* [patch iproute2] tc: flower: add support for tcp flags
2017-05-23 14:31 [patch net-next " Jiri Pirko
@ 2017-05-23 14:33 ` Jiri Pirko
0 siblings, 0 replies; 10+ messages in thread
From: Jiri Pirko @ 2017-05-23 14:33 UTC (permalink / raw)
To: netdev; +Cc: davem, jhs, xiyou.wangcong, simon.horman, mlxsw, idosch
From: Jiri Pirko <jiri@mellanox.com>
Allow user to insert a flower classifier filter rule which includes
match for tcp flags.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
---
include/linux/pkt_cls.h | 3 +++
man/man8/tc-flower.8 | 8 +++++++
tc/f_flower.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 74 insertions(+)
diff --git a/include/linux/pkt_cls.h b/include/linux/pkt_cls.h
index d613be3..ce9dfb9 100644
--- a/include/linux/pkt_cls.h
+++ b/include/linux/pkt_cls.h
@@ -450,6 +450,9 @@ enum {
TCA_FLOWER_KEY_MPLS_TC, /* u8 - 3 bits */
TCA_FLOWER_KEY_MPLS_LABEL, /* be32 - 20 bits */
+ TCA_FLOWER_KEY_TCP_FLAGS, /* be16 */
+ TCA_FLOWER_KEY_TCP_FLAGS_MASK, /* be16 */
+
__TCA_FLOWER_MAX,
};
diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
index ba29065..7648079 100644
--- a/man/man8/tc-flower.8
+++ b/man/man8/tc-flower.8
@@ -35,6 +35,8 @@ flower \- flow based traffic control filter
.IR PREFIX " | { "
.BR dst_port " | " src_port " } "
.IR port_number " } | "
+.B tcp_flags
+.IR MASKED_TCP_FLAGS " | "
.B type
.IR MASKED_TYPE " | "
.B code
@@ -136,6 +138,12 @@ Match on layer 4 protocol source or destination port number. Only available for
.BR ip_proto " values " udp ", " tcp " and " sctp
which have to be specified in beforehand.
.TP
+.BI tcp_flags " MASKED_TCP_FLAGS"
+Match on TCP flags represented as 12bit bitfield in in hexadecimal format.
+A mask may be optionally provided to limit the bits which are matched. A mask
+is provided by following the value with a slash and then the mask. If the mask
+is missing then a match on all bits is assumed.
+.TP
.BI type " MASKED_TYPE"
.TQ
.BI code " MASKED_CODE"
diff --git a/tc/f_flower.c b/tc/f_flower.c
index ebc63ca..c74a681 100644
--- a/tc/f_flower.c
+++ b/tc/f_flower.c
@@ -57,6 +57,7 @@ static void explain(void)
" src_ip PREFIX |\n"
" dst_port PORT-NUMBER |\n"
" src_port PORT-NUMBER |\n"
+ " tcp_flags MASKED-TCP_FLAGS |\n"
" type MASKED-ICMP-TYPE |\n"
" code MASKED-ICMP-CODE |\n"
" arp_tip IPV4-PREFIX |\n"
@@ -474,6 +475,42 @@ static int flower_parse_port(char *str, __u8 ip_proto,
return 0;
}
+#define TCP_FLAGS_MAX_MASK 0xfff
+
+static int flower_parse_tcp_flags(char *str, int flags_type, int mask_type,
+ struct nlmsghdr *n)
+{
+ char *slash;
+ int ret, err = -1;
+ __u16 flags;
+
+ slash = strchr(str, '/');
+ if (slash)
+ *slash = '\0';
+
+ ret = get_u16(&flags, str, 16);
+ printf("ret %d flags %x %x\n", ret, flags, flags & ~TCP_FLAGS_MAX_MASK);
+ if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
+ goto err;
+
+ addattr16(n, MAX_MSG, flags_type, htons(flags));
+
+ if (slash) {
+ ret = get_u16(&flags, str, 16);
+ if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
+ goto err;
+ } else {
+ flags = TCP_FLAGS_MAX_MASK;
+ }
+ addattr16(n, MAX_MSG, mask_type, htons(flags));
+
+ err = 0;
+err:
+ if (slash)
+ *slash = '/';
+ return err;
+}
+
static int flower_parse_key_id(const char *str, int type, struct nlmsghdr *n)
{
int ret;
@@ -671,6 +708,16 @@ static int flower_parse_opt(struct filter_util *qu, char *handle,
fprintf(stderr, "Illegal \"src_port\"\n");
return -1;
}
+ } else if (matches(*argv, "tcp_flags") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_tcp_flags(*argv,
+ TCA_FLOWER_KEY_TCP_FLAGS,
+ TCA_FLOWER_KEY_TCP_FLAGS_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"tcp_flags\"\n");
+ return -1;
+ }
} else if (matches(*argv, "type") == 0) {
NEXT_ARG();
ret = flower_parse_icmp(*argv, eth_type, ip_proto,
@@ -1000,6 +1047,19 @@ static void flower_print_port(FILE *f, char *name, struct rtattr *attr)
fprintf(f, "\n %s %d", name, rta_getattr_be16(attr));
}
