* [PATCH net-next 0/2] net: allow dissecting/matching tunnel control flags
@ 2024-01-31 16:13 Davide Caratti
2024-01-31 16:13 ` [PATCH net-next 1/2] flow_dissector: add support for " Davide Caratti
2024-01-31 16:13 ` [PATCH net-next 2/2] net/sched: cls_flower: add support for matching " Davide Caratti
0 siblings, 2 replies; 6+ messages in thread
From: Davide Caratti @ 2024-01-31 16:13 UTC (permalink / raw)
To: Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni, netdev
Cc: Marcelo Ricardo Leitner, Xin Long, Ilya Maximets
Ilya says: "for correct matching on decapsulated packets, we should match
on not only tunnel id and headers, but also on tunnel configuration flags
like TUNNEL_NO_CSUM and TUNNEL_DONT_FRAGMENT. This is done to distinguish
similar tunnels with slightly different configs. And it is important since
tunnel configuration is flow based, i.e. can be different for every packet,
even though the main tunnel port is the same."
- patch 1 extends the kernel's flow dissector to extract these flags
from the packet's tunnel metadata.
- patch 2 extends TC flower tomatch on any combination of TUNNEL_NO_CSUM,
TUNNEL_OAM and TUNNEL_DONT_FRAGMENT.
Davide Caratti (2):
flow_dissector: add support for tunnel control flags
net/sched: cls_flower: add support for matching tunnel control flags
include/net/flow_dissector.h | 11 +++++++++
include/uapi/linux/pkt_cls.h | 3 +++
net/core/flow_dissector.c | 13 ++++++++++-
net/sched/cls_flower.c | 45 ++++++++++++++++++++++++++++++++++++
4 files changed, 71 insertions(+), 1 deletion(-)
--
2.43.0
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH net-next 1/2] flow_dissector: add support for tunnel control flags
2024-01-31 16:13 [PATCH net-next 0/2] net: allow dissecting/matching tunnel control flags Davide Caratti
@ 2024-01-31 16:13 ` Davide Caratti
2024-01-31 16:13 ` [PATCH net-next 2/2] net/sched: cls_flower: add support for matching " Davide Caratti
1 sibling, 0 replies; 6+ messages in thread
From: Davide Caratti @ 2024-01-31 16:13 UTC (permalink / raw)
To: Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni, netdev
Cc: Marcelo Ricardo Leitner, Xin Long, Ilya Maximets
dissect [no]csum, [no]dontfrag, [no]oam flags on 'external' tunnels. This
is a prerequisite for matching these control flags using TC flower.
Suggested-by: Ilya Maximets <i.maximets@ovn.org>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
---
include/net/flow_dissector.h | 11 +++++++++++
net/core/flow_dissector.c | 13 ++++++++++++-
2 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
index 1a7131d6cb0e..98a0050d5cc3 100644
--- a/include/net/flow_dissector.h
+++ b/include/net/flow_dissector.h
@@ -329,6 +329,16 @@ struct flow_dissector_key_cfm {
#define FLOW_DIS_CFM_MDL_MASK GENMASK(7, 5)
#define FLOW_DIS_CFM_MDL_MAX 7
+/**
+ * struct flow_dissector_key_enc_flags
+ * @flags: tunnel control flags
+ */
+struct flow_dissector_key_enc_flags {
+ __be16 flags;
+};
+
+#define TUNNEL_FLAGS_PRESENT (TUNNEL_CSUM | TUNNEL_DONT_FRAGMENT | TUNNEL_OAM)
+
enum flow_dissector_key_id {
FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */
FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */
@@ -363,6 +373,7 @@ enum flow_dissector_key_id {
