netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH net-next 0/9] flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage
@ 2024-07-03 10:45 Asbjørn Sloth Tønnesen
  2024-07-03 10:45 ` [PATCH net-next 1/9] net/sched: flower: define new tunnel flags Asbjørn Sloth Tønnesen
                   ` (9 more replies)
  0 siblings, 10 replies; 15+ messages in thread
From: Asbjørn Sloth Tønnesen @ 2024-07-03 10:45 UTC (permalink / raw)
  To: netdev
  Cc: Asbjørn Sloth Tønnesen, Davide Caratti, Ilya Maximets,
	Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, David Ahern,
	Simon Horman, Ratheesh Kannoth, Florian Westphal,
	Alexander Lobakin, linux-kernel

This series reworks the recently added TCA_FLOWER_KEY_ENC_FLAGS
attribute, to be more like TCA_FLOWER_KEY_FLAGS, and use the unused
u32 flags field in FLOW_DISSECTOR_KEY_ENC_CONTROL, instead of adding
a new flags field as FLOW_DISSECTOR_KEY_ENC_FLAGS.

I have defined the new FLOW_DIS_F_* and TCA_FLOWER_KEY_FLAGS_*
flags to co-exist with the existing flags, so the meaning
of the flags field in struct flow_dissector_key_control is not
depending on the context it is used in. If we run out of bits
then we can always split them up later, if we really want to.
Future flags might also be valid in both contexts.

iproute2 RFC patch:
https://lore.kernel.org/897379f1850a50d8c320ca3facd06c5f03943bac.1719506876.git.dcaratti@redhat.com/

---
Changelog:

v1:
- Change netlink attribute type from NLA_U32 to NLA_BE32.
- Ensure that the FLOW_DISSECTOR_KEY_ENC_CONTROL
  is also masked for non-IP.
- Fix preexisting typo in kdoc for struct flow_dissector_key_control
  (all suggested by Davide)

RFC: https://lore.kernel.org/20240611235355.177667-1-ast@fiberby.net/

Asbjørn Sloth Tønnesen (9):
  net/sched: flower: define new tunnel flags
  net/sched: cls_flower: prepare fl_{set,dump}_key_flags() for ENC_FLAGS
  net/sched: cls_flower: add policy for TCA_FLOWER_KEY_FLAGS
  flow_dissector: prepare for encapsulated control flags
  flow_dissector: set encapsulated control flags from tun_flags
  net/sched: cls_flower: add tunnel flags to fl_{set,dump}_key_flags()
  net/sched: cls_flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage
  flow_dissector: cleanup FLOW_DISSECTOR_KEY_ENC_FLAGS
  flow_dissector: set encapsulation control flags for non-IP

 include/net/flow_dissector.h |  26 +++----
 include/net/ip_tunnels.h     |  12 ---
 include/uapi/linux/pkt_cls.h |   9 ++-
 net/core/flow_dissector.c    |  50 ++++++------
 net/sched/cls_flower.c       | 142 ++++++++++++++++++++---------------
 5 files changed, 129 insertions(+), 110 deletions(-)

-- 
2.45.2


^ permalink raw reply	[flat|nested] 15+ messages in thread
* [PATCH net-next 1/9] net/sched: flower: define new tunnel flags
  2024-07-03 10:45 [PATCH net-next 0/9] flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage Asbjørn Sloth Tønnesen
@ 2024-07-03 10:45 ` Asbjørn Sloth Tønnesen
  2024-07-03 10:59   ` Alexander Lobakin
  2024-07-03 10:45 ` [PATCH net-next 2/9] net/sched: cls_flower: prepare fl_{set,dump}_key_flags() for ENC_FLAGS Asbjørn Sloth Tønnesen
                   ` (8 subsequent siblings)
  9 siblings, 1 reply; 15+ messages in thread
From: Asbjørn Sloth Tønnesen @ 2024-07-03 10:45 UTC (permalink / raw)
  To: netdev
  Cc: Asbjørn Sloth Tønnesen, Davide Caratti, Ilya Maximets,
	Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, David Ahern,
	Simon Horman, Ratheesh Kannoth, Florian Westphal,
	Alexander Lobakin, linux-kernel

Define new TCA_FLOWER_KEY_FLAGS_* flags for use in struct
flow_dissector_key_control, covering the same flags
as currently exposed through TCA_FLOWER_KEY_ENC_FLAGS,
but assign them new bit positions in so that they don't
conflict with existing TCA_FLOWER_KEY_FLAGS_* flags.

Synchronize FLOW_DIS_* flags, but put the new flags
under FLOW_DIS_F_*. The idea is that we can later, move
the existing flags under FLOW_DIS_F_* as well.

Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
---
 include/net/flow_dissector.h | 17 +++++++++++++----
 include/uapi/linux/pkt_cls.h |  5 +++++
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
index 3e47e123934d..f560e2c8d0e7 100644
--- a/include/net/flow_dissector.h
+++ b/include/net/flow_dissector.h
@@ -16,7 +16,8 @@ struct sk_buff;
  * struct flow_dissector_key_control:
  * @thoff:     Transport header offset
  * @addr_type: Type of key. One of FLOW_DISSECTOR_KEY_*
- * @flags:     Key flags. Any of FLOW_DIS_(IS_FRAGMENT|FIRST_FRAGENCAPSULATION)
+ * @flags:     Key flags.
+ *             Any of FLOW_DIS_(IS_FRAGMENT|FIRST_FRAG|ENCAPSULATION|F_*)
  */
 struct flow_dissector_key_control {
 	u16	thoff;
@@ -24,9 +25,17 @@ struct flow_dissector_key_control {
 	u32	flags;
 };
 
-#define FLOW_DIS_IS_FRAGMENT	BIT(0)
-#define FLOW_DIS_FIRST_FRAG	BIT(1)
-#define FLOW_DIS_ENCAPSULATION	BIT(2)
+/* Please keep these flags in sync with TCA_FLOWER_KEY_FLAGS_*
+ * in include/uapi/linux/pkt_cls.h, as these bit flags are exposed
+ * to userspace in some error paths, ie. unsupported flags.
+ */
+#define FLOW_DIS_IS_FRAGMENT		BIT(0)
+#define FLOW_DIS_FIRST_FRAG		BIT(1)
+#define FLOW_DIS_ENCAPSULATION		BIT(2)
+#define FLOW_DIS_F_TUNNEL_CSUM		BIT(3)
+#define FLOW_DIS_F_TUNNEL_DONT_FRAGMENT	BIT(4)
+#define FLOW_DIS_F_TUNNEL_OAM		BIT(5)
+#define FLOW_DIS_F_TUNNEL_CRIT_OPT	BIT(6)
 
 enum flow_dissect_ret {
 	FLOW_DISSECT_RET_OUT_GOOD,
diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h
index b6d38f5fd7c0..24795aad7651 100644
--- a/include/uapi/linux/pkt_cls.h
+++ b/include/uapi/linux/pkt_cls.h
@@ -677,6 +677,11 @@ enum {
 enum {
 	TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT = (1 << 0),
 	TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST = (1 << 1),
+	/* FLOW_DIS_ENCAPSULATION (1 << 2) is not exposed to userspace */
+	TCA_FLOWER_KEY_FLAGS_TUNNEL_CSUM = (1 << 3),
+	TCA_FLOWER_KEY_FLAGS_TUNNEL_DONT_FRAGMENT = (1 << 4),
+	TCA_FLOWER_KEY_FLAGS_TUNNEL_OAM = (1 << 5),
+	TCA_FLOWER_KEY_FLAGS_TUNNEL_CRIT_OPT = (1 << 6),
 };
 