+static void flower_print_tcp_flags(FILE *f, char *name,
+ struct rtattr *flags_attr,
+ struct rtattr *mask_attr)
+{
+ if (!flags_attr)
+ return;
+ fprintf(f, "\n %s %x", name, rta_getattr_be16(flags_attr));
+ if (!mask_attr)
+ return;
+ fprintf(f, "/%x", rta_getattr_be16(mask_attr));
+}
+
+
static void flower_print_key_id(FILE *f, const char *name,
struct rtattr *attr)
{
@@ -1110,6 +1170,9 @@ static int flower_print_opt(struct filter_util *qu, FILE *f,
if (nl_type >= 0)
flower_print_port(f, "src_port", tb[nl_type]);
+ flower_print_tcp_flags(f, "tcp_flags", tb[TCA_FLOWER_KEY_TCP_FLAGS],
+ tb[TCA_FLOWER_KEY_TCP_FLAGS_MASK]);
+
nl_type = flower_icmp_attr_type(eth_type, ip_proto,
FLOWER_ICMP_FIELD_TYPE);
nl_mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto,
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [patch net-next v2 0/5] add tcp flags match support to flower and offload it
@ 2017-05-23 16:40 Jiri Pirko
2017-05-23 16:40 ` [patch net-next v2 1/5] net: flow_dissector: add support for dissection of tcp flags Jiri Pirko
` (6 more replies)
0 siblings, 7 replies; 10+ messages in thread
From: Jiri Pirko @ 2017-05-23 16:40 UTC (permalink / raw)
To: netdev; +Cc: davem, jhs, xiyou.wangcong, simon.horman, mlxsw, idosch
From: Jiri Pirko <jiri@mellanox.com>
This patch adds support to dissect tcp flags, match on them using
flower classifier and offload such rules to mlxsw Spectrum devices.
---
v1->v2:
- removed no longer relevant comment from patch 1 as suggested by Or
- sent correct patches this time
Jiri Pirko (5):
net: flow_dissector: add support for dissection of tcp flags
net/sched: flower: add support for matching on tcp flags
mlxsw: acl: Add tcp flags acl element
mlxsw: spectrum: Add acl block containing tcp flags for ipv4
mlxsw: spectrum_flower: Add support for tcp flags
.../ethernet/mellanox/mlxsw/core_acl_flex_keys.h | 2 ++
.../mellanox/mlxsw/spectrum_acl_flex_keys.h | 6 +++++
.../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 1 +
.../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 30 ++++++++++++++++++++++
include/net/flow_dissector.h | 9 +++++++
include/uapi/linux/pkt_cls.h | 3 +++
net/core/flow_dissector.c | 29 +++++++++++++++++++++
net/sched/cls_flower.c | 13 +++++++++-
8 files changed, 92 insertions(+), 1 deletion(-)
--
2.9.3
^ permalink raw reply [flat|nested] 10+ messages in thread
* [patch net-next v2 1/5] net: flow_dissector: add support for dissection of tcp flags
2017-05-23 16:40 [patch net-next v2 0/5] add tcp flags match support to flower and offload it Jiri Pirko
@ 2017-05-23 16:40 ` Jiri Pirko
2017-05-23 16:40 ` [patch net-next v2 2/5] net/sched: flower: add support for matching on " Jiri Pirko
` (5 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Jiri Pirko @ 2017-05-23 16:40 UTC (permalink / raw)
To: netdev; +Cc: davem, jhs, xiyou.wangcong, simon.horman, mlxsw, idosch
From: Jiri Pirko <jiri@mellanox.com>
Add support for dissection of tcp flags. Uses similar function call to
tcp dissection function as arp, mpls and others.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Acked-by: Or Gerlitz <ogerlitz@mellanox.com>
---
include/net/flow_dissector.h | 9 +++++++++
net/core/flow_dissector.c | 29 +++++++++++++++++++++++++++++
2 files changed, 38 insertions(+)
diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
index 8d21d44..efe34eec 100644
--- a/include/net/flow_dissector.h
+++ b/include/net/flow_dissector.h
@@ -157,6 +157,14 @@ struct flow_dissector_key_eth_addrs {
unsigned char src[ETH_ALEN];
};
+/**
+ * struct flow_dissector_key_tcp:
+ * @flags: flags
+ */
+struct flow_dissector_key_tcp {
+ __be16 flags;
+};
+
enum flow_dissector_key_id {
FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */
FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */
@@ -177,6 +185,7 @@ enum flow_dissector_key_id {
FLOW_DISSECTOR_KEY_ENC_CONTROL, /* struct flow_dissector_key_control */
FLOW_DISSECTOR_KEY_ENC_PORTS, /* struct flow_dissector_key_ports */
