From cca177ccfd0b5ae01ed8954f36c913fd95ef4b84 Mon Sep 17 00:00:00 2001 From: Ivan Vecera Date: Wed, 31 May 2017 15:45:54 +0200 Subject: [PATCH 169/169] tc, clsact: add clsact frontend Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1435624 Upstream status: iproute2.git commit 8f9afdd531560 Upstream divergences: Only partially backported to provide 'ingress' keyword for 'tc filter' command. The commit itself provides support for 'clsact' qdisc that is not supported on RHEL. commit 8f9afdd531560c1534be44424669add2e19deeec Author: Daniel Borkmann Date: Tue Jan 12 01:42:20 2016 +0100 tc, clsact: add clsact frontend Add the tc part for the kernel commit 1f211a1b929c ("net, sched: add clsact qdisc"). Quoting example usage from that commit description: Example, adding qdisc: # tc qdisc add dev foo clsact # tc qdisc show dev foo qdisc mq 0: root qdisc pfifo_fast 0: parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 qdisc pfifo_fast 0: parent :2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 qdisc pfifo_fast 0: parent :3 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 qdisc pfifo_fast 0: parent :4 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 qdisc clsact ffff: parent ffff:fff1 Adding filters (deleting, etc works analogous by specifying ingress/egress): # tc filter add dev foo ingress bpf da obj bar.o sec ingress # tc filter add dev foo egress bpf da obj bar.o sec egress # tc filter show dev foo ingress filter protocol all pref 49152 bpf filter protocol all pref 49152 bpf handle 0x1 bar.o:[ingress] direct-action # tc filter show dev foo egress filter protocol all pref 49152 bpf filter protocol all pref 49152 bpf handle 0x1 bar.o:[egress] direct-action The ingress parent alias can also be used with ingress qdisc. Signed-off-by: Daniel Borkmann Signed-off-by: Ivan Vecera --- tc/tc_filter.c | 46 ++++++++++++++++++++++++++++++++++++++-------- tc/tc_qdisc.c | 3 --- 2 files changed, 38 insertions(+), 11 deletions(-) diff --git a/tc/tc_filter.c b/tc/tc_filter.c index e76d616f..2a303c04 100644 --- a/tc/tc_filter.c +++ b/tc/tc_filter.c @@ -26,25 +26,21 @@ #include "tc_util.h" #include "tc_common.h" -static void usage(void); - static void usage(void) { fprintf(stderr, "Usage: tc filter [ add | del | change | replace | show ] dev STRING\n"); fprintf(stderr, " [ pref PRIO ] protocol PROTO\n"); fprintf(stderr, " [ estimator INTERVAL TIME_CONSTANT ]\n"); - fprintf(stderr, " [ root | classid CLASSID ] [ handle FILTERID ]\n"); - fprintf(stderr, " [ [ FILTER_TYPE ] [ help | OPTIONS ] ]\n"); + fprintf(stderr, " [ root | ingress | egress | parent CLASSID ]\n"); + fprintf(stderr, " [ handle FILTERID ] [ [ FILTER_TYPE ] [ help | OPTIONS ] ]\n"); fprintf(stderr, "\n"); - fprintf(stderr, " tc filter show [ dev STRING ] [ root | parent CLASSID ]\n"); + fprintf(stderr, " tc filter show [ dev STRING ] [ root | ingress | egress | parent CLASSID ]\n"); fprintf(stderr, "Where:\n"); fprintf(stderr, "FILTER_TYPE := { rsvp | u32 | fw | route | etc. }\n"); fprintf(stderr, "FILTERID := ... format depends on classifier, see there\n"); fprintf(stderr, "OPTIONS := ... try tc filter add help\n"); - return; } - static int tc_filter_modify(int cmd, unsigned flags, int argc, char **argv) { struct { @@ -87,6 +83,20 @@ static int tc_filter_modify(int cmd, unsigned flags, int argc, char **argv) return -1; } req.t.tcm_parent = TC_H_ROOT; + } else if (strcmp(*argv, "ingress") == 0) { + if (req.t.tcm_parent) { + fprintf(stderr, "Error: \"ingress\" is duplicate parent ID\n"); + return -1; + } + req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT, + TC_H_MIN_INGRESS); + } else if (strcmp(*argv, "egress") == 0) { + if (req.t.tcm_parent) { + fprintf(stderr, "Error: \"egress\" is duplicate parent ID\n"); + return -1; + } + req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT, + TC_H_MIN_EGRESS); } else if (strcmp(*argv, "parent") == 0) { __u32 handle; NEXT_ARG(); @@ -220,11 +230,16 @@ int print_filter(const struct sockaddr_nl *who, if (!filter_parent || filter_parent != t->tcm_parent) { if (t->tcm_parent == TC_H_ROOT) fprintf(fp, "root "); + else if (t->tcm_parent == TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_INGRESS)) + fprintf(fp, "ingress "); + else if (t->tcm_parent == TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_EGRESS)) + fprintf(fp, "egress "); else { print_tc_classid(abuf, sizeof(abuf), t->tcm_parent); fprintf(fp, "parent %s ", abuf); } } + if (t->tcm_info) { f_proto = TC_H_MIN(t->tcm_info); __u32 prio = TC_H_MAJ(t->tcm_info)>>16; @@ -259,7 +274,6 @@ int print_filter(const struct sockaddr_nl *who, return 0; } - static int tc_filter_list(int argc, char **argv) { struct tcmsg t; @@ -284,6 +298,22 @@ static int tc_filter_list(int argc, char **argv) return -1; } filter_parent = t.tcm_parent = TC_H_ROOT; + } else if (strcmp(*argv, "ingress") == 0) { + if (t.tcm_parent) { + fprintf(stderr, "Error: \"ingress\" is duplicate parent ID\n"); + return -1; + } + filter_parent = TC_H_MAKE(TC_H_CLSACT, + TC_H_MIN_INGRESS); + t.tcm_parent = filter_parent; + } else if (strcmp(*argv, "egress") == 0) { + if (t.tcm_parent) { + fprintf(stderr, "Error: \"egress\" is duplicate parent ID\n"); + return -1; + } + filter_parent = TC_H_MAKE(TC_H_CLSACT, + TC_H_MIN_EGRESS); + t.tcm_parent = filter_parent; } else if (strcmp(*argv, "parent") == 0) { __u32 handle; NEXT_ARG(); diff --git a/tc/tc_qdisc.c b/tc/tc_qdisc.c index c31ae8d2..61aec4f8 100644 --- a/tc/tc_qdisc.c +++ b/tc/tc_qdisc.c @@ -26,8 +26,6 @@ #include "tc_util.h" #include "tc_common.h" -static int usage(void); - static int usage(void) { fprintf(stderr, "Usage: tc qdisc [ add | del | replace | change | show ] dev STRING\n"); @@ -277,7 +275,6 @@ int print_qdisc(const struct sockaddr_nl *who, return 0; } - static int tc_qdisc_list(int argc, char **argv) { struct tcmsg t; -- 2.13.0