FLOW_DISSECTOR_KEY_L2TPV3, /* struct flow_dissector_key_l2tpv3 */
FLOW_DISSECTOR_KEY_CFM, /* struct flow_dissector_key_cfm */
FLOW_DISSECTOR_KEY_IPSEC, /* struct flow_dissector_key_ipsec */
+ FLOW_DISSECTOR_KEY_ENC_FLAGS, /* struct flow_dissector_key_enc_flags */
FLOW_DISSECTOR_KEY_MAX,
};
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 272f09251343..9099a5524d7c 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -382,7 +382,9 @@ skb_flow_dissect_tunnel_info(const struct sk_buff *skb,
!dissector_uses_key(flow_dissector,
FLOW_DISSECTOR_KEY_ENC_IP) &&
!dissector_uses_key(flow_dissector,
- FLOW_DISSECTOR_KEY_ENC_OPTS))
+ FLOW_DISSECTOR_KEY_ENC_OPTS) &&
+ !dissector_uses_key(flow_dissector,
+ FLOW_DISSECTOR_KEY_ENC_FLAGS))
return;
info = skb_tunnel_info(skb);
@@ -467,6 +469,15 @@ skb_flow_dissect_tunnel_info(const struct sk_buff *skb,
TUNNEL_OPTIONS_PRESENT;
}
}
+
+ if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ENC_FLAGS)) {
+ struct flow_dissector_key_enc_flags *enc_flags;
+
+ enc_flags = skb_flow_dissector_target(flow_dissector,
+ FLOW_DISSECTOR_KEY_ENC_FLAGS,
+ target_container);
+ enc_flags->flags = info->key.tun_flags & TUNNEL_FLAGS_PRESENT;
+ }
}
EXPORT_SYMBOL(skb_flow_dissect_tunnel_info);
--
2.43.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH net-next 2/2] net/sched: cls_flower: add support for matching tunnel control flags
2024-01-31 16:13 [PATCH net-next 0/2] net: allow dissecting/matching tunnel control flags Davide Caratti
2024-01-31 16:13 ` [PATCH net-next 1/2] flow_dissector: add support for " Davide Caratti
@ 2024-01-31 16:13 ` Davide Caratti
2024-01-31 21:13 ` Jamal Hadi Salim
1 sibling, 1 reply; 6+ messages in thread
From: Davide Caratti @ 2024-01-31 16:13 UTC (permalink / raw)
To: Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni, netdev
Cc: Marcelo Ricardo Leitner, Xin Long, Ilya Maximets
extend cls_flower to match flags belonging to 'TUNNEL_FLAGS_PRESENT' mask
inside skb tunnel metadata.
Suggested-by: Ilya Maximets <i.maximets@ovn.org>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
---
include/uapi/linux/pkt_cls.h | 3 +++
net/sched/cls_flower.c | 45 ++++++++++++++++++++++++++++++++++++
2 files changed, 48 insertions(+)
diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h
index ea277039f89d..e3394f9d06b7 100644
--- a/include/uapi/linux/pkt_cls.h
+++ b/include/uapi/linux/pkt_cls.h
@@ -554,6 +554,9 @@ enum {
TCA_FLOWER_KEY_SPI, /* be32 */
TCA_FLOWER_KEY_SPI_MASK, /* be32 */
+ TCA_FLOWER_KEY_ENC_FLAGS, /* be16 */
+ TCA_FLOWER_KEY_ENC_FLAGS_MASK, /* be16 */
+
__TCA_FLOWER_MAX,
};
diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index efb9d2811b73..d244169c8471 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -74,6 +74,7 @@ struct fl_flow_key {
struct flow_dissector_key_l2tpv3 l2tpv3;
struct flow_dissector_key_ipsec ipsec;
struct flow_dissector_key_cfm cfm;
+ struct flow_dissector_key_enc_flags enc_flags;
} __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
struct fl_flow_mask_range {
@@ -731,6 +732,10 @@ static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
[TCA_FLOWER_KEY_SPI_MASK] = { .type = NLA_U32 },
[TCA_FLOWER_L2_MISS] = NLA_POLICY_MAX(NLA_U8, 1),