FLOW_DISSECTOR_KEY_MPLS, /* struct flow_dissector_key_mpls */
+ FLOW_DISSECTOR_KEY_TCP, /* struct flow_dissector_key_tcp */
FLOW_DISSECTOR_KEY_MAX,
};
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 28d94bc..5a45943 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -18,6 +18,7 @@
#include <linux/stddef.h>
#include <linux/if_ether.h>
#include <linux/mpls.h>
+#include <linux/tcp.h>
#include <net/flow_dissector.h>
#include <scsi/fc/fc_fcoe.h>
@@ -342,6 +343,30 @@ __skb_flow_dissect_gre(const struct sk_buff *skb,
return FLOW_DISSECT_RET_OUT_PROTO_AGAIN;
}
+static void
+__skb_flow_dissect_tcp(const struct sk_buff *skb,
+ struct flow_dissector *flow_dissector,
+ void *target_container, void *data, int thoff, int hlen)
+{
+ struct flow_dissector_key_tcp *key_tcp;
+ struct tcphdr *th, _th;
+
+ if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_TCP))
+ return;
+
+ th = __skb_header_pointer(skb, thoff, sizeof(_th), data, hlen, &_th);
+ if (!th)
+ return;
+
+ if (unlikely(__tcp_hdrlen(th) < sizeof(_th)))
+ return;
+
+ key_tcp = skb_flow_dissector_target(flow_dissector,
+ FLOW_DISSECTOR_KEY_TCP,
+ target_container);
+ key_tcp->flags = (*(__be16 *) &tcp_flag_word(th) & htons(0x0FFF));
+}
+
/**
* __skb_flow_dissect - extract the flow_keys struct and return it
* @skb: sk_buff to extract the flow from, can be NULL if the rest are specified
@@ -683,6 +708,10 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
case IPPROTO_MPLS:
proto = htons(ETH_P_MPLS_UC);
goto mpls;
+ case IPPROTO_TCP:
+ __skb_flow_dissect_tcp(skb, flow_dissector, target_container,
+ data, nhoff, hlen);
+ break;
default:
break;
}
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [patch net-next v2 2/5] net/sched: flower: add support for matching on tcp flags
2017-05-23 16:40 [patch net-next v2 0/5] add tcp flags match support to flower and offload it Jiri Pirko
2017-05-23 16:40 ` [patch net-next v2 1/5] net: flow_dissector: add support for dissection of tcp flags Jiri Pirko
@ 2017-05-23 16:40 ` Jiri Pirko
2017-05-23 16:40 ` [patch net-next v2 3/5] mlxsw: acl: Add tcp flags acl element Jiri Pirko
` (4 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Jiri Pirko @ 2017-05-23 16:40 UTC (permalink / raw)
To: netdev; +Cc: davem, jhs, xiyou.wangcong, simon.horman, mlxsw, idosch
From: Jiri Pirko <jiri@mellanox.com>
Benefit from the support of tcp flags dissection and allow user to
insert rules matching on tcp flags.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
---
include/uapi/linux/pkt_cls.h | 3 +++
net/sched/cls_flower.c | 13 ++++++++++++-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h
index 1b9aa9e..c6e8cf5 100644
--- a/include/uapi/linux/pkt_cls.h
+++ b/include/uapi/linux/pkt_cls.h
@@ -451,6 +451,9 @@ enum {
TCA_FLOWER_KEY_MPLS_TC, /* u8 - 3 bits */
TCA_FLOWER_KEY_MPLS_LABEL, /* be32 - 20 bits */
+ TCA_FLOWER_KEY_TCP_FLAGS, /* be16 */
+ TCA_FLOWER_KEY_TCP_FLAGS_MASK, /* be16 */
+
__TCA_FLOWER_MAX,
};
diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index ca526c0..fb74a47 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -49,6 +49,7 @@ struct fl_flow_key {
};
struct flow_dissector_key_ports enc_tp;
struct flow_dissector_key_mpls mpls;
+ struct flow_dissector_key_tcp tcp;
} __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
struct fl_flow_mask_range {
@@ -424,6 +425,8 @@ static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
[TCA_FLOWER_KEY_MPLS_BOS] = { .type = NLA_U8 },
[TCA_FLOWER_KEY_MPLS_TC] = { .type = NLA_U8 },
[TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NLA_U32 },
+ [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NLA_U16 },
+ [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NLA_U16 },
};
static void fl_set_key_val(struct nlattr **tb,
@@ -596,6 +599,9 @@ static int fl_set_key(struct net *net, struct nlattr **tb,
fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
&mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
