From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.5 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC777C282C8 for ; Mon, 28 Jan 2019 12:55:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7E5A621738 for ; Mon, 28 Jan 2019 12:55:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726713AbfA1MzO (ORCPT ); Mon, 28 Jan 2019 07:55:14 -0500 Received: from mx1.redhat.com ([209.132.183.28]:39896 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726611AbfA1MzO (ORCPT ); Mon, 28 Jan 2019 07:55:14 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 02A4AA0902; Mon, 28 Jan 2019 12:55:13 +0000 (UTC) Received: from localhost.localdomain (ovpn-116-20.gru2.redhat.com [10.97.116.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BFD9127C4C; Mon, 28 Jan 2019 12:55:08 +0000 (UTC) Received: by localhost.localdomain (Postfix, from userid 1000) id 8ABA4180CE3; Mon, 28 Jan 2019 10:55:06 -0200 (-02) Date: Mon, 28 Jan 2019 10:55:06 -0200 From: Marcelo Ricardo Leitner To: Simon Horman Cc: Guy Shattah , Aaron Conole , John Hurley , Justin Pettit , Gregory Rose , Eelco Chaudron , Flavio Leitner , Florian Westphal , Jiri Pirko , Rashid Khan , Sushil Kulkarni , Andy Gospodarek , Roi Dayan , Yossi Kuperman , Or Gerlitz , Rony Efraim , "davem@davemloft.net" , netdev@vger.kernel.org Subject: Re: [RFC PATCH 2/6] net/sched: flower: add support for matching on ConnTrack Message-ID: <20190128125506.GK10660@localhost.localdomain> References: <6c976cc538f1f565b74bd2c750639af91a93adc1.1548285996.git.mleitner@redhat.com> <20190125133711.f3caew4d7osr5czg@netronome.com> <20190126155201.GI10660@localhost.localdomain> <20190128094421.t7bc3ovnzpfavgsz@netronome.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190128094421.t7bc3ovnzpfavgsz@netronome.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Mon, 28 Jan 2019 12:55:13 +0000 (UTC) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Mon, Jan 28, 2019 at 10:44:23AM +0100, Simon Horman wrote: > On Sat, Jan 26, 2019 at 01:52:01PM -0200, Marcelo Ricardo Leitner wrote: > > On Fri, Jan 25, 2019 at 02:37:13PM +0100, Simon Horman wrote: > > > Hi Marcelo, > > > > > > On Fri, Jan 25, 2019 at 12:32:31AM -0200, Marcelo Ricardo Leitner wrote: > > > > Hook on flow dissector's new interface on ConnTrack from previous patch. > > > > > > > > Signed-off-by: Marcelo Ricardo Leitner > > > > --- > > > > include/uapi/linux/pkt_cls.h | 9 +++++++++ > > > > net/sched/cls_flower.c | 33 +++++++++++++++++++++++++++++++++ > > > > 2 files changed, 42 insertions(+) > > > > > > > > diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h > > > > index 95d0db2a8350dffb1dd20816591f3b179913fb2e..ba1f3bc01b2fdfd810e37a2b3853a1da1f838acf 100644 > > > > --- a/include/uapi/linux/pkt_cls.h > > > > +++ b/include/uapi/linux/pkt_cls.h > > > > @@ -490,6 +490,15 @@ enum { > > > > TCA_FLOWER_KEY_PORT_DST_MIN, /* be16 */ > > > > TCA_FLOWER_KEY_PORT_DST_MAX, /* be16 */ > > > > > > > > + TCA_FLOWER_KEY_CT_ZONE, /* u16 */ > > > > + TCA_FLOWER_KEY_CT_ZONE_MASK, /* u16 */ > > > > + TCA_FLOWER_KEY_CT_STATE, /* u8 */ > > > > + TCA_FLOWER_KEY_CT_STATE_MASK, /* u8 */ > > > > > > With the corresponding flow dissector patch this API is > > > exposing the contents of an instance of enum ip_conntrack_info > > > as an ABI for conntrack state. > > > > > > I believe (after getting similar review for my geneve options macthing > > > patches for flower) that this exposes implementation details as an ABI > > > to a degree that is not desirable. > > > > > > My suggested would be to define, say in the form of named bits, > > > an ABI, that describes the state information that is exposed. > > > These bits may not correspond directly to the implementation of > > > ip_conntrack_info. > > > > > > I think there should also be some consideration of if a mask makes > > > sense for the state as, f.e. in the implementation of enum > > > ip_conntrack_info not all bit combinations are valid. > > > > Right. ct_state must be handled differently. For conntrack it is a > > linear enum and as we want to be able to OR match, we will have to > > convert the states in a bitfield as you were saying or so. > > > > I don't think the representation above wouldn't change, though: we have > > 8 bits wrapped under a u8. What would change is how we deal with it. > > > > If iproute tc is able to parse the cmdline and set a corresponding bit > > for each state, the flower-side of flow dissector here should be > > mostly fine (need to consider the invalid bits as you mentioned, as > > part of sanity checking). > > Then just need to change on how flow dissector is reading ct_state > > from the packet. > > I'm not entirely opposed to a KABI which defines bits of > TCA_FLOWER_KEY_CT_STATE in such a way that they match exactly > the current implementation of enum ip_conntrack_info (though I do suspect > that a better representation is possible, for some value of better). Ok. Will check. > > But, on the other hand, I am not comfortable in simply sating that > TCA_FLOWER_KEY_CT_STATE is the same as enum ip_conntrack_info, because > that exposes an internal implementation detail which may change. "internal" here is relative because enum ip_conntrack_info is on UAPI already, at include/uapi/linux/netfilter/nf_conntrack_common.h. Anyhow, agree that a new listing may make more sense. The duplicity in enum ip_conntrack_info might hide some surpises for us too: enum ip_conntrack_info { IP_CT_ESTABLISHED, = 0 IP_CT_RELATED, = 1 IP_CT_NEW, = 2 IP_CT_IS_REPLY, = 3 <-- IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY, 0 + 3 = 3 <-- IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY, 1 + 3 = 4 > > > Is your comment only related to ct_state or other fields too? I'm > > thinking only ct_state. > > Sorry that I wasn't clear, I was only referring to ct_state. No need to be :-) Thanks, Marcelo > > > > > + TCA_FLOWER_KEY_CT_MARK, /* u32 */ > > > > + TCA_FLOWER_KEY_CT_MARK_MASK, /* u32 */ > > > > + TCA_FLOWER_KEY_CT_LABEL, /* 128 bits */ > > > > + TCA_FLOWER_KEY_CT_LABEL_MASK, /* 128 bits */ > > > > + > > > > __TCA_FLOWER_MAX, > > > > }; > > > > > > ... > > > >