From cac52dd831b6982f6b27b02c26243edbe0b7d747 Mon Sep 17 00:00:00 2001 Message-Id: In-Reply-To: References: From: Andrea Claudi Date: Fri, 29 Jan 2021 00:35:03 +0100 Subject: [PATCH] m_vlan: add pop_eth and push_eth actions Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1885770 Upstream Status: unknown commit d61167dd commit d61167dd88b45832843b1458cd156f3b85c8ff16 Author: Guillaume Nault Date: Mon Oct 19 17:23:01 2020 +0200 m_vlan: add pop_eth and push_eth actions Add support for the new TCA_VLAN_ACT_POP_ETH and TCA_VLAN_ACT_PUSH_ETH actions (kernel commit 19fbcb36a39e ("net/sched: act_vlan: Add {POP,PUSH}_ETH actions"). These action let TC remove or add the Ethernet at the head of a frame. Drop an Ethernet header: # tc filter add dev ethX matchall action vlan pop_eth Push an Ethernet header (the original frame must have no MAC header): # tc filter add dev ethX matchall action vlan \ push_eth dst_mac 0a:00:00:00:00:02 src_mac 0a:00:00:00:00:01 Also add a test suite for m_vlan, which covers these new actions and the pre-existing ones. Signed-off-by: Guillaume Nault Signed-off-by: David Ahern --- man/man8/tc-vlan.8 | 39 +++++++++++++++++- tc/m_vlan.c | 69 +++++++++++++++++++++++++++++++ testsuite/tests/tc/vlan.t | 86 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 192 insertions(+), 2 deletions(-) create mode 100755 testsuite/tests/tc/vlan.t diff --git a/man/man8/tc-vlan.8 b/man/man8/tc-vlan.8 index f5ffc25f..5c2808b1 100644 --- a/man/man8/tc-vlan.8 +++ b/man/man8/tc-vlan.8 @@ -5,8 +5,8 @@ vlan - vlan manipulation module .SH SYNOPSIS .in +8 .ti -8 -.BR tc " ... " "action vlan" " { " pop " |" -.IR PUSH " | " MODIFY " } [ " CONTROL " ]" +.BR tc " ... " "action vlan" " { " pop " | " pop_eth " |" +.IR PUSH " | " MODIFY " | " PUSH_ETH " } [ " CONTROL " ]" .ti -8 .IR PUSH " := " @@ -24,6 +24,11 @@ vlan - vlan manipulation module .IR VLANPRIO " ] " .BI id " VLANID" +.ti -8 +.IR PUSH_ETH " := " +.B push_eth +.BI dst_mac " LLADDR " src_mac " LLADDR " + .ti -8 .IR CONTROL " := { " .BR reclassify " | " pipe " | " drop " | " continue " | " pass " | " goto " " chain " " CHAIN_INDEX " }" @@ -43,6 +48,20 @@ modes require at least a and allow to optionally choose the .I VLANPROTO to use. + +The +.B vlan +action can also be used to add or remove the base Ethernet header. The +.B pop_eth +mode, which takes no argument, is used to remove the base Ethernet header. All +existing VLANs must have been previously dropped. The opposite operation, +adding a base Ethernet header, is done with the +.B push_eth +mode. In that case, the packet must have no MAC header (stacking MAC headers is +not permitted). This mode is mostly useful when a previous action has +encapsulated the whole original frame behind a network header and one needs +to prepend an Ethernet header before forwarding the resulting packet. + .SH OPTIONS .TP .B pop @@ -58,6 +77,16 @@ Replace mode. Existing 802.1Q tag is replaced. Requires at least .B id option. .TP +.B pop_eth +Ethernet header decapsulation mode. Only works on a plain Ethernet header: +VLANs, if any, must be removed first. +.TP +.B push_eth +Ethernet header encapsulation mode. The Ethertype is automatically set +using the network header type. Chaining Ethernet headers is not allowed: the +packet must have no MAC header when using this mode. Requires the +.BR "dst_mac " and " src_mac " options. +.TP .BI id " VLANID" Specify the VLAN ID to encapsulate into. .I VLANID @@ -73,6 +102,12 @@ Choose the VLAN protocol to use. At the time