sizeof(key->tp.dst));
+ fl_set_key_val(tb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
+ &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
+ sizeof(key->tcp.flags));
} else if (key->basic.ip_proto == IPPROTO_UDP) {
fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
&mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
@@ -767,6 +773,8 @@ static void fl_init_dissector(struct cls_fl_head *head,
FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
FLOW_DISSECTOR_KEY_PORTS, tp);
FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
+ FLOW_DISSECTOR_KEY_TCP, tcp);
+ FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
FLOW_DISSECTOR_KEY_ICMP, icmp);
FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
FLOW_DISSECTOR_KEY_ARP, arp);
@@ -1215,7 +1223,10 @@ static int fl_dump(struct net *net, struct tcf_proto *tp, unsigned long fh,
sizeof(key->tp.src)) ||
fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
&mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
- sizeof(key->tp.dst))))
+ sizeof(key->tp.dst)) ||
+ fl_dump_key_val(skb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
+ &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
+ sizeof(key->tcp.flags))))
goto nla_put_failure;
else if (key->basic.ip_proto == IPPROTO_UDP &&
(fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [patch net-next v2 3/5] mlxsw: acl: Add tcp flags acl element
2017-05-23 16:40 [patch net-next v2 0/5] add tcp flags match support to flower and offload it Jiri Pirko
2017-05-23 16:40 ` [patch net-next v2 1/5] net: flow_dissector: add support for dissection of tcp flags Jiri Pirko
2017-05-23 16:40 ` [patch net-next v2 2/5] net/sched: flower: add support for matching on " Jiri Pirko
@ 2017-05-23 16:40 ` Jiri Pirko
2017-05-23 16:40 ` [patch net-next v2 4/5] mlxsw: spectrum: Add acl block containing tcp flags for ipv4 Jiri Pirko
` (3 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Jiri Pirko @ 2017-05-23 16:40 UTC (permalink / raw)
To: netdev; +Cc: davem, jhs, xiyou.wangcong, simon.horman, mlxsw, idosch
From: Jiri Pirko <jiri@mellanox.com>
Define new element for tcp flags and place it into scratch area.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Reviewed-by: Ido Schimmel <idosch@mellanox.com>
---
drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.h | 2 ++
drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.h b/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.h
index c75e914..9807ef8 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.h
+++ b/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.h
@@ -56,6 +56,7 @@ enum mlxsw_afk_element {
MLXSW_AFK_ELEMENT_SRC_L4_PORT,
MLXSW_AFK_ELEMENT_VID,
MLXSW_AFK_ELEMENT_PCP,
+ MLXSW_AFK_ELEMENT_TCP_FLAGS,
MLXSW_AFK_ELEMENT_MAX,
};
@@ -102,6 +103,7 @@ static const struct mlxsw_afk_element_info mlxsw_afk_element_infos[] = {
MLXSW_AFK_ELEMENT_INFO_U32(IP_PROTO, 0x10, 0, 8),
MLXSW_AFK_ELEMENT_INFO_U32(VID, 0x10, 8, 12),
MLXSW_AFK_ELEMENT_INFO_U32(PCP, 0x10, 20, 3),
+ MLXSW_AFK_ELEMENT_INFO_U32(TCP_FLAGS, 0x10, 23, 9),
MLXSW_AFK_ELEMENT_INFO_U32(SRC_IP4, 0x18, 0, 32),
MLXSW_AFK_ELEMENT_INFO_U32(DST_IP4, 0x1C, 0, 32),
MLXSW_AFK_ELEMENT_INFO_BUF(SRC_IP6_HI, 0x18, 8),
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
index cc99de0..f7a8c3c 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
@@ -198,6 +198,7 @@ static int mlxsw_sp_flower_parse(struct mlxsw_sp *mlxsw_sp,
BIT(FLOW_DISSECTOR_KEY_IPV4_ADDRS) |
BIT(FLOW_DISSECTOR_KEY_IPV6_ADDRS) |
BIT(FLOW_DISSECTOR_KEY_PORTS) |
+ BIT(FLOW_DISSECTOR_KEY_TCP) |
BIT(FLOW_DISSECTOR_KEY_VLAN))) {
dev_err(mlxsw_sp->bus_info->dev, "Unsupported key\n");
return -EOPNOTSUPP;
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [patch net-next v2 4/5] mlxsw: spectrum: Add acl block containing tcp flags for ipv4
2017-05-23 16:40 [patch net-next v2 0/5] add tcp flags match support to flower and offload it Jiri Pirko
` (2 preceding siblings ...)