 enum {
-- 
2.45.2


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [PATCH net-next 2/9] net/sched: cls_flower: prepare fl_{set,dump}_key_flags() for ENC_FLAGS
  2024-07-03 10:45 [PATCH net-next 0/9] flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage Asbjørn Sloth Tønnesen
  2024-07-03 10:45 ` [PATCH net-next 1/9] net/sched: flower: define new tunnel flags Asbjørn Sloth Tønnesen
@ 2024-07-03 10:45 ` Asbjørn Sloth Tønnesen
  2024-07-03 10:45 ` [PATCH net-next 3/9] net/sched: cls_flower: add policy for TCA_FLOWER_KEY_FLAGS Asbjørn Sloth Tønnesen
                   ` (7 subsequent siblings)
  9 siblings, 0 replies; 15+ messages in thread
From: Asbjørn Sloth Tønnesen @ 2024-07-03 10:45 UTC (permalink / raw)
  To: netdev
  Cc: Asbjørn Sloth Tønnesen, Davide Caratti, Ilya Maximets,
	Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, David Ahern,
	Simon Horman, Ratheesh Kannoth, Florian Westphal,
	Alexander Lobakin, linux-kernel

Prepare fl_set_key_flags/fl_dump_key_flags() for use with
TCA_FLOWER_KEY_ENC_FLAGS{,_MASK}.

This patch adds an encap argument, similar to fl_set_key_ip/
fl_dump_key_ip(), and determine the flower keys based on the
encap argument, and use them in the rest of the two functions.

Since these functions are so far, only called with encap set false,
then there is no functional change.

Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
---
 net/sched/cls_flower.c | 40 ++++++++++++++++++++++++++++++----------
 1 file changed, 30 insertions(+), 10 deletions(-)

diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index eef570c577ac..6a5cecfd9561 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -1166,19 +1166,28 @@ static void fl_set_key_flag(u32 flower_key, u32 flower_mask,
 	}
 }
 
-static int fl_set_key_flags(struct nlattr **tb, u32 *flags_key,
+static int fl_set_key_flags(struct nlattr **tb, bool encap, u32 *flags_key,
 			    u32 *flags_mask, struct netlink_ext_ack *extack)
 {
+	int fl_key, fl_mask;
 	u32 key, mask;
 
+	if (encap) {
+		fl_key = TCA_FLOWER_KEY_ENC_FLAGS;
+		fl_mask = TCA_FLOWER_KEY_ENC_FLAGS_MASK;
+	} else {
+		fl_key = TCA_FLOWER_KEY_FLAGS;
+		fl_mask = TCA_FLOWER_KEY_FLAGS_MASK;
+	}
+
 	/* mask is mandatory for flags */
-	if (!tb[TCA_FLOWER_KEY_FLAGS_MASK]) {
+	if (NL_REQ_ATTR_CHECK(extack, NULL, tb, fl_mask)) {
 		NL_SET_ERR_MSG(extack, "Missing flags mask");
 		return -EINVAL;
 	}
 
-	key = be32_to_cpu(nla_get_be32(tb[TCA_FLOWER_KEY_FLAGS]));
-	mask = be32_to_cpu(nla_get_be32(tb[TCA_FLOWER_KEY_FLAGS_MASK]));
+	key = be32_to_cpu(nla_get_be32(tb[fl_key]));
+	mask = be32_to_cpu(nla_get_be32(tb[fl_mask]));
 
 	*flags_key  = 0;
 	*flags_mask = 0;
@@ -2086,7 +2095,7 @@ static int fl_set_key(struct net *net, struct nlattr **tb,
 		return ret;
 
 	if (tb[TCA_FLOWER_KEY_FLAGS]) {
-		ret = fl_set_key_flags(tb, &key->control.flags,
+		ret = fl_set_key_flags(tb, false, &key->control.flags,
 				       &mask->control.flags, extack);
 		if (ret)
 			return ret;
@@ -3084,12 +3093,22 @@ static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask,
 	}
 }
 
-static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask)
+static int fl_dump_key_flags(struct sk_buff *skb, bool encap,
+			     u32 flags_key, u32 flags_mask)
 {
-	u32 key, mask;
+	int fl_key, fl_mask;
 	__be32 _key, _mask;
+	u32 key, mask;
 	int err;
 
+	if (encap) {
+		fl_key = TCA_FLOWER_KEY_ENC_FLAGS;
+		fl_mask = TCA_FLOWER_KEY_ENC_FLAGS_MASK;
+	} else {
+		fl_key = TCA_FLOWER_KEY_FLAGS;
+		fl_mask = TCA_FLOWER_KEY_FLAGS_MASK;
+	}
+
 	if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask)))
 		return 0;
 
@@ -3105,11 +3124,11 @@ static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask)
 	_key = cpu_to_be32(key);
 	_mask = cpu_to_be32(mask);
 
-	err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key);
+	err = nla_put(skb, fl_key, 4, &_key);
 	if (err)
 		return err;
 
-	return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask);
+	return nla_put(skb, fl_mask, 4, &_mask);
 }
 
 static int fl_dump_key_geneve_opt(struct sk_buff *skb,
@@ -3632,7 +3651,8 @@ static int fl_dump_key(struct sk_buff *skb, struct net *net,
 	if (fl_dump_key_ct(skb, &key->ct, &mask->ct))
 		goto nla_put_failure;
 
-	if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags))
+	if (fl_dump_key_flags(skb, false, key->control.flags,
+			      mask->control.flags))
 		goto nla_put_failure;
 
 	if (fl_dump_key_val(skb, &key->hash.hash, TCA_FLOWER_KEY_HASH,
-- 
2.45.2


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [PATCH net-next 3/9] net/sched: cls_flower: add policy for TCA_FLOWER_KEY_FLAGS
  2024-07-03 10:45 [PATCH net-next 0/9] flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage Asbjørn Sloth Tønnesen
  2024-07-03 10:45 ` [PATCH net-next 1/9] net/sched: flower: define new tunnel flags Asbjørn Sloth Tønnesen
  2024-07-03 10:45 ` [PATCH net-next 2/9] net/sched: cls_flower: prepare fl_{set,dump}_key_flags() for ENC_FLAGS Asbjørn Sloth Tønnesen
@ 2024-07-03 10:45 ` Asbjørn Sloth Tønnesen
  2024-07-03 10:45 ` [PATCH net-next 4/9] flow_dissector: prepare for encapsulated control flags Asbjørn Sloth Tønnesen
                   ` (6 subsequent siblings)
  9 siblings, 0 replies; 15+ messages in thread
From: Asbjørn Sloth Tønnesen @ 2024-07-03 10:45 UTC (permalink / raw)
  To: netdev
  Cc: Asbjørn Sloth Tønnesen, Davide Caratti, Ilya Maximets,
	Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, David Ahern,
	Simon Horman, Ratheesh Kannoth, Florian Westphal,
	Alexander Lobakin, linux-kernel

This policy guards fl_set_key_flags() from seeing flags
not used in the context of TCA_FLOWER_KEY_FLAGS.

In order For the policy check to be performed with the
correct endianness, then we also needs to change the
attribute type to NLA_BE32 (Thanks Davide).

TCA_FLOWER_KEY_FLAGS{,_MASK} already has a be32 comment
in include/uapi/linux/pkt_cls.h.

Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
---
 net/sched/cls_flower.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index 6a5cecfd9561..fc9a9a0b4897 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -41,6 +41,10 @@
 #define TCA_FLOWER_KEY_CT_FLAGS_MASK \
 		(TCA_FLOWER_KEY_CT_FLAGS_MAX - 1)
 
+#define TCA_FLOWER_KEY_FLAGS_POLICY_MASK \
+		(TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT | \
+		TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST)
+
 #define TUNNEL_FLAGS_PRESENT (\
 	_BITUL(IP_TUNNEL_CSUM_BIT) |		\
 	_BITUL(IP_TUNNEL_DONT_FRAGMENT_BIT) |	\
@@ -676,8 +680,10 @@ static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
 	[TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK]	= { .type = NLA_U16 },
 	[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]	= { .type = NLA_U16 },
 	[TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK]	= { .type = NLA_U16 },
-	[TCA_FLOWER_KEY_FLAGS]		= { .type = NLA_U32 },
-	[TCA_FLOWER_KEY_FLAGS_MASK]	= { .type = NLA_U32 },
+	[TCA_FLOWER_KEY_FLAGS]		= NLA_POLICY_MASK(NLA_BE32,
+							  TCA_FLOWER_KEY_FLAGS_POLICY_MASK),
+	[TCA_FLOWER_KEY_FLAGS_MASK]	= NLA_POLICY_MASK(NLA_BE32,
+							  TCA_FLOWER_KEY_FLAGS_POLICY_MASK),
 	[TCA_FLOWER_KEY_ICMPV4_TYPE]	= { .type = NLA_U8 },
 	[TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 },
 	[TCA_FLOWER_KEY_ICMPV4_CODE]	= { .type = NLA_U8 },
-- 
2.45.2


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [PATCH net-next 4/9] flow_dissector: prepare for encapsulated control flags
  2024-07-03 10:45 [PATCH net-next 0/9] flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage Asbjørn Sloth Tønnesen
                   ` (2 preceding siblings ...)
  2024-07-03 10:45 ` [PATCH net-next 3/9] net/sched: cls_flower: add policy for TCA_FLOWER_KEY_FLAGS Asbjørn Sloth Tønnesen
@ 2024-07-03 10:45 ` Asbjørn Sloth Tønnesen
  2024-07-03 10:45 ` [PATCH net-next 5/9] flow_dissector: set encapsulated control flags from tun_flags Asbjørn Sloth Tønnesen
                   ` (5 subsequent siblings)
  9 siblings, 0 replies; 15+ messages in thread
From: Asbjørn Sloth Tønnesen @ 2024-07-03 10:45 UTC (permalink / raw)
  To: netdev
  Cc: Asbjørn Sloth Tønnesen, Davide Caratti, Ilya Maximets,
	Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, David Ahern,
	Simon Horman, Ratheesh Kannoth, Florian Westphal,
	Alexander Lobakin, linux-kernel

Rename skb_flow_dissect_set_enc_addr_type() to
skb_flow_dissect_set_enc_control(), and make it set both
addr_type and flags in FLOW_DISSECTOR_KEY_ENC_CONTROL.

Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
---
 net/core/flow_dissector.c | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index e64a26379807..1614c6708ea7 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -299,9 +299,10 @@ void skb_flow_dissect_meta(const struct sk_buff *skb,
 EXPORT_SYMBOL(skb_flow_dissect_meta);
 
 static void
-skb_flow_dissect_set_enc_addr_type(enum flow_dissector_key_id type,
-				   struct flow_dissector *flow_dissector,
-				   void *target_container)
+skb_flow_dissect_set_enc_control(enum flow_dissector_key_id type,
+				 u32 ctrl_flags,
+				 struct flow_dissector *flow_dissector,
+				 void *target_container)
 {
 	struct flow_dissector_key_control *ctrl;
 
@@ -312,6 +313,7 @@ skb_flow_dissect_set_enc_addr_type(enum flow_dissector_key_id type,
 					 FLOW_DISSECTOR_KEY_ENC_CONTROL,
 					 target_container);
 	ctrl->addr_type = type;
+	ctrl->flags = ctrl_flags;
 }
 
 void
@@ -367,6 +369,7 @@ skb_flow_dissect_tunnel_info(const struct sk_buff *skb,
 {
 	struct ip_tunnel_info *info;
 	struct ip_tunnel_key *key;
+	u32 ctrl_flags = 0;
 
 	/* A quick check to see if there might be something to do. */
 	if (!dissector_uses_key(flow_dissector,
@@ -395,9 +398,9 @@ skb_flow_dissect_tunnel_info(const struct sk_buff *skb,
 
 	switch (ip_tunnel_info_af(info)) {
 	case AF_INET:
-		skb_flow_dissect_set_enc_addr_type(FLOW_DISSECTOR_KEY_IPV4_ADDRS,
-						   flow_dissector,
-						   target_container);
+		skb_flow_dissect_set_enc_control(FLOW_DISSECTOR_KEY_IPV4_ADDRS,
+						 ctrl_flags, flow_dissector,
+						 target_container);
 		if (dissector_uses_key(flow_dissector,
 				       FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS)) {
 			struct flow_dissector_key_ipv4_addrs *ipv4;
@@ -410,9 +413,9 @@ skb_flow_dissect_tunnel_info(const struct sk_buff *skb,
 		}
 		break;
 	case AF_INET6:
-		skb_flow_dissect_set_enc_addr_type(FLOW_DISSECTOR_KEY_IPV6_ADDRS,
-						   flow_dissector,
-						   target_container);
+		skb_flow_dissect_set_enc_control(FLOW_DISSECTOR_KEY_IPV6_ADDRS,
+						 ctrl_flags, flow_dissector,
+						 target_container);
 		if (dissector_uses_key(flow_dissector,
 				       FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS)) {
 			struct flow_dissector_key_ipv6_addrs *ipv6;
-- 
2.45.2


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [PATCH net-next 5/9] flow_dissector: set encapsulated control flags from tun_flags
  2024-07-03 10:45 [PATCH net-next 0/9] flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage Asbjørn Sloth Tønnesen
                   ` (3 preceding siblings ...)
  2024-07-03 10:45 ` [PATCH net-next 4/9] flow_dissector: prepare for encapsulated control flags Asbjørn Sloth Tønnesen
@ 2024-07-03 10:45 ` Asbjørn Sloth Tønnesen
  2024-07-03 10:45 ` [PATCH net-next 6/9] net/sched: cls_flower: add tunnel flags to fl_{set,dump}_key_flags() Asbjørn Sloth Tønnesen
                   ` (4 subsequent siblings)
  9 siblings, 0 replies; 15+ messages in thread
From: Asbjørn Sloth Tønnesen @ 2024-07-03 10:45 UTC (permalink / raw)
  To: netdev
  Cc: Asbjørn Sloth Tønnesen, Davide Caratti, Ilya Maximets,
	Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, David Ahern,
	Simon Horman, Ratheesh Kannoth, Florian Westphal,
	Alexander Lobakin, linux-kernel

Set the new FLOW_DIS_F_TUNNEL_* encapsulated control flags, based
on if their counter-part is set in tun_flags.

These flags are not userspace visible yet, as the code to dump
encapsulated control flags will first be added, and later activated
in the following patches.

Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
---
 net/core/flow_dissector.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 1614c6708ea7..a0263a4c5489 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -396,6 +396,15 @@ skb_flow_dissect_tunnel_info(const struct sk_buff *skb,
 
 	key = &info->key;
 
+	if (test_bit(IP_TUNNEL_CSUM_BIT, key->tun_flags))
+		ctrl_flags |= FLOW_DIS_F_TUNNEL_CSUM;
+	if (test_bit(IP_TUNNEL_DONT_FRAGMENT_BIT, key->tun_flags))
+		ctrl_flags |= FLOW_DIS_F_TUNNEL_DONT_FRAGMENT;
+	if (test_bit(IP_TUNNEL_OAM_BIT, key->tun_flags))
+		ctrl_flags |= FLOW_DIS_F_TUNNEL_OAM;
+	if (test_bit(IP_TUNNEL_CRIT_OPT_BIT, key->tun_flags))
+		ctrl_flags |= FLOW_DIS_F_TUNNEL_CRIT_OPT;
+
 	switch (ip_tunnel_info_af(info)) {
 	case AF_INET:
 		skb_flow_dissect_set_enc_control(FLOW_DISSECTOR_KEY_IPV4_ADDRS,
-- 
2.45.2


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [PATCH net-next 6/9] net/sched: cls_flower: add tunnel flags to fl_{set,dump}_key_flags()
  2024-07-03 10:45 [PATCH net-next 0/9] flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage Asbjørn Sloth Tønnesen
                   ` (4 preceding siblings ...)
  2024-07-03 10:45 ` [PATCH net-next 5/9] flow_dissector: set encapsulated control flags from tun_flags Asbjørn Sloth Tønnesen
@ 2024-07-03 10:45 ` Asbjørn Sloth Tønnesen
  2024-07-03 10:45 ` [PATCH net-next 7/9] net/sched: cls_flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage Asbjørn Sloth Tønnesen
                   ` (3 subsequent siblings)
  9 siblings, 0 replies; 15+ messages in thread
From: Asbjørn Sloth Tønnesen @ 2024-07-03 10:45 UTC (permalink / raw)
  To: netdev
  Cc: Asbjørn Sloth Tønnesen, Davide Caratti, Ilya Maximets,
	Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, David Ahern,
	Simon Horman, Ratheesh Kannoth, Florian Westphal,
	Alexander Lobakin, linux-kernel

Prepare to set and dump the tunnel flags.

This code won't see any of these flags yet, as these flags
aren't allowed by the NLA_POLICY_MASK, and the functions
doesn't get called with encap set to true yet.

Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
---
 net/sched/cls_flower.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index fc9a9a0b4897..2a440f11fe1f 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -1204,6 +1204,21 @@ static int fl_set_key_flags(struct nlattr **tb, bool encap, u32 *flags_key,
 			TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
 			FLOW_DIS_FIRST_FRAG);
 
+	fl_set_key_flag(key, mask, flags_key, flags_mask,
+			TCA_FLOWER_KEY_FLAGS_TUNNEL_CSUM,
+			FLOW_DIS_F_TUNNEL_CSUM);
+
+	fl_set_key_flag(key, mask, flags_key, flags_mask,
+			TCA_FLOWER_KEY_FLAGS_TUNNEL_DONT_FRAGMENT,
+			FLOW_DIS_F_TUNNEL_DONT_FRAGMENT);
+
+	fl_set_key_flag(key, mask, flags_key, flags_mask,
+			TCA_FLOWER_KEY_FLAGS_TUNNEL_OAM, FLOW_DIS_F_TUNNEL_OAM);
+
+	fl_set_key_flag(key, mask, flags_key, flags_mask,
+			TCA_FLOWER_KEY_FLAGS_TUNNEL_CRIT_OPT,
+			FLOW_DIS_F_TUNNEL_CRIT_OPT);
+
 	return 0;
 }
 
@@ -3127,6 +3142,21 @@ static int fl_dump_key_flags(struct sk_buff *skb, bool encap,
 			TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
 			FLOW_DIS_FIRST_FRAG);
 
+	fl_get_key_flag(flags_key, flags_mask, &key, &mask,
+			TCA_FLOWER_KEY_FLAGS_TUNNEL_CSUM,
+			FLOW_DIS_F_TUNNEL_CSUM);
+
+	fl_get_key_flag(flags_key, flags_mask, &key, &mask,
+			TCA_FLOWER_KEY_FLAGS_TUNNEL_DONT_FRAGMENT,
+			FLOW_DIS_F_TUNNEL_DONT_FRAGMENT);
+
+	fl_get_key_flag(flags_key, flags_mask, &key, &mask,
+			TCA_FLOWER_KEY_FLAGS_TUNNEL_OAM, FLOW_DIS_F_TUNNEL_OAM);
+
+	fl_get_key_flag(flags_key, flags_mask, &key, &mask,
+			TCA_FLOWER_KEY_FLAGS_TUNNEL_CRIT_OPT,
+			FLOW_DIS_F_TUNNEL_CRIT_OPT);
+
 	_key = cpu_to_be32(key);
 	_mask = cpu_to_be32(mask);
 
-- 
2.45.2


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [PATCH net-next 7/9] net/sched: cls_flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage
  2024-07-03 10:45 [PATCH net-next 0/9] flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage Asbjørn Sloth Tønnesen
                   ` (5 preceding siblings ...)
  2024-07-03 10:45 ` [PATCH net-next 6/9] net/sched: cls_flower: add tunnel flags to fl_{set,dump}_key_flags() Asbjørn Sloth Tønnesen
@ 2024-07-03 10:45 ` Asbjørn Sloth Tønnesen
  2024-07-03 10:45 ` [PATCH net-next 8/9] flow_dissector: cleanup FLOW_DISSECTOR_KEY_ENC_FLAGS Asbjørn Sloth Tønnesen
                   ` (2 subsequent siblings)
  9 siblings, 0 replies; 15+ messages in thread
From: Asbjørn Sloth Tønnesen @ 2024-07-03 10:45 UTC (permalink / raw)
  To: netdev
  Cc: Asbjørn Sloth Tønnesen, Davide Caratti, Ilya Maximets,
	Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, David Ahern,
	Simon Horman, Ratheesh Kannoth, Florian Westphal,
	Alexander Lobakin, linux-kernel

This patch changes how TCA_FLOWER_KEY_ENC_FLAGS is used, so that
it is used with TCA_FLOWER_KEY_FLAGS_* flags, in the same way as
TCA_FLOWER_KEY_FLAGS is currently used.

Where TCA_FLOWER_KEY_FLAGS uses {key,mask}->control.flags, then
TCA_FLOWER_KEY_ENC_FLAGS now uses {key,mask}->enc_control.flags,
therefore {key,mask}->enc_flags is now unused.

As the generic fl_set_key_flags/fl_dump_key_flags() is used with
encap set to true, then fl_{set,dump}_key_enc_flags() is removed.

This breaks unreleased userspace API (net-next since 2024-06-04).

Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
---
 include/uapi/linux/pkt_cls.h |  4 +--
 net/sched/cls_flower.c       | 56 +++++++++---------------------------
 2 files changed, 15 insertions(+), 45 deletions(-)

diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h
index 24795aad7651..38a0b1f3d196 100644
--- a/include/uapi/linux/pkt_cls.h
+++ b/include/uapi/linux/pkt_cls.h
@@ -554,8 +554,8 @@ enum {
 	TCA_FLOWER_KEY_SPI,		/* be32 */
 	TCA_FLOWER_KEY_SPI_MASK,	/* be32 */
 
-	TCA_FLOWER_KEY_ENC_FLAGS,	/* u32 */
-	TCA_FLOWER_KEY_ENC_FLAGS_MASK,	/* u32 */
+	TCA_FLOWER_KEY_ENC_FLAGS,	/* be32 */
+	TCA_FLOWER_KEY_ENC_FLAGS_MASK,	/* be32 */
 
 	__TCA_FLOWER_MAX,
 };
diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index 2a440f11fe1f..e2239ab01355 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -45,11 +45,11 @@
 		(TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT | \
 		TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST)
 
-#define TUNNEL_FLAGS_PRESENT (\
-	_BITUL(IP_TUNNEL_CSUM_BIT) |		\
-	_BITUL(IP_TUNNEL_DONT_FRAGMENT_BIT) |	\
-	_BITUL(IP_TUNNEL_OAM_BIT) |		\
-	_BITUL(IP_TUNNEL_CRIT_OPT_BIT))
+#define TCA_FLOWER_KEY_ENC_FLAGS_POLICY_MASK \
+		(TCA_FLOWER_KEY_FLAGS_TUNNEL_CSUM | \
+		TCA_FLOWER_KEY_FLAGS_TUNNEL_DONT_FRAGMENT | \
+		TCA_FLOWER_KEY_FLAGS_TUNNEL_OAM | \
+		TCA_FLOWER_KEY_FLAGS_TUNNEL_CRIT_OPT)
 
 struct fl_flow_key {
 	struct flow_dissector_key_meta meta;
@@ -745,10 +745,10 @@ static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
 	[TCA_FLOWER_KEY_SPI_MASK]	= { .type = NLA_U32 },
 	[TCA_FLOWER_L2_MISS]		= NLA_POLICY_MAX(NLA_U8, 1),
 	[TCA_FLOWER_KEY_CFM]		= { .type = NLA_NESTED },
-	[TCA_FLOWER_KEY_ENC_FLAGS]	= NLA_POLICY_MASK(NLA_U32,
-							  TUNNEL_FLAGS_PRESENT),
-	[TCA_FLOWER_KEY_ENC_FLAGS_MASK]	= NLA_POLICY_MASK(NLA_U32,
-							  TUNNEL_FLAGS_PRESENT),
+	[TCA_FLOWER_KEY_ENC_FLAGS]	= NLA_POLICY_MASK(NLA_BE32,
+							  TCA_FLOWER_KEY_ENC_FLAGS_POLICY_MASK),
+	[TCA_FLOWER_KEY_ENC_FLAGS_MASK]	= NLA_POLICY_MASK(NLA_BE32,
+							  TCA_FLOWER_KEY_ENC_FLAGS_POLICY_MASK),
 };
 
 static const struct nla_policy
@@ -1866,21 +1866,6 @@ static int fl_set_key_cfm(struct nlattr **tb,
 	return 0;
 }
 
-static int fl_set_key_enc_flags(struct nlattr **tb, u32 *flags_key,
-				u32 *flags_mask, struct netlink_ext_ack *extack)
-{
-	/* mask is mandatory for flags */
-	if (NL_REQ_ATTR_CHECK(extack, NULL, tb, TCA_FLOWER_KEY_ENC_FLAGS_MASK)) {
-		NL_SET_ERR_MSG(extack, "missing enc_flags mask");
-		return -EINVAL;
-	}
-
-	*flags_key = nla_get_u32(tb[TCA_FLOWER_KEY_ENC_FLAGS]);
-	*flags_mask = nla_get_u32(tb[TCA_FLOWER_KEY_ENC_FLAGS_MASK]);
-
-	return 0;
-}
-
 static int fl_set_key(struct net *net, struct nlattr **tb,
 		      struct fl_flow_key *key, struct fl_flow_key *mask,
 		      struct netlink_ext_ack *extack)
@@ -2123,8 +2108,8 @@ static int fl_set_key(struct net *net, struct nlattr **tb,
 	}
 
 	if (tb[TCA_FLOWER_KEY_ENC_FLAGS])
-		ret = fl_set_key_enc_flags(tb, &key->enc_flags.flags,
-					   &mask->enc_flags.flags, extack);
+		ret = fl_set_key_flags(tb, true, &key->enc_control.flags,
+				       &mask->enc_control.flags, extack);
 
 	return ret;
 }
@@ -3381,22 +3366,6 @@ static int fl_dump_key_cfm(struct sk_buff *skb,
 	return err;
 }
 
-static int fl_dump_key_enc_flags(struct sk_buff *skb,
-				 struct flow_dissector_key_enc_flags *key,
-				 struct flow_dissector_key_enc_flags *mask)
-{
-	if (!memchr_inv(mask, 0, sizeof(*mask)))
-		return 0;
-
-	if (nla_put_u32(skb, TCA_FLOWER_KEY_ENC_FLAGS, key->flags))
-		return -EMSGSIZE;
-
-	if (nla_put_u32(skb, TCA_FLOWER_KEY_ENC_FLAGS_MASK, mask->flags))
-		return -EMSGSIZE;
-
-	return 0;
-}
-
 static int fl_dump_key_options(struct sk_buff *skb, int enc_opt_type,
 			       struct flow_dissector_key_enc_opts *enc_opts)
 {
@@ -3699,7 +3668,8 @@ static int fl_dump_key(struct sk_buff *skb, struct net *net,
 	if (fl_dump_key_cfm(skb, &key->cfm, &mask->cfm))
 		goto nla_put_failure;
 
-	if (fl_dump_key_enc_flags(skb, &key->enc_flags, &mask->enc_flags))
+	if (fl_dump_key_flags(skb, true, key->enc_control.flags,
+			      mask->enc_control.flags))
 		goto nla_put_failure;
 
 	return 0;
-- 
2.45.2


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [PATCH net-next 8/9] flow_dissector: cleanup FLOW_DISSECTOR_KEY_ENC_FLAGS
  2024-07-03 10:45 [PATCH net-next 0/9] flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage Asbjørn Sloth Tønnesen
                   ` (6 preceding siblings ...)
  2024-07-03 10:45 ` [PATCH net-next 7/9] net/sched: cls_flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage Asbjørn Sloth Tønnesen
@ 2024-07-03 10:45 ` Asbjørn Sloth Tønnesen
  2024-07-03 10:45 ` [PATCH net-next 9/9] flow_dissector: set encapsulation control flags for non-IP Asbjørn Sloth Tønnesen
  2024-07-03 16:19 ` [PATCH net-next 0/9] flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage Davide Caratti
  9 siblings, 0 replies; 15+ messages in thread
From: Asbjørn Sloth Tønnesen @ 2024-07-03 10:45 UTC (permalink / raw)
  To: netdev
  Cc: Asbjørn Sloth Tønnesen, Davide Caratti, Ilya Maximets,
	Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, David Ahern,
	Simon Horman, Ratheesh Kannoth, Florian Westphal,
	Alexander Lobakin, linux-kernel

Now that TCA_FLOWER_KEY_ENC_FLAGS is unused, as it's
former data is stored behind TCA_FLOWER_KEY_ENC_CONTROL,
then remove the last bits of FLOW_DISSECTOR_KEY_ENC_FLAGS.

FLOW_DISSECTOR_KEY_ENC_FLAGS is unreleased, and have been
in net-next since 2024-06-04.

Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
---
 include/net/flow_dissector.h |  9 ---------
 include/net/ip_tunnels.h     | 12 ------------
 net/core/flow_dissector.c    | 16 +---------------
 net/sched/cls_flower.c       |  3 ---
 4 files changed, 1 insertion(+), 39 deletions(-)

diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
index f560e2c8d0e7..17a8a8634751 100644
--- a/include/net/flow_dissector.h
+++ b/include/net/flow_dissector.h
@@ -338,14 +338,6 @@ struct flow_dissector_key_cfm {
 #define FLOW_DIS_CFM_MDL_MASK GENMASK(7, 5)
 #define FLOW_DIS_CFM_MDL_MAX 7
 
-/**
- * struct flow_dissector_key_enc_flags: tunnel metadata control flags
- * @flags: tunnel control flags
- */
-struct flow_dissector_key_enc_flags {
-	u32 flags;
-};
-
 enum flow_dissector_key_id {
 	FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */
 	FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */
@@ -380,7 +372,6 @@ enum flow_dissector_key_id {
 	FLOW_DISSECTOR_KEY_L2TPV3, /* struct flow_dissector_key_l2tpv3 */
 	FLOW_DISSECTOR_KEY_CFM, /* struct flow_dissector_key_cfm */
 	FLOW_DISSECTOR_KEY_IPSEC, /* struct flow_dissector_key_ipsec */
-	FLOW_DISSECTOR_KEY_ENC_FLAGS, /* struct flow_dissector_key_enc_flags */
 
 	FLOW_DISSECTOR_KEY_MAX,
 };
diff --git a/include/net/ip_tunnels.h b/include/net/ip_tunnels.h
index 3877315cf8b8..1db2417b8ff5 100644
--- a/include/net/ip_tunnels.h
+++ b/include/net/ip_tunnels.h
@@ -247,18 +247,6 @@ static inline bool ip_tunnel_is_options_present(const unsigned long *flags)
 	return ip_tunnel_flags_intersect(flags, present);
 }
 
-static inline void ip_tunnel_set_encflags_present(unsigned long *flags)
-{
-	IP_TUNNEL_DECLARE_FLAGS(present) = { };
-
-	__set_bit(IP_TUNNEL_CSUM_BIT, present);
-	__set_bit(IP_TUNNEL_DONT_FRAGMENT_BIT, present);
-	__set_bit(IP_TUNNEL_OAM_BIT, present);
-	__set_bit(IP_TUNNEL_CRIT_OPT_BIT, present);
-
-	ip_tunnel_flags_or(flags, flags, present);
-}
-
 static inline bool ip_tunnel_flags_is_be16_compat(const unsigned long *flags)
 {
 	IP_TUNNEL_DECLARE_FLAGS(supp) = { };
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index a0263a4c5489..1a9ca129fddd 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -385,9 +385,7 @@ skb_flow_dissect_tunnel_info(const struct sk_buff *skb,
 	    !dissector_uses_key(flow_dissector,
 				FLOW_DISSECTOR_KEY_ENC_IP) &&
 	    !dissector_uses_key(flow_dissector,
-				FLOW_DISSECTOR_KEY_ENC_OPTS) &&
-	    !dissector_uses_key(flow_dissector,
-				FLOW_DISSECTOR_KEY_ENC_FLAGS))
+				FLOW_DISSECTOR_KEY_ENC_OPTS))
 		return;
 
 	info = skb_tunnel_info(skb);
@@ -489,18 +487,6 @@ skb_flow_dissect_tunnel_info(const struct sk_buff *skb,
 				    IP_TUNNEL_GENEVE_OPT_BIT);
 		enc_opt->dst_opt_type = val < __IP_TUNNEL_FLAG_NUM ? val : 0;
 	}
-
-	if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ENC_FLAGS)) {
-		struct flow_dissector_key_enc_flags *enc_flags;
-		IP_TUNNEL_DECLARE_FLAGS(flags) = {};
-
-		enc_flags = skb_flow_dissector_target(flow_dissector,
-						      FLOW_DISSECTOR_KEY_ENC_FLAGS,
-						      target_container);
-		ip_tunnel_set_encflags_present(flags);
-		ip_tunnel_flags_and(flags, flags, info->key.tun_flags);
-		enc_flags->flags = bitmap_read(flags, IP_TUNNEL_CSUM_BIT, 32);
-	}
 }
 EXPORT_SYMBOL(skb_flow_dissect_tunnel_info);
 
diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index e2239ab01355..897d6b683cc6 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -85,7 +85,6 @@ struct fl_flow_key {
 	struct flow_dissector_key_l2tpv3 l2tpv3;
 	struct flow_dissector_key_ipsec ipsec;
 	struct flow_dissector_key_cfm cfm;
-	struct flow_dissector_key_enc_flags enc_flags;
 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
 
 struct fl_flow_mask_range {
@@ -2223,8 +2222,6 @@ static void fl_init_dissector(struct flow_dissector *dissector,
 			     FLOW_DISSECTOR_KEY_IPSEC, ipsec);
 	FL_KEY_SET_IF_MASKED(mask, keys, cnt,
 			     FLOW_DISSECTOR_KEY_CFM, cfm);
-	FL_KEY_SET_IF_MASKED(mask, keys, cnt,
-			     FLOW_DISSECTOR_KEY_ENC_FLAGS, enc_flags);
 
 	skb_flow_dissector_init(dissector, keys, cnt);
 }
-- 
2.45.2


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* [PATCH net-next 9/9] flow_dissector: set encapsulation control flags for non-IP
  2024-07-03 10:45 [PATCH net-next 0/9] flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage Asbjørn Sloth Tønnesen
                   ` (7 preceding siblings ...)
  2024-07-03 10:45 ` [PATCH net-next 8/9] flow_dissector: cleanup FLOW_DISSECTOR_KEY_ENC_FLAGS Asbjørn Sloth Tønnesen
@ 2024-07-03 10:45 ` Asbjørn Sloth Tønnesen
  2024-07-03 16:19 ` [PATCH net-next 0/9] flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage Davide Caratti
  9 siblings, 0 replies; 15+ messages in thread
From: Asbjørn Sloth Tønnesen @ 2024-07-03 10:45 UTC (permalink / raw)
  To: netdev
  Cc: Asbjørn Sloth Tønnesen, Davide Caratti, Ilya Maximets,
	Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, David Ahern,
	Simon Horman, Ratheesh Kannoth, Florian Westphal,
	Alexander Lobakin, linux-kernel

Make sure to set encapsulated control flags also for non-IP
packets, such that it's possible to allow matching on e.g.
TUNNEL_OAM on a geneve packet carrying a non-IP packet.