of writing, the kernel accepts only .BI priority " VLANPRIO" Choose the VLAN priority to use. Decimal number in range of 0-7. .TP +.BI dst_mac " LLADDR" +Choose the destination MAC address to use. +.TP +.BI src_mac " LLADDR" +Choose the source MAC address to use. +.TP .I CONTROL How to continue after executing this action. .RS diff --git a/tc/m_vlan.c b/tc/m_vlan.c index 1096ba0f..e6b21330 100644 --- a/tc/m_vlan.c +++ b/tc/m_vlan.c @@ -23,6 +23,8 @@ static const char * const action_names[] = { [TCA_VLAN_ACT_POP] = "pop", [TCA_VLAN_ACT_PUSH] = "push", [TCA_VLAN_ACT_MODIFY] = "modify", + [TCA_VLAN_ACT_POP_ETH] = "pop_eth", + [TCA_VLAN_ACT_PUSH_ETH] = "push_eth", }; static void explain(void) @@ -31,6 +33,8 @@ static void explain(void) "Usage: vlan pop\n" " vlan push [ protocol VLANPROTO ] id VLANID [ priority VLANPRIO ] [CONTROL]\n" " vlan modify [ protocol VLANPROTO ] id VLANID [ priority VLANPRIO ] [CONTROL]\n" + " vlan pop_eth [CONTROL]\n" + " vlan push_eth dst_mac LLADDR src_mac LLADDR [CONTROL]\n" " VLANPROTO is one of 802.1Q or 802.1AD\n" " with default: 802.1Q\n" " CONTROL := reclassify | pipe | drop | continue | pass |\n" @@ -63,6 +67,10 @@ static int parse_vlan(struct action_util *a, int *argc_p, char ***argv_p, char **argv = *argv_p; struct rtattr *tail; int action = 0; + char dst_mac[ETH_ALEN] = {}; + int dst_mac_set = 0; + char src_mac[ETH_ALEN] = {}; + int src_mac_set = 0; __u16 id; int id_set = 0; __u16 proto; @@ -95,6 +103,18 @@ static int parse_vlan(struct action_util *a, int *argc_p, char ***argv_p, return -1; } action = TCA_VLAN_ACT_MODIFY; + } else if (matches(*argv, "pop_eth") == 0) { + if (action) { + unexpected(*argv); + return -1; + } + action = TCA_VLAN_ACT_POP_ETH; + } else if (matches(*argv, "push_eth") == 0) { + if (action) { + unexpected(*argv); + return -1; + } + action = TCA_VLAN_ACT_PUSH_ETH; } else if (matches(*argv, "id") == 0) { if (!has_push_attribs(action)) invarg("only valid for push/modify", *argv); @@ -119,6 +139,22 @@ static int parse_vlan(struct action_util *a, int *argc_p, char ***argv_p, if (get_u8(&prio, *argv, 0) || (prio & ~0x7)) invarg("prio is invalid", *argv); prio_set = 1; + } else if (matches(*argv, "dst_mac") == 0) { + if (action != TCA_VLAN_ACT_PUSH_ETH) + invarg("only valid for push_eth", *argv); + + NEXT_ARG(); + if (ll_addr_a2n(dst_mac, sizeof(dst_mac), *argv) < 0) + invarg("dst_mac is invalid", *argv); + dst_mac_set = 1; + } else if (matches(*argv, "src_mac") == 0) { + if (action != TCA_VLAN_ACT_PUSH_ETH) + invarg("only valid for push_eth", *argv); + + NEXT_ARG(); + if (ll_addr_a2n(src_mac, sizeof(src_mac), *argv) < 0) + invarg("src_mac is invalid", *argv); + src_mac_set = 1; } else if (matches(*argv, "help") == 0) { usage(); } else { @@ -150,6 +186,20 @@ static int parse_vlan(struct action_util *a, int *argc_p, char ***argv_p, return -1; } + if (action == TCA_VLAN_ACT_PUSH_ETH) { + if (!dst_mac_set) { + fprintf(stderr, "dst_mac needs to be set for %s\n", + action_names[action]); + explain(); + return -1; + } else if (!src_mac_set) { + fprintf(stderr, "src_mac needs to be set for %s\n", + action_names[action]); + explain(); + return -1; + } + } + parm.v_action = action; tail = addattr_nest(n, MAX_MSG, tca_id); addattr_l(n, MAX_MSG, TCA_VLAN_PARMS, &parm, sizeof(parm)); @@ -167,6 +217,12 @@ static int parse_vlan(struct action_util *a, int *argc_p, char ***argv_p, } if (prio_set) addattr8(n, MAX_MSG, TCA_VLAN_PUSH_VLAN_PRIORITY, prio); + if (dst_mac_set) + addattr_l(n, MAX_MSG, TCA_VLAN_PUSH_ETH_DST, dst_mac, + sizeof(dst_mac)); + if (src_mac_set) + addattr_l(n, MAX_MSG, TCA_VLAN_PUSH_ETH_SRC, src_mac, + sizeof(src_mac)); addattr_nest_end(n, tail); @@ -216,6 +272,19 @@ static int print_vlan(struct action_util *au, FILE *f, struct rtattr *arg) print_uint(PRINT_ANY, "priority", " priority %u", val); } break; + case TCA_VLAN_ACT_PUSH_ETH: + if (tb[TCA_VLAN_PUSH_ETH_DST] && + RTA_PAYLOAD(tb[TCA_VLAN_PUSH_ETH_DST]) == ETH_ALEN) { + ll_addr_n2a(RTA_DATA(tb[TCA_VLAN_PUSH_ETH_DST]), + ETH_ALEN, 0, b1, sizeof(b1)); + print_string(PRINT_ANY, "dst_mac", " dst_mac %s", b1); + } + if (tb[TCA_VLAN_PUSH_ETH_SRC && + RTA_PAYLOAD(tb[TCA_VLAN_PUSH_ETH_SRC]) == ETH_ALEN]) { + ll_addr_n2a(RTA_DATA(tb[TCA_VLAN_PUSH_ETH_SRC]), + ETH_ALEN, 0, b1, sizeof(b1)); + print_string(PRINT_ANY, "src_mac", " src_mac %s", b1); + } } print_action_control(f, " ", parm->action, ""); diff --git a/testsuite/tests/tc/vlan.t b/testsuite/tests/tc/vlan.t new file mode 100755 index 00000000..b86dc364 --- /dev/null +++ b/testsuite/tests/tc/vlan.t @@ -0,0 +1,86 @@ +#!/bin/sh + +. lib/generic.sh + +DEV="$(rand_dev)" +ts_ip "$0" "Add $DEV dummy interface" link add dev $DEV up type dummy +ts_tc "$0" "Add ingress qdisc" qdisc add dev $DEV ingress + +reset_qdisc() +{ + ts_tc "$0" "Remove ingress qdisc" qdisc del dev $DEV ingress + ts_tc "$0" "Add ingress qdisc" qdisc add dev $DEV ingress +} + +ts_tc "$0" "Add vlan action pop" \ + filter add dev $DEV ingress matchall action vlan pop +ts_tc "$0" "Show ingress filters" filter show dev $DEV ingress +test_on "vlan" +test_on "pop" +test_on "pipe" + +reset_qdisc +ts_tc "$0" "Add vlan action push (default parameters)" \ + filter add dev $DEV ingress matchall action vlan push id 5 +ts_tc "$0" "Show ingress filters" filter show dev $DEV ingress +test_on "vlan" +test_on "push" +test_on "id 5" +test_on "protocol 802.1Q" +test_on "priority 0" +test_on "pipe" + +reset_qdisc +ts_tc "$0" "Add vlan action push (explicit parameters)" \ + filter add dev $DEV ingress matchall \ + action vlan push id 5 protocol 802.1ad priority 2 +ts_tc "$0" "Show ingress filters" filter show dev $DEV ingress +test_on "vlan" +test_on "push" +test_on "id 5" +test_on "protocol 802.1ad" +test_on "priority 2" +test_on "pipe" + +reset_qdisc +ts_tc "$0" "Add vlan action modify (default parameters)" \ + filter add dev $DEV ingress matchall action vlan modify id 5 +ts_tc "$0" "Show ingress filters" filter show dev $DEV ingress +test_on "vlan" +test_on "modify" +test_on "id 5" +test_on "protocol 802.1Q" +test_on "priority 0" +test_on "pipe" + +reset_qdisc +ts_tc "$0" "Add vlan action modify (explicit parameters)" \ + filter add dev $DEV ingress matchall \ + action vlan modify id 5 protocol 802.1ad priority 2 +ts_tc "$0" "Show ingress filters" filter show dev $DEV ingress +test_on "vlan" +test_on "modify" +test_on "id 5" +test_on "protocol 802.1ad" +test_on "priority 2" +test_on "pipe" + +reset_qdisc +ts_tc "$0" "Add vlan action pop_eth" \ + filter add dev $DEV ingress matchall action vlan pop_eth +ts_tc "$0" "Show ingress filters" filter show dev $DEV ingress +test_on "vlan" +test_on "pop_eth" +test_on "pipe" + +reset_qdisc +ts_tc "$0" "Add vlan action push_eth" \ + filter add dev $DEV ingress matchall \ + action vlan push_eth dst_mac 02:00:00:00:00:02 \ + src_mac 02:00:00:00:00:01 +ts_tc "$0" "Show ingress filters" filter show dev $DEV ingress +test_on "vlan" +test_on "push_eth" +test_on "dst_mac 02:00:00:00:00:02" +test_on "src_mac 02:00:00:00:00:01" +test_on "pipe" -- 2.29.2