2017-05-23 16:40 ` [patch net-next v2 3/5] mlxsw: acl: Add tcp flags acl element Jiri Pirko
@ 2017-05-23 16:40 ` Jiri Pirko
2017-05-23 16:40 ` [patch net-next v2 5/5] mlxsw: spectrum_flower: Add support for tcp flags Jiri Pirko
` (2 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Jiri Pirko @ 2017-05-23 16:40 UTC (permalink / raw)
To: netdev; +Cc: davem, jhs, xiyou.wangcong, simon.horman, mlxsw, idosch
From: Jiri Pirko <jiri@mellanox.com>
Add acl block called "ipv4" which contains tcp flags.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Reviewed-by: Ido Schimmel <idosch@mellanox.com>
---
drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_flex_keys.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_flex_keys.h b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_flex_keys.h
index af7b7ba..85d5001 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_flex_keys.h
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_flex_keys.h
@@ -68,6 +68,11 @@ static struct mlxsw_afk_element_inst mlxsw_sp_afk_element_info_ipv4_dip[] = {
MLXSW_AFK_ELEMENT_INST_U32(SRC_SYS_PORT, 0x0C, 0, 16),
};
+static struct mlxsw_afk_element_inst mlxsw_sp_afk_element_info_ipv4[] = {
+ MLXSW_AFK_ELEMENT_INST_U32(SRC_IP4, 0x00, 0, 32),
+ MLXSW_AFK_ELEMENT_INST_U32(TCP_FLAGS, 0x08, 8, 9), /* TCP_CONTROL+TCP_ECN */
+};
+
static struct mlxsw_afk_element_inst mlxsw_sp_afk_element_info_ipv4_ex[] = {
MLXSW_AFK_ELEMENT_INST_U32(VID, 0x00, 0, 12),
MLXSW_AFK_ELEMENT_INST_U32(PCP, 0x08, 29, 3),
@@ -102,6 +107,7 @@ static const struct mlxsw_afk_block mlxsw_sp_afk_blocks[] = {
MLXSW_AFK_BLOCK(0x12, mlxsw_sp_afk_element_info_l2_smac_ex),
MLXSW_AFK_BLOCK(0x30, mlxsw_sp_afk_element_info_ipv4_sip),
MLXSW_AFK_BLOCK(0x31, mlxsw_sp_afk_element_info_ipv4_dip),
+ MLXSW_AFK_BLOCK(0x32, mlxsw_sp_afk_element_info_ipv4),
MLXSW_AFK_BLOCK(0x33, mlxsw_sp_afk_element_info_ipv4_ex),
MLXSW_AFK_BLOCK(0x60, mlxsw_sp_afk_element_info_ipv6_dip),
MLXSW_AFK_BLOCK(0x65, mlxsw_sp_afk_element_info_ipv6_ex1),
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [patch net-next v2 5/5] mlxsw: spectrum_flower: Add support for tcp flags
2017-05-23 16:40 [patch net-next v2 0/5] add tcp flags match support to flower and offload it Jiri Pirko
` (3 preceding siblings ...)