Suggested-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
---
 net/core/flow_dissector.c | 4 ++++
 net/sched/cls_flower.c    | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 1a9ca129fddd..ada1e39b557e 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -434,6 +434,10 @@ skb_flow_dissect_tunnel_info(const struct sk_buff *skb,
 			ipv6->dst = key->u.ipv6.dst;
 		}
 		break;
+	default:
+		skb_flow_dissect_set_enc_control(0, ctrl_flags, flow_dissector,
+						 target_container);
+		break;
 	}
 
 	if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ENC_KEYID)) {
diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index 897d6b683cc6..38b2df387c1e 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -2199,7 +2199,8 @@ static void fl_init_dissector(struct flow_dissector *dissector,
 	FL_KEY_SET_IF_MASKED(mask, keys, cnt,
 			     FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6);
 	if (FL_KEY_IS_MASKED(mask, enc_ipv4) ||
-	    FL_KEY_IS_MASKED(mask, enc_ipv6))
+	    FL_KEY_IS_MASKED(mask, enc_ipv6) ||
+	    FL_KEY_IS_MASKED(mask, enc_control))
 		FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL,
 			   enc_control);
 	FL_KEY_SET_IF_MASKED(mask, keys, cnt,
-- 
2.45.2


^ permalink raw reply related	[flat|nested] 15+ messages in thread
* Re: [PATCH net-next 1/9] net/sched: flower: define new tunnel flags
  2024-07-03 10:45 ` [PATCH net-next 1/9] net/sched: flower: define new tunnel flags Asbjørn Sloth Tønnesen
@ 2024-07-03 10:59   ` Alexander Lobakin
  2024-07-04  0:20     ` Jakub Kicinski
  0 siblings, 1 reply; 15+ messages in thread
From: Alexander Lobakin @ 2024-07-03 10:59 UTC (permalink / raw)
  To: Asbjørn Sloth Tønnesen
  Cc: netdev, Davide Caratti, Ilya Maximets, Jamal Hadi Salim,
	Cong Wang, Jiri Pirko, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, David Ahern, Simon Horman,
	Ratheesh Kannoth, Florian Westphal, linux-kernel

From: Asbjørn Sloth Tønnesen <ast@fiberby.net>
Date: Wed,  3 Jul 2024 10:45:50 +0000

> Define new TCA_FLOWER_KEY_FLAGS_* flags for use in struct
> flow_dissector_key_control, covering the same flags
> as currently exposed through TCA_FLOWER_KEY_ENC_FLAGS,
> but assign them new bit positions in so that they don't
> conflict with existing TCA_FLOWER_KEY_FLAGS_* flags.
> 
> Synchronize FLOW_DIS_* flags, but put the new flags
> under FLOW_DIS_F_*. The idea is that we can later, move
> the existing flags under FLOW_DIS_F_* as well.
> 
> Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
> ---
>  include/net/flow_dissector.h | 17 +++++++++++++----
>  include/uapi/linux/pkt_cls.h |  5 +++++
>  2 files changed, 18 insertions(+), 4 deletions(-)
> 
> diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
> index 3e47e123934d..f560e2c8d0e7 100644
> --- a/include/net/flow_dissector.h
> +++ b/include/net/flow_dissector.h
> @@ -16,7 +16,8 @@ struct sk_buff;
>   * struct flow_dissector_key_control:
>   * @thoff:     Transport header offset
>   * @addr_type: Type of key. One of FLOW_DISSECTOR_KEY_*
> - * @flags:     Key flags. Any of FLOW_DIS_(IS_FRAGMENT|FIRST_FRAGENCAPSULATION)
> + * @flags:     Key flags.
> + *             Any of FLOW_DIS_(IS_FRAGMENT|FIRST_FRAG|ENCAPSULATION|F_*)
>   */
>  struct flow_dissector_key_control {
>  	u16	thoff;
> @@ -24,9 +25,17 @@ struct flow_dissector_key_control {
>  	u32	flags;
>  };
>  
> -#define FLOW_DIS_IS_FRAGMENT	BIT(0)
> -#define FLOW_DIS_FIRST_FRAG	BIT(1)
> -#define FLOW_DIS_ENCAPSULATION	BIT(2)
> +/* Please keep these flags in sync with TCA_FLOWER_KEY_FLAGS_*
> + * in include/uapi/linux/pkt_cls.h, as these bit flags are exposed
> + * to userspace in some error paths, ie. unsupported flags.
> + */
> +#define FLOW_DIS_IS_FRAGMENT		BIT(0)
> +#define FLOW_DIS_FIRST_FRAG		BIT(1)
> +#define FLOW_DIS_ENCAPSULATION		BIT(2)
> +#define FLOW_DIS_F_TUNNEL_CSUM		BIT(3)
> +#define FLOW_DIS_F_TUNNEL_DONT_FRAGMENT	BIT(4)
> +#define FLOW_DIS_F_TUNNEL_OAM		BIT(5)
> +#define FLOW_DIS_F_TUNNEL_CRIT_OPT	BIT(6)

1. enum? Then they will be included in BTF info, maybe they might come
   handy later in BPF...
2. Maybe "sync" them automatically?

	FLOW_DIS_FIRST_FRAG	= TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
	...

(with the only exception for BIT(2))

>  
>  enum flow_dissect_ret {
>  	FLOW_DISSECT_RET_OUT_GOOD,
> diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h
> index b6d38f5fd7c0..24795aad7651 100644
> --- a/include/uapi/linux/pkt_cls.h
> +++ b/include/uapi/linux/pkt_cls.h
> @@ -677,6 +677,11 @@ enum {
>  enum {
>  	TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT = (1 << 0),
>  	TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST = (1 << 1),
> +	/* FLOW_DIS_ENCAPSULATION (1 << 2) is not exposed to userspace */

Should uAPI header contain this comment? FLOW_DIS_ENCAPSULATION is an
internal kernel definition, so I believe its name shouldn't leak to the
userspace header.

> +	TCA_FLOWER_KEY_FLAGS_TUNNEL_CSUM = (1 << 3),
> +	TCA_FLOWER_KEY_FLAGS_TUNNEL_DONT_FRAGMENT = (1 << 4),
> +	TCA_FLOWER_KEY_FLAGS_TUNNEL_OAM = (1 << 5),
> +	TCA_FLOWER_KEY_FLAGS_TUNNEL_CRIT_OPT = (1 << 6),
>  };
>  
>  enum {

Thanks,
Olek

^ permalink raw reply	[flat|nested] 15+ messages in thread
* Re: [PATCH net-next 0/9] flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage
  2024-07-03 10:45 [PATCH net-next 0/9] flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage Asbjørn Sloth Tønnesen
                   ` (8 preceding siblings ...)
  2024-07-03 10:45 ` [PATCH net-next 9/9] flow_dissector: set encapsulation control flags for non-IP Asbjørn Sloth Tønnesen
@ 2024-07-03 16:19 ` Davide Caratti
  9 siblings, 0 replies; 15+ messages in thread
From: Davide Caratti @ 2024-07-03 16:19 UTC (permalink / raw)
  To: Asbjørn Sloth Tønnesen
  Cc: netdev, Ilya Maximets, Jamal Hadi Salim, Cong Wang, Jiri Pirko,
	David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
	David Ahern, Simon Horman, Ratheesh Kannoth, Florian Westphal,
	Alexander Lobakin, linux-kernel

hello,

On Wed, Jul 3, 2024 at 12:47 PM Asbjørn Sloth Tønnesen <ast@fiberby.net> wrote:
>
> This series reworks the recently added TCA_FLOWER_KEY_ENC_FLAGS
> attribute, to be more like TCA_FLOWER_KEY_FLAGS, and use the unused
> u32 flags field in FLOW_DISSECTOR_KEY_ENC_CONTROL, instead of adding
> a new flags field as FLOW_DISSECTOR_KEY_ENC_FLAGS.

