naccyde / rpms / iproute

Forked from rpms/iproute 9 months ago
Clone

Blame SOURCES/0048-tc-flower-Add-match-on-encapsulating-tos-ttl.patch

99be8f
From 738c49477eb843b37cb799115e5b562303bfcd9e Mon Sep 17 00:00:00 2001
99be8f
From: Phil Sutter <psutter@redhat.com>
99be8f
Date: Wed, 6 Feb 2019 14:51:12 +0100
99be8f
Subject: [PATCH] tc/flower: Add match on encapsulating tos/ttl
99be8f
99be8f
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1641909
99be8f
Upstream Status: iproute2.git commit 761ec9e29ff86
99be8f
Conflicts: Adjusted code to missing commit e28b88a464c49
99be8f
           ("tc: jsonify flower filter").
99be8f
99be8f
commit 761ec9e29ff867452057f59dc6ca430688b409ea
99be8f
Author: Or Gerlitz <ogerlitz@mellanox.com>
99be8f
Date:   Thu Jul 19 14:02:15 2018 +0300
99be8f
99be8f
    tc/flower: Add match on encapsulating tos/ttl
99be8f
99be8f
    Add matching on tos/ttl of the IP tunnel headers.
99be8f
99be8f
    For example, here's decap rule that matches on the tunnel tos:
99be8f
99be8f
    tc filter add dev vxlan_sys_4789 protocol ip parent ffff: prio 10 flower \
99be8f
       enc_src_ip 192.168.10.2 enc_dst_ip 192.168.10.1 enc_key_id 100 enc_dst_port 4789 enc_tos 0x30 \
99be8f
       src_mac e4:11:22:33:44:70 dst_mac e4:11:22:33:44:50  \
99be8f
       action tunnel_key unset \
99be8f
       action mirred egress redirect dev eth0_0
99be8f
99be8f
    Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
99be8f
    Reviewed-by: Roi Dayan <roid@mellanox.com>
99be8f
    Acked-by: Jiri Pirko <jiri@mellanox.com>
99be8f
    Signed-off-by: David Ahern <dsahern@gmail.com>
99be8f
---
99be8f
 man/man8/tc-flower.8 | 14 +++++++++++++-
99be8f
 tc/f_flower.c        | 27 +++++++++++++++++++++++++++
99be8f
 2 files changed, 40 insertions(+), 1 deletion(-)
99be8f
99be8f
diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
d30c09
index be46f0278b4ff..af19708d9649e 100644
99be8f
--- a/man/man8/tc-flower.8
99be8f
+++ b/man/man8/tc-flower.8
99be8f
@@ -57,6 +57,10 @@ flower \- flow based traffic control filter
99be8f
 .IR ipv4_address " | " ipv6_address " } | "
99be8f
 .B enc_dst_port
99be8f
 .IR port_number " | "
99be8f
+.B enc_tos
99be8f
+.IR TOS " | "
99be8f
+.B enc_ttl
99be8f
+.IR TTL " | "
99be8f
 .BR ip_flags
99be8f
 .IR IP_FLAGS
99be8f
 .SH DESCRIPTION
99be8f
@@ -207,6 +211,10 @@ bits is assumed.
99be8f
 .BI enc_src_ip " PREFIX"
99be8f
 .TQ
99be8f
 .BI enc_dst_port " NUMBER"
99be8f
+.TQ
99be8f
+.BI enc_tos " NUMBER"
99be8f
+.TQ
99be8f
+.BI enc_ttl " NUMBER"
99be8f
 Match on IP tunnel metadata. Key id
99be8f
 .I NUMBER
99be8f
 is a 32 bit tunnel key id (e.g. VNI for VXLAN tunnel).
99be8f
@@ -215,7 +223,11 @@ must be a valid IPv4 or IPv6 address optionally followed by a slash and the
99be8f
 prefix length. If the prefix is missing, \fBtc\fR assumes a full-length