2017-05-23 16:40 ` [patch net-next v2 4/5] mlxsw: spectrum: Add acl block containing tcp flags for ipv4 Jiri Pirko
@ 2017-05-23 16:40 ` Jiri Pirko
2017-05-23 21:51 ` [patch iproute2] tc: flower: add " Jiri Pirko
2017-05-24 20:24 ` [patch net-next v2 0/5] add tcp flags match support to flower and offload it David Miller
6 siblings, 0 replies; 10+ messages in thread
From: Jiri Pirko @ 2017-05-23 16:40 UTC (permalink / raw)
To: netdev; +Cc: davem, jhs, xiyou.wangcong, simon.horman, mlxsw, idosch
From: Jiri Pirko <jiri@mellanox.com>
Allow to offload rules that contain tcp flags within the mask.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Reviewed-by: Ido Schimmel <idosch@mellanox.com>
---
.../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 1 +
.../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 29 ++++++++++++++++++++++
2 files changed, 30 insertions(+)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c
index 3a24289..61a10f1 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c
@@ -983,6 +983,7 @@ static const enum mlxsw_afk_element mlxsw_sp_acl_tcam_pattern_ipv4[] = {
MLXSW_AFK_ELEMENT_SRC_L4_PORT,
MLXSW_AFK_ELEMENT_VID,
MLXSW_AFK_ELEMENT_PCP,
+ MLXSW_AFK_ELEMENT_TCP_FLAGS,
};
static const enum mlxsw_afk_element mlxsw_sp_acl_tcam_pattern_ipv6[] = {
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
index f7a8c3c..ed75c6a 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
@@ -182,6 +182,32 @@ static int mlxsw_sp_flower_parse_ports(struct mlxsw_sp *mlxsw_sp,
return 0;
}
+static int mlxsw_sp_flower_parse_tcp(struct mlxsw_sp *mlxsw_sp,
+ struct mlxsw_sp_acl_rule_info *rulei,
+ struct tc_cls_flower_offload *f,
+ u8 ip_proto)
+{
+ struct flow_dissector_key_tcp *key, *mask;
+
+ if (!dissector_uses_key(f->dissector, FLOW_DISSECTOR_KEY_TCP))
+ return 0;
+
+ if (ip_proto != IPPROTO_TCP) {
+ dev_err(mlxsw_sp->bus_info->dev, "TCP keys supported only for TCP\n");
+ return -EINVAL;
+ }
+
+ key = skb_flow_dissector_target(f->dissector,
+ FLOW_DISSECTOR_KEY_TCP,
+ f->key);
+ mask = skb_flow_dissector_target(f->dissector,
+ FLOW_DISSECTOR_KEY_TCP,
+ f->mask);
+ mlxsw_sp_acl_rulei_keymask_u32(rulei, MLXSW_AFK_ELEMENT_TCP_FLAGS,
+ ntohs(key->flags), ntohs(mask->flags));
+ return 0;
+}
+
static int mlxsw_sp_flower_parse(struct mlxsw_sp *mlxsw_sp,
struct net_device *dev,
struct mlxsw_sp_acl_rule_info *rulei,
@@ -290,6 +316,9 @@ static int mlxsw_sp_flower_parse(struct mlxsw_sp *mlxsw_sp,
err = mlxsw_sp_flower_parse_ports(mlxsw_sp, rulei, f, ip_proto);
if (err)
return err;
+ err = mlxsw_sp_flower_parse_tcp(mlxsw_sp, rulei, f, ip_proto);
+ if (err)
+ return err;
return mlxsw_sp_flower_parse_actions(mlxsw_sp, dev, rulei, f->exts);
}
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [patch iproute2] tc: flower: add support for tcp flags
2017-05-23 16:40 [patch net-next v2 0/5] add tcp flags match support to flower and offload it Jiri Pirko
` (4 preceding siblings ...)