[TCA_FLOWER_KEY_CFM] = { .type = NLA_NESTED },
+ [TCA_FLOWER_KEY_ENC_FLAGS] = NLA_POLICY_MASK(NLA_BE16,
+ TUNNEL_FLAGS_PRESENT),
+ [TCA_FLOWER_KEY_ENC_FLAGS_MASK] = NLA_POLICY_MASK(NLA_BE16,
+ TUNNEL_FLAGS_PRESENT),
};
static const struct nla_policy
@@ -1748,6 +1753,21 @@ static int fl_set_key_cfm(struct nlattr **tb,
return 0;
}
+static int fl_set_key_enc_flags(struct nlattr **tb, __be16 *flags_key,
+ __be16 *flags_mask, struct netlink_ext_ack *extack)
+{
+ /* mask is mandatory for flags */
+ if (!tb[TCA_FLOWER_KEY_ENC_FLAGS_MASK]) {
+ NL_SET_ERR_MSG(extack, "missing enc_flags mask");
+ return -EINVAL;
+ }
+
+ *flags_key = nla_get_be16(tb[TCA_FLOWER_KEY_ENC_FLAGS]);
+ *flags_mask = nla_get_be16(tb[TCA_FLOWER_KEY_ENC_FLAGS_MASK]);
+
+ return 0;
+}
+
static int fl_set_key(struct net *net, struct nlattr **tb,
struct fl_flow_key *key, struct fl_flow_key *mask,
struct netlink_ext_ack *extack)
@@ -1986,6 +2006,10 @@ static int fl_set_key(struct net *net, struct nlattr **tb,
ret = fl_set_key_flags(tb, &key->control.flags,
&mask->control.flags, extack);
+ if (tb[TCA_FLOWER_KEY_ENC_FLAGS])
+ ret = fl_set_key_enc_flags(tb, &key->enc_flags.flags,
+ &mask->enc_flags.flags, extack);
+
return ret;
}
@@ -2098,6 +2122,8 @@ static void fl_init_dissector(struct flow_dissector *dissector,
FLOW_DISSECTOR_KEY_IPSEC, ipsec);
FL_KEY_SET_IF_MASKED(mask, keys, cnt,
FLOW_DISSECTOR_KEY_CFM, cfm);
+ FL_KEY_SET_IF_MASKED(mask, keys, cnt,
+ FLOW_DISSECTOR_KEY_ENC_FLAGS, enc_flags);
skb_flow_dissector_init(dissector, keys, cnt);
}
@@ -3185,6 +3211,22 @@ static int fl_dump_key_cfm(struct sk_buff *skb,
return err;
}
+static int fl_dump_key_enc_flags(struct sk_buff *skb,
+ struct flow_dissector_key_enc_flags *key,
+ struct flow_dissector_key_enc_flags *mask)
+{
+ if (!memchr_inv(mask, 0, sizeof(*mask)))
+ return 0;
+
+ if (nla_put_be16(skb, TCA_FLOWER_KEY_ENC_FLAGS, key->flags))
+ return -EMSGSIZE;
+
+ if (nla_put_be16(skb, TCA_FLOWER_KEY_ENC_FLAGS_MASK, mask->flags))
+ return -EMSGSIZE;
+
+ return 0;
+}
+
static int fl_dump_key_options(struct sk_buff *skb, int enc_opt_type,
struct flow_dissector_key_enc_opts *enc_opts)
{
@@ -3481,6 +3523,9 @@ static int fl_dump_key(struct sk_buff *skb, struct net *net,
if (fl_dump_key_cfm(skb, &key->cfm, &mask->cfm))
goto nla_put_failure;
+ if (fl_dump_key_enc_flags(skb, &key->enc_flags, &mask->enc_flags))
+ goto nla_put_failure;
+
return 0;
nla_put_failure:
--
2.43.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH net-next 2/2] net/sched: cls_flower: add support for matching tunnel control flags
2024-01-31 16:13 ` [PATCH net-next 2/2] net/sched: cls_flower: add support for matching " Davide Caratti
@ 2024-01-31 21:13 ` Jamal Hadi Salim
2024-02-01 11:14 ` Davide Caratti
0 siblings, 1 reply; 6+ messages in thread
From: Jamal Hadi Salim @ 2024-01-31 21:13 UTC (permalink / raw)
To: Davide Caratti
Cc: Cong Wang, Jiri Pirko, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, netdev, Marcelo Ricardo Leitner,
Xin Long, Ilya Maximets
On Wed, Jan 31, 2024 at 11:16 AM Davide Caratti <dcaratti@redhat.com> wrote:
>
> extend cls_flower to match flags belonging to 'TUNNEL_FLAGS_PRESENT' mask
> inside skb tunnel metadata.
