower.c
|
|
|
99be8f |
@@ -70,6 +70,8 @@ static void explain(void)
|
|
|
99be8f |
" enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
|
|
|
99be8f |
" enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
|
|
|
99be8f |
" enc_key_id [ KEY-ID ] |\n"
|
|
|
99be8f |
+ " enc_tos MASKED-IP_TOS |\n"
|
|
|
99be8f |
+ " enc_ttl MASKED-IP_TTL |\n"
|
|
|
99be8f |
" ip_flags IP-FLAGS | \n"
|
|
|
99be8f |
" enc_dst_port [ port_number ] }\n"
|
|
|
99be8f |
" FILTERID := X:Y:Z\n"
|
|
|
99be8f |
@@ -883,6 +885,26 @@ static int flower_parse_opt(struct filter_util *qu, char *handle,
|
|
|
99be8f |
fprintf(stderr, "Illegal \"enc_dst_port\"\n");
|
|
|
99be8f |
return -1;
|
|
|
99be8f |
}
|
|
|
99be8f |
+ } else if (matches(*argv, "enc_tos") == 0) {
|
|
|
99be8f |
+ NEXT_ARG();
|
|
|
99be8f |
+ ret = flower_parse_ip_tos_ttl(*argv,
|
|
|
99be8f |
+ TCA_FLOWER_KEY_ENC_IP_TOS,
|
|
|
99be8f |
+ TCA_FLOWER_KEY_ENC_IP_TOS_MASK,
|
|
|
99be8f |
+ n);
|
|
|
99be8f |
+ if (ret < 0) {
|
|
|
99be8f |
+ fprintf(stderr, "Illegal \"enc_tos\"\n");
|
|
|
99be8f |
+ return -1;
|
|
|
99be8f |
+ }
|
|
|
99be8f |
+ } else if (matches(*argv, "enc_ttl") == 0) {
|
|
|
99be8f |
+ NEXT_ARG();
|
|
|
99be8f |
+ ret = flower_parse_ip_tos_ttl(*argv,
|
|
|
99be8f |
+ TCA_FLOWER_KEY_ENC_IP_TTL,
|
|
|
99be8f |
+ TCA_FLOWER_KEY_ENC_IP_TTL_MASK,
|
|
|
99be8f |
+ n);
|
|
|
99be8f |
+ if (ret < 0) {
|
|
|
99be8f |
+ fprintf(stderr, "Illegal \"enc_ttl\"\n");
|
|
|
99be8f |
+ return -1;
|
|
|
99be8f |
+ }
|
|
|
99be8f |
} else if (matches(*argv, "action") == 0) {
|
|
|
99be8f |
NEXT_ARG();
|
|
|
99be8f |
ret = parse_action(&argc, &argv, TCA_FLOWER_ACT, n);
|
|
|
99be8f |
@@ -1296,6 +1318,11 @@ static int flower_print_opt(struct filter_util *qu, FILE *f,
|
|
|
99be8f |
flower_print_port(f, "enc_dst_port",
|
|
|
99be8f |
tb[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]);
|
|
|
99be8f |
|
|
|
99be8f |
+ flower_print_ip_attr(f, "enc_tos", tb[TCA_FLOWER_KEY_ENC_IP_TOS],
|
|
|
99be8f |
+ tb[TCA_FLOWER_KEY_ENC_IP_TOS_MASK]);
|
|
|
99be8f |
+ flower_print_ip_attr(f, "enc_ttl", tb[TCA_FLOWER_KEY_ENC_IP_TTL],
|
|
|
99be8f |
+ tb[TCA_FLOWER_KEY_ENC_IP_TTL_MASK]);
|
|
|
99be8f |
+
|
|
|
99be8f |
flower_print_matching_flags(f, "ip_flags",
|
|
|
99be8f |
FLOWER_IP_FLAGS,
|
|
|
99be8f |
tb[TCA_FLOWER_KEY_FLAGS],
|
|
|
99be8f |
--
|
|
|
d30c09 |
2.21.0
|
|
|
99be8f |
|