2017-05-23 16:40 ` [patch net-next v2 5/5] mlxsw: spectrum_flower: Add support for tcp flags Jiri Pirko
@ 2017-05-23 21:51 ` Jiri Pirko
2017-05-31 0:43 ` Stephen Hemminger
2017-05-24 20:24 ` [patch net-next v2 0/5] add tcp flags match support to flower and offload it David Miller
6 siblings, 1 reply; 10+ messages in thread
From: Jiri Pirko @ 2017-05-23 21:51 UTC (permalink / raw)
To: netdev; +Cc: davem, idosch, yotamg, mlxsw, Yuval.Mintz
From: Jiri Pirko <jiri@mellanox.com>
Allow user to insert a flower classifier filter rule which includes
match for tcp flags.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
---
v1->v2:
- removed forgotten debug printout
- fixed mask parsing as reported by Or
---
include/linux/pkt_cls.h | 3 +++
man/man8/tc-flower.8 | 8 +++++++
tc/f_flower.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 73 insertions(+)
diff --git a/include/linux/pkt_cls.h b/include/linux/pkt_cls.h
index d613be3..ce9dfb9 100644
--- a/include/linux/pkt_cls.h
+++ b/include/linux/pkt_cls.h
@@ -450,6 +450,9 @@ enum {
TCA_FLOWER_KEY_MPLS_TC, /* u8 - 3 bits */
TCA_FLOWER_KEY_MPLS_LABEL, /* be32 - 20 bits */
+ TCA_FLOWER_KEY_TCP_FLAGS, /* be16 */
+ TCA_FLOWER_KEY_TCP_FLAGS_MASK, /* be16 */
+
__TCA_FLOWER_MAX,
};
diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
index ba29065..7648079 100644
--- a/man/man8/tc-flower.8
+++ b/man/man8/tc-flower.8
@@ -35,6 +35,8 @@ flower \- flow based traffic control filter
.IR PREFIX " | { "
.BR dst_port " | " src_port " } "
.IR port_number " } | "
+.B tcp_flags
+.IR MASKED_TCP_FLAGS " | "
.B type
.IR MASKED_TYPE " | "
.B code
@@ -136,6 +138,12 @@ Match on layer 4 protocol source or destination port number. Only available for
.BR ip_proto " values " udp ", " tcp " and " sctp
which have to be specified in beforehand.
.TP
+.BI tcp_flags " MASKED_TCP_FLAGS"
+Match on TCP flags represented as 12bit bitfield in in hexadecimal format.
+A mask may be optionally provided to limit the bits which are matched. A mask
+is provided by following the value with a slash and then the mask. If the mask
+is missing then a match on all bits is assumed.
+.TP
.BI type " MASKED_TYPE"
.TQ
.BI code " MASKED_CODE"
diff --git a/tc/f_flower.c b/tc/f_flower.c
index ebc63ca..1b6b46e 100644
--- a/tc/f_flower.c
+++ b/tc/f_flower.c
@@ -57,6 +57,7 @@ static void explain(void)
" src_ip PREFIX |\n"
" dst_port PORT-NUMBER |\n"
" src_port PORT-NUMBER |\n"
+ " tcp_flags MASKED-TCP_FLAGS |\n"
" type MASKED-ICMP-TYPE |\n"
" code MASKED-ICMP-CODE |\n"
" arp_tip IPV4-PREFIX |\n"
@@ -474,6 +475,41 @@ static int flower_parse_port(char *str, __u8 ip_proto,
return 0;
}
+#define TCP_FLAGS_MAX_MASK 0xfff
+
+static int flower_parse_tcp_flags(char *str, int flags_type, int mask_type,
+ struct nlmsghdr *n)
+{
+ char *slash;
+ int ret, err = -1;
+ __u16 flags;
+
+ slash = strchr(str, '/');
+ if (slash)
+ *slash = '\0';
+
+ ret = get_u16(&flags, str, 16);
+ if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
+ goto err;
+
+ addattr16(n, MAX_MSG, flags_type, htons(flags));
+
+ if (slash) {
+ ret = get_u16(&flags, slash + 1, 16);
+ if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
+ goto err;
+ } else {
+ flags = TCP_FLAGS_MAX_MASK;
+ }
+ addattr16(n, MAX_MSG, mask_type, htons(flags));
+
+ err = 0;
+err:
+ if (slash)
+ *slash = '/';
+ return err;
+}
+
static int flower_parse_key_id(const char *str, int type, struct nlmsghdr *n)
{
int ret;
@@ -671,6 +707,16 @@ static int flower_parse_opt(struct filter_util *qu, char *handle,
fprintf(stderr, "Illegal \"src_port\"\n");
return -1;
}
+ } else if (matches(*argv, "tcp_flags") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_tcp_flags(*argv,
+ TCA_FLOWER_KEY_TCP_FLAGS,
+ TCA_FLOWER_KEY_TCP_FLAGS_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"tcp_flags\"\n");
+ return -1;
+ }
} else if (matches(*argv, "type") == 0) {
