* [PATCHv2 iproute2-next] tc: m_ct: add support for helper
@ 2023-02-12 16:41 Xin Long
2023-02-18 17:12 ` patchwork-bot+netdevbpf
0 siblings, 1 reply; 2+ messages in thread
From: Xin Long @ 2023-02-12 16:41 UTC (permalink / raw)
To: network dev, David Ahern, stephen
Cc: Jamal Hadi Salim, Cong Wang, Jiri Pirko, Marcelo Ricardo Leitner,
Davide Caratti
This patch is to add the setup and dump for helper in tc ct action
in userspace, and the support in kernel was added in:
https://lore.kernel.org/netdev/cover.1667766782.git.lucien.xin@gmail.com/
here is an example for usage:
# ip link add dummy0 type dummy
# tc qdisc add dev dummy0 ingress
# tc filter add dev dummy0 ingress proto ip flower ip_proto \
tcp dst_port 21 ct_state -trk action ct helper ipv4-tcp-ftp
# tc filter show dev dummy0 ingress
filter protocol ip pref 49152 flower chain 0 handle 0x1
eth_type ipv4
ip_proto tcp
dst_port 21
ct_state -trk
not_in_hw
action order 1: ct zone 0 helper ipv4-tcp-ftp pipe
index 1 ref 1 bind
v1->v2:
- add dst_port 21 in the example tc flower rule in changelog
as Marcele noticed.
- use snprintf to avoid possible string overflows as Stephen
suggested in ct_print_helper().
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
---
tc/m_ct.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 52 insertions(+), 1 deletion(-)
diff --git a/tc/m_ct.c b/tc/m_ct.c
index 54d64867..3e2491b3 100644
--- a/tc/m_ct.c
+++ b/tc/m_ct.c
@@ -13,6 +13,7 @@
#include <string.h>
#include "utils.h"
#include "tc_util.h"
+#include "rt_names.h"
#include <linux/tc_act/tc_ct.h>
static void
@@ -20,10 +21,11 @@ usage(void)
{
fprintf(stderr,
"Usage: ct clear\n"
- " ct commit [force] [zone ZONE] [mark MASKED_MARK] [label MASKED_LABEL] [nat NAT_SPEC]\n"
+ " ct commit [force] [zone ZONE] [mark MASKED_MARK] [label MASKED_LABEL] [nat NAT_SPEC] [helper HELPER]\n"
" ct [nat] [zone ZONE]\n"
"Where: ZONE is the conntrack zone table number\n"
" NAT_SPEC is {src|dst} addr addr1[-addr2] [port port1[-port2]]\n"
+ " HELPER is family-proto-name such as ipv4-tcp-ftp\n"
"\n");
exit(-1);
}
@@ -156,6 +158,30 @@ static int ct_parse_mark(char *str, struct nlmsghdr *n)
return ct_parse_u32(str, TCA_CT_MARK, TCA_CT_MARK_MASK, n);
}
+static int ct_parse_helper(char *str, struct nlmsghdr *n)
+{
+ char f[32], p[32], name[32];
+ __u8 family, proto;
+
+ if (strlen(str) >= 32 ||
+ sscanf(str, "%[^-]-%[^-]-%[^-]", f, p, name) != 3)
+ return -1;
+ if (!strcmp(f, "ipv4"))
+ family = AF_INET;
+ else if (!strcmp(f, "ipv6"))
+ family = AF_INET6;
+ else
+ return -1;
+ proto = inet_proto_a2n(p);
+ if (proto < 0)
+ return -1;
+
+ addattr8(n, MAX_MSG, TCA_CT_HELPER_FAMILY, family);
+ addattr8(n, MAX_MSG, TCA_CT_HELPER_PROTO, proto);
+ addattrstrz(n, MAX_MSG, TCA_CT_HELPER_NAME, name);
+ return 0;
+}
+
static int ct_parse_labels(char *str, struct nlmsghdr *n)
{
#define LABELS_SIZE 16
@@ -283,6 +309,14 @@ parse_ct(struct action_util *a, int *argc_p, char ***argv_p, int tca_id,
}
} else if (matches(*argv, "help") == 0) {
usage();
+ } else if (matches(*argv, "helper") == 0) {
+ NEXT_ARG();
+
+ ret = ct_parse_helper(*argv, n);
+ if (ret) {
+ fprintf(stderr, "ct: Illegal \"helper\"\n");
+ return -1;
+ }
} else {
break;
}
@@ -436,6 +470,22 @@ static void ct_print_labels(struct rtattr *attr,
print_string(PRINT_ANY, "label", " label %s", out);
}
+static void ct_print_helper(struct rtattr *family, struct rtattr *proto, struct rtattr *name)
+{
+ char helper[32], buf[32], *n;
+ int *f, *p;
+
+ if (!family || !proto || !name)
+ return;
+
+ f = RTA_DATA(family);
+ p = RTA_DATA(proto);
+ n = RTA_DATA(name);
+ snprintf(helper, sizeof(helper), "%s-%s-%s", (*f == AF_INET) ? "ipv4" : "ipv6",
+ inet_proto_n2a(*p, buf, sizeof(buf)), n);
+ print_string(PRINT_ANY, "helper", " helper %s", helper);
+}
+
static int print_ct(struct action_util *au, FILE *f, struct rtattr *arg)
{
struct rtattr *tb[TCA_CT_MAX + 1];
@@ -468,6 +518,7 @@ static int print_ct(struct action_util *au, FILE *f, struct rtattr *arg)
print_masked_u32("mark", tb[TCA_CT_MARK], tb[TCA_CT_MARK_MASK], false);
print_masked_u16("zone", tb[TCA_CT_ZONE], NULL, false);
ct_print_labels(tb[TCA_CT_LABELS], tb[TCA_CT_LABELS_MASK]);
+ ct_print_helper(tb[TCA_CT_HELPER_FAMILY], tb[TCA_CT_HELPER_PROTO], tb[TCA_CT_HELPER_NAME]);
ct_print_nat(ct_action, tb);
print_action_control(f, " ", p->action, "");
--
2.31.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCHv2 iproute2-next] tc: m_ct: add support for helper
2023-02-12 16:41 [PATCHv2 iproute2-next] tc: m_ct: add support for helper Xin Long
@ 2023-02-18 17:12 ` patchwork-bot+netdevbpf
0 siblings, 0 replies; 2+ messages in thread
From: patchwork-bot+netdevbpf @ 2023-02-18 17:12 UTC (permalink / raw)
To: Xin Long
Cc: netdev, dsahern, stephen, jhs, xiyou.wangcong, jiri,
marcelo.leitner, dcaratti
Hello:
This patch was applied to iproute2/iproute2-next.git (main)
by David Ahern <dsahern@kernel.org>:
On Sun, 12 Feb 2023 11:41:32 -0500 you wrote:
> This patch is to add the setup and dump for helper in tc ct action
> in userspace, and the support in kernel was added in:
>
> https://lore.kernel.org/netdev/cover.1667766782.git.lucien.xin@gmail.com/
>
> here is an example for usage:
>
> [...]
Here is the summary with links:
- [PATCHv2,iproute2-next] tc: m_ct: add support for helper
https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=4cdce041c3f0
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-02-18 17:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-02-12 16:41 [PATCHv2 iproute2-next] tc: m_ct: add support for helper Xin Long
2023-02-18 17:12 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).