99be8f
 host match.  Dst port
99be8f
 .I NUMBER
99be8f
-is a 16 bit UDP dst port.
99be8f
+is a 16 bit UDP dst port. Tos
99be8f
+.I NUMBER
99be8f
+is an 8 bit tos (dscp+ecn) value, ttl
99be8f
+.I NUMBER
99be8f
+is an 8 bit time-to-live value.
99be8f
 .TP
99be8f
 .BI ip_flags " IP_FLAGS"
99be8f
 .I IP_FLAGS
99be8f
diff --git a/tc/f_flower.c b/tc/f_flower.c
d30c09
index 5be693ab7f6af..5f5236ca523f8 100644
99be8f
--- a/tc/f_flower.c
99be8f
+++ b/tc/f_flower.c
99be8f
@@ -70,6 +70,8 @@ static void explain(void)
99be8f
 		"                       enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
99be8f
 		"                       enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
99be8f
 		"                       enc_key_id [ KEY-ID ] |\n"
99be8f
+		"                       enc_tos MASKED-IP_TOS |\n"
99be8f
+		"                       enc_ttl MASKED-IP_TTL |\n"
99be8f
 		"                       ip_flags IP-FLAGS | \n"
99be8f
 		"                       enc_dst_port [ port_number ] }\n"
99be8f
 		"       FILTERID := X:Y:Z\n"
99be8f
@@ -883,6 +885,26 @@ static int flower_parse_opt(struct filter_util *qu, char *handle,
99be8f
 				fprintf(stderr, "Illegal \"enc_dst_port\"\n");
99be8f
 				return -1;
99be8f
 			}
99be8f
+		} else if (matches(*argv, "enc_tos") == 0) {
99be8f
+			NEXT_ARG();
99be8f
+			ret = flower_parse_ip_tos_ttl(*argv,
99be8f
+						      TCA_FLOWER_KEY_ENC_IP_TOS,
99be8f
+						      TCA_FLOWER_KEY_ENC_IP_TOS_MASK,
99be8f
+						      n);
99be8f
+			if (ret < 0) {
99be8f
+				fprintf(stderr, "Illegal \"enc_tos\"\n");
99be8f
+				return -1;
99be8f
+			}
99be8f
+		} else if (matches(*argv, "enc_ttl") == 0) {
99be8f
+			NEXT_ARG();
99be8f
+			ret = flower_parse_ip_tos_ttl(*argv,
99be8f
+						      TCA_FLOWER_KEY_ENC_IP_TTL,
99be8f
+						      TCA_FLOWER_KEY_ENC_IP_TTL_MASK,
99be8f
+						      n);
99be8f
+			if (ret < 0) {
99be8f
+				fprintf(stderr, "Illegal \"enc_ttl\"\n");
99be8f
+				return -1;
99be8f
+			}
99be8f
 		} else if (matches(*argv, "action") == 0) {
99be8f
 			NEXT_ARG();
99be8f
 			ret = parse_action(&argc, &argv, TCA_FLOWER_ACT, n);
99be8f
@@ -1296,6 +1318,11 @@ static int flower_print_opt(struct filter_util *qu, FILE *f,
99be8f
 	flower_print_port(f, "enc_dst_port",
99be8f
 			  tb[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]);
99be8f
 
99be8f
+	flower_print_ip_attr(f, "enc_tos", tb[TCA_FLOWER_KEY_ENC_IP_TOS],
99be8f
+			    tb[TCA_FLOWER_KEY_ENC_IP_TOS_MASK]);
99be8f
+	flower_print_ip_attr(f, "enc_ttl", tb[TCA_FLOWER_KEY_ENC_IP_TTL],
99be8f
+			    tb[TCA_FLOWER_KEY_ENC_IP_TTL_MASK]);
99be8f
+
99be8f
 	flower_print_matching_flags(f, "ip_flags",
99be8f
 				    FLOWER_IP_FLAGS,
99be8f
 				    tb[TCA_FLOWER_KEY_FLAGS],
99be8f
-- 
d30c09
2.21.0
99be8f