NEXT_ARG();
ret = flower_parse_icmp(*argv, eth_type, ip_proto,
@@ -1000,6 +1046,19 @@ static void flower_print_port(FILE *f, char *name, struct rtattr *attr)
fprintf(f, "\n %s %d", name, rta_getattr_be16(attr));
}
+static void flower_print_tcp_flags(FILE *f, char *name,
+ struct rtattr *flags_attr,
+ struct rtattr *mask_attr)
+{
+ if (!flags_attr)
+ return;
+ fprintf(f, "\n %s %x", name, rta_getattr_be16(flags_attr));
+ if (!mask_attr)
+ return;
+ fprintf(f, "/%x", rta_getattr_be16(mask_attr));
+}
+
+
static void flower_print_key_id(FILE *f, const char *name,
struct rtattr *attr)
{
@@ -1110,6 +1169,9 @@ static int flower_print_opt(struct filter_util *qu, FILE *f,
if (nl_type >= 0)
flower_print_port(f, "src_port", tb[nl_type]);
+ flower_print_tcp_flags(f, "tcp_flags", tb[TCA_FLOWER_KEY_TCP_FLAGS],
+ tb[TCA_FLOWER_KEY_TCP_FLAGS_MASK]);
+
nl_type = flower_icmp_attr_type(eth_type, ip_proto,
FLOWER_ICMP_FIELD_TYPE);
nl_mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto,
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [patch net-next v2 0/5] add tcp flags match support to flower and offload it
2017-05-23 16:40 [patch net-next v2 0/5] add tcp flags match support to flower and offload it Jiri Pirko
` (5 preceding siblings ...)
2017-05-23 21:51 ` [patch iproute2] tc: flower: add " Jiri Pirko
@ 2017-05-24 20:24 ` David Miller
6 siblings, 0 replies; 10+ messages in thread
From: David Miller @ 2017-05-24 20:24 UTC (permalink / raw)
To: jiri; +Cc: netdev, jhs, xiyou.wangcong, simon.horman, mlxsw, idosch
From: Jiri Pirko <jiri@resnulli.us>
Date: Tue, 23 May 2017 18:40:43 +0200
> From: Jiri Pirko <jiri@mellanox.com>
>
> This patch adds support to dissect tcp flags, match on them using
> flower classifier and offload such rules to mlxsw Spectrum devices.
>
> ---
> v1->v2:
> - removed no longer relevant comment from patch 1 as suggested by Or
> - sent correct patches this time
Series applied, thanks.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [patch iproute2] tc: flower: add support for tcp flags
2017-05-23 21:51 ` [patch iproute2] tc: flower: add " Jiri Pirko
@ 2017-05-31 0:43 ` Stephen Hemminger
0 siblings, 0 replies; 10+ messages in thread
From: Stephen Hemminger @ 2017-05-31 0:43 UTC (permalink / raw)
To: Jiri Pirko; +Cc: netdev, davem, idosch, yotamg, mlxsw, Yuval.Mintz
On Tue, 23 May 2017 23:51:39 +0200
Jiri Pirko <jiri@resnulli.us> wrote:
> From: Jiri Pirko <jiri@mellanox.com>
>
> Allow user to insert a flower classifier filter rule which includes
> match for tcp flags.
>
> Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Applied to net-next
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2017-05-31 0:43 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-05-23 16:40 [patch net-next v2 0/5] add tcp flags match support to flower and offload it Jiri Pirko
2017-05-23 16:40 ` [patch net-next v2 1/5] net: flow_dissector: add support for dissection of tcp flags Jiri Pirko
2017-05-23 16:40 ` [patch net-next v2 2/5] net/sched: flower: add support for matching on " Jiri Pirko
2017-05-23 16:40 ` [patch net-next v2 3/5] mlxsw: acl: Add tcp flags acl element Jiri Pirko
2017-05-23 16:40 ` [patch net-next v2 4/5] mlxsw: spectrum: Add acl block containing tcp flags for ipv4 Jiri Pirko
2017-05-23 16:40 ` [patch net-next v2 5/5] mlxsw: spectrum_flower: Add support for tcp flags Jiri Pirko
2017-05-23 21:51 ` [patch iproute2] tc: flower: add " Jiri Pirko
2017-05-31 0:43 ` Stephen Hemminger
2017-05-24 20:24 ` [patch net-next v2 0/5] add tcp flags match support to flower and offload it David Miller
-- strict thread matches above, loose matches on Subject: below --
2017-05-23 14:31 [patch net-next " Jiri Pirko
2017-05-23 14:33 ` [patch iproute2] tc: flower: add support for tcp flags Jiri Pirko
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).