Re: [PATCH RFC net-next 1/4] ipv4: fib_rules: support match on sport, dport and ip proto

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Dumazet <eric.dumazet@gmail.com>
To: Roopa Prabhu <roopa@cumulusnetworks.com>, netdev@vger.kernel.org
Cc: dsa@cumulusnetworks.com, nikolay@cumulusnetworks.com
Subject: Re: [PATCH RFC net-next 1/4] ipv4: fib_rules: support match on sport, dport and ip proto
Date: Mon, 12 Feb 2018 12:49:33 -0800	[thread overview]
Message-ID: <1518468573.3715.163.camel@gmail.com> (raw)
In-Reply-To: <1518387989-33735-2-git-send-email-roopa@cumulusnetworks.com>

On Sun, 2018-02-11 at 14:26 -0800, Roopa Prabhu wrote:
> From: Roopa Prabhu <roopa@cumulusnetworks.com>
> 
> Add support to match on src port, dst port and ip protocol.
> 
> Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
> ---
>  include/uapi/linux/fib_rules.h |  3 +++
>  net/ipv4/fib_rules.c           | 46 ++++++++++++++++++++++++++++++++++++++++--
>  2 files changed, 47 insertions(+), 2 deletions(-)
> 
> diff --git a/include/uapi/linux/fib_rules.h b/include/uapi/linux/fib_rules.h
> index 2b642bf..79ff3c2 100644
> --- a/include/uapi/linux/fib_rules.h
> +++ b/include/uapi/linux/fib_rules.h
> @@ -58,6 +58,9 @@ enum {
>  	FRA_PAD,
>  	FRA_L3MDEV,	/* iif or oif is l3mdev goto its table */
>  	FRA_UID_RANGE,	/* UID range */
> +	FRA_PROTO,	/* ip proto */
> +	FRA_SPORT,	/* sport */
> +	FRA_DPORT,	/* dport */
>  	__FRA_MAX
>  };
>  
> diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c
> index 35d646a..f204c85 100644
> --- a/net/ipv4/fib_rules.c
> +++ b/net/ipv4/fib_rules.c
> @@ -45,13 +45,17 @@ struct fib4_rule {
>  #ifdef CONFIG_IP_ROUTE_CLASSID
>  	u32			tclassid;
>  #endif
> +	__be16			sport;
> +	__be16			dport;
> +	u8			proto;
>  };
>  
>  static bool fib4_rule_matchall(const struct fib_rule *rule)
>  {
>  	struct fib4_rule *r = container_of(rule, struct fib4_rule, common);
>  
> -	if (r->dst_len || r->src_len || r->tos)
> +	if (r->dst_len || r->src_len || r->tos || r->proto || r->sport ||
> +	    r->dport)
>  		return false;
>  	return fib_rule_matchall(rule);
>  }
> @@ -182,6 +186,15 @@ static int fib4_rule_match(struct fib_rule *rule, struct flowi *fl, int flags)
>  	if (r->tos && (r->tos != fl4->flowi4_tos))
>  		return 0;
>  
> +	if (r->proto && (r->proto != fl4->flowi4_proto))
> +		return 0;
> +
> +	if (r->sport && (r->sport != fl4->fl4_sport))
> +		return 0;
> +
> +	if (r->dport && (r->dport != fl4->fl4_dport))
> +		return 0;
> +

Any setup with about 20 rules to be evaluated (per packet cost) will
feel the pain...

I wonder if we could JIT/eBPF this thing.

next prev parent reply	other threads:[~2018-02-12 20:49 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-11 22:26 [PATCH RFC net-next 0/4] fib_rules: support sport, dport and proto match Roopa Prabhu
2018-02-11 22:26 ` [PATCH RFC net-next 1/4] ipv4: fib_rules: support match on sport, dport and ip proto Roopa Prabhu
2018-02-12 20:49   ` Eric Dumazet [this message]
2018-02-12 21:05     ` David Miller
2018-02-12 21:07       ` David Ahern
2018-02-12 21:54       ` Eric Dumazet
2018-02-12 23:03         ` David Ahern
2018-02-13  0:03         ` David Miller
2018-02-13 16:19           ` Roopa Prabhu
2018-02-13 16:34             ` David Miller
2018-02-13 16:36               ` Roopa Prabhu
2018-02-13 18:21           ` Ben Greear
2018-02-11 22:26 ` [PATCH RFC net-next 2/4] ipv6: fib6_rules: support for " Roopa Prabhu
2018-02-11 22:26 ` [PATCH RFC net-next 3/4] ipv4: route: dissect flow in input path if fib rules need it Roopa Prabhu
2018-02-11 22:26 ` [PATCH RFC net-next 4/4] ipv6: " Roopa Prabhu
2018-02-12  7:44   ` Ido Schimmel
2018-02-12 16:21     ` Roopa Prabhu
2018-02-12 20:36 ` [PATCH RFC net-next 0/4] fib_rules: support sport, dport and proto match David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1518468573.3715.163.camel@gmail.com \
    --to=eric.dumazet@gmail.com \
    --cc=dsa@cumulusnetworks.com \
    --cc=netdev@vger.kernel.org \
    --cc=nikolay@cumulusnetworks.com \
    --cc=roopa@cumulusnetworks.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.