Tested-by: Davide Caratti <dcaratti@redhat.com>


^ permalink raw reply	[flat|nested] 15+ messages in thread
* Re: [PATCH net-next 1/9] net/sched: flower: define new tunnel flags
  2024-07-03 10:59   ` Alexander Lobakin
@ 2024-07-04  0:20     ` Jakub Kicinski
  2024-07-04 21:45       ` Asbjørn Sloth Tønnesen
  0 siblings, 1 reply; 15+ messages in thread
From: Jakub Kicinski @ 2024-07-04  0:20 UTC (permalink / raw)
  To: Alexander Lobakin
  Cc: Asbjørn Sloth Tønnesen, netdev, Davide Caratti,
	Ilya Maximets, Jamal Hadi Salim, Cong Wang, Jiri Pirko,
	David S. Miller, Eric Dumazet, Paolo Abeni, David Ahern,
	Simon Horman, Ratheesh Kannoth, Florian Westphal, linux-kernel

On Wed, 3 Jul 2024 12:59:54 +0200 Alexander Lobakin wrote:
> >  enum {
> >  	TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT = (1 << 0),
> >  	TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST = (1 << 1),
> > +	/* FLOW_DIS_ENCAPSULATION (1 << 2) is not exposed to userspace */  
> 
> Should uAPI header contain this comment? FLOW_DIS_ENCAPSULATION is an
> internal kernel definition, so I believe its name shouldn't leak to the
> userspace header.

Also since it's internal, can avoid the gap in uAPI and make
ENCAPSULATION be something like "last uAPI bit + 1" ?

^ permalink raw reply	[flat|nested] 15+ messages in thread
* Re: [PATCH net-next 1/9] net/sched: flower: define new tunnel flags
  2024-07-04  0:20     ` Jakub Kicinski
@ 2024-07-04 21:45       ` Asbjørn Sloth Tønnesen
  2024-07-05  2:05         ` Jakub Kicinski
  0 siblings, 1 reply; 15+ messages in thread
From: Asbjørn Sloth Tønnesen @ 2024-07-04 21:45 UTC (permalink / raw)
  To: Jakub Kicinski, Alexander Lobakin
  Cc: netdev, Davide Caratti, Ilya Maximets, Jamal Hadi Salim,
	Cong Wang, Jiri Pirko, David S. Miller, Eric Dumazet, Paolo Abeni,
	David Ahern, Simon Horman, Ratheesh Kannoth, Florian Westphal,
	linux-kernel

Hi Kuba and Alexander,

On 7/4/24 12:20 AM, Jakub Kicinski wrote:
> On Wed, 3 Jul 2024 12:59:54 +0200 Alexander Lobakin wrote:
>>>   enum {
>>>   	TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT = (1 << 0),
>>>   	TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST = (1 << 1),
>>> +	/* FLOW_DIS_ENCAPSULATION (1 << 2) is not exposed to userspace */
>>
>> Should uAPI header contain this comment? FLOW_DIS_ENCAPSULATION is an
>> internal kernel definition, so I believe its name shouldn't leak to the
>> userspace header.
> 
> Also since it's internal, can avoid the gap in uAPI and make
> ENCAPSULATION be something like "last uAPI bit + 1" ?

Would the below work?

-#define FLOW_DIS_IS_FRAGMENT   BIT(0)
-#define FLOW_DIS_FIRST_FRAG    BIT(1)
-#define FLOW_DIS_ENCAPSULATION BIT(2)
+/* The control flags are kept in sync with TCA_FLOWER_KEY_FLAGS_*, as those
+ * flags are exposed to userspace in some error paths, ie. unsupported flags.
+ */
+enum flow_dissector_ctrl_flags {
+       FLOW_DIS_IS_FRAGMENT            = TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT,
+       FLOW_DIS_FIRST_FRAG             = TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
+       FLOW_DIS_F_TUNNEL_CSUM          = TCA_FLOWER_KEY_FLAGS_TUNNEL_CSUM,
+       FLOW_DIS_F_TUNNEL_DONT_FRAGMENT = TCA_FLOWER_KEY_FLAGS_TUNNEL_DONT_FRAGMENT,
+       FLOW_DIS_F_TUNNEL_OAM           = TCA_FLOWER_KEY_FLAGS_TUNNEL_OAM,
+       FLOW_DIS_F_TUNNEL_CRIT_OPT      = TCA_FLOWER_KEY_FLAGS_TUNNEL_CRIT_OPT,
+
+       /* These flags are internal to the kernel */
+       FLOW_DIS_ENCAPSULATION          = (TCA_FLOWER_KEY_FLAGS_MAX << 1),
+};

-- 
Best regards
Asbjørn Sloth Tønnesen
Network Engineer
Fiberby - AS42541

^ permalink raw reply	[flat|nested] 15+ messages in thread
* Re: [PATCH net-next 1/9] net/sched: flower: define new tunnel flags
  2024-07-04 21:45       ` Asbjørn Sloth Tønnesen
@ 2024-07-05  2:05         ` Jakub Kicinski
  0 siblings, 0 replies; 15+ messages in thread
From: Jakub Kicinski @ 2024-07-05  2:05 UTC (permalink / raw)
  To: Asbjørn Sloth Tønnesen
  Cc: Alexander Lobakin, netdev, Davide Caratti, Ilya Maximets,
	Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller,
	Eric Dumazet, Paolo Abeni, David Ahern, Simon Horman,
	Ratheesh Kannoth, Florian Westphal, linux-kernel

On Thu, 4 Jul 2024 21:45:14 +0000 Asbjørn Sloth Tønnesen wrote:
> +       /* These flags are internal to the kernel */
> +       FLOW_DIS_ENCAPSULATION          = (TCA_FLOWER_KEY_FLAGS_MAX << 1),

Looks good (assuming TCA_FLOWER_KEY_FLAGS_MAX == TCA_FLOWER_KEY_FLAGS_TUNNEL_CRIT_OPT)

^ permalink raw reply	[flat|nested] 15+ messages in thread
end of thread, other threads:[~2024-07-05  2:05 UTC | newest]

Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-07-03 10:45 [PATCH net-next 0/9] flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage Asbjørn Sloth Tønnesen
2024-07-03 10:45 ` [PATCH net-next 1/9] net/sched: flower: define new tunnel flags Asbjørn Sloth Tønnesen
2024-07-03 10:59   ` Alexander Lobakin
2024-07-04  0:20     ` Jakub Kicinski
2024-07-04 21:45       ` Asbjørn Sloth Tønnesen
2024-07-05  2:05         ` Jakub Kicinski
2024-07-03 10:45 ` [PATCH net-next 2/9] net/sched: cls_flower: prepare fl_{set,dump}_key_flags() for ENC_FLAGS Asbjørn Sloth Tønnesen
2024-07-03 10:45 ` [PATCH net-next 3/9] net/sched: cls_flower: add policy for TCA_FLOWER_KEY_FLAGS Asbjørn Sloth Tønnesen
2024-07-03 10:45 ` [PATCH net-next 4/9] flow_dissector: prepare for encapsulated control flags Asbjørn Sloth Tønnesen
2024-07-03 10:45 ` [PATCH net-next 5/9] flow_dissector: set encapsulated control flags from tun_flags Asbjørn Sloth Tønnesen
2024-07-03 10:45 ` [PATCH net-next 6/9] net/sched: cls_flower: add tunnel flags to fl_{set,dump}_key_flags() Asbjørn Sloth Tønnesen
2024-07-03 10:45 ` [PATCH net-next 7/9] net/sched: cls_flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage Asbjørn Sloth Tønnesen
2024-07-03 10:45 ` [PATCH net-next 8/9] flow_dissector: cleanup FLOW_DISSECTOR_KEY_ENC_FLAGS Asbjørn Sloth Tønnesen
2024-07-03 10:45 ` [PATCH net-next 9/9] flow_dissector: set encapsulation control flags for non-IP Asbjørn Sloth Tønnesen
2024-07-03 16:19 ` [PATCH net-next 0/9] flower: rework TCA_FLOWER_KEY_ENC_FLAGS usage Davide Caratti

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).