>
> Suggested-by: Ilya Maximets <i.maximets@ovn.org>
> Signed-off-by: Davide Caratti <dcaratti@redhat.com>
> ---
> include/uapi/linux/pkt_cls.h | 3 +++
> net/sched/cls_flower.c | 45 ++++++++++++++++++++++++++++++++++++
> 2 files changed, 48 insertions(+)
>
> diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h
> index ea277039f89d..e3394f9d06b7 100644
> --- a/include/uapi/linux/pkt_cls.h
> +++ b/include/uapi/linux/pkt_cls.h
> @@ -554,6 +554,9 @@ enum {
> TCA_FLOWER_KEY_SPI, /* be32 */
> TCA_FLOWER_KEY_SPI_MASK, /* be32 */
>
> + TCA_FLOWER_KEY_ENC_FLAGS, /* be16 */
> + TCA_FLOWER_KEY_ENC_FLAGS_MASK, /* be16 */
> +
> __TCA_FLOWER_MAX,
> };
>
> diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
> index efb9d2811b73..d244169c8471 100644
> --- a/net/sched/cls_flower.c
> +++ b/net/sched/cls_flower.c
> @@ -74,6 +74,7 @@ struct fl_flow_key {
> struct flow_dissector_key_l2tpv3 l2tpv3;
> struct flow_dissector_key_ipsec ipsec;
> struct flow_dissector_key_cfm cfm;
> + struct flow_dissector_key_enc_flags enc_flags;
> } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
>
> struct fl_flow_mask_range {
> @@ -731,6 +732,10 @@ static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
> [TCA_FLOWER_KEY_SPI_MASK] = { .type = NLA_U32 },
> [TCA_FLOWER_L2_MISS] = NLA_POLICY_MAX(NLA_U8, 1),
> [TCA_FLOWER_KEY_CFM] = { .type = NLA_NESTED },
> + [TCA_FLOWER_KEY_ENC_FLAGS] = NLA_POLICY_MASK(NLA_BE16,
> + TUNNEL_FLAGS_PRESENT),
> + [TCA_FLOWER_KEY_ENC_FLAGS_MASK] = NLA_POLICY_MASK(NLA_BE16,
> + TUNNEL_FLAGS_PRESENT),
> };
>
> static const struct nla_policy
> @@ -1748,6 +1753,21 @@ static int fl_set_key_cfm(struct nlattr **tb,
> return 0;
> }
>
> +static int fl_set_key_enc_flags(struct nlattr **tb, __be16 *flags_key,
> + __be16 *flags_mask, struct netlink_ext_ack *extack)
> +{
> + /* mask is mandatory for flags */
> + if (!tb[TCA_FLOWER_KEY_ENC_FLAGS_MASK]) {
if (NL_REQ_ATTR_CHECK(extack,...))
> + NL_SET_ERR_MSG(extack, "missing enc_flags mask");
> + return -EINVAL;
> + }
> +
> + *flags_key = nla_get_be16(tb[TCA_FLOWER_KEY_ENC_FLAGS]);
> + *flags_mask = nla_get_be16(tb[TCA_FLOWER_KEY_ENC_FLAGS_MASK]);
> +
> + return 0;
> +}
> +
> static int fl_set_key(struct net *net, struct nlattr **tb,
> struct fl_flow_key *key, struct fl_flow_key *mask,
> struct netlink_ext_ack *extack)
> @@ -1986,6 +2006,10 @@ static int fl_set_key(struct net *net, struct nlattr **tb,
> ret = fl_set_key_flags(tb, &key->control.flags,
> &mask->control.flags, extack);
>
> + if (tb[TCA_FLOWER_KEY_ENC_FLAGS])
And here..
cheers,
jamal
> + ret = fl_set_key_enc_flags(tb, &key->enc_flags.flags,
> + &mask->enc_flags.flags, extack);
> +
> return ret;
> }
>
> @@ -2098,6 +2122,8 @@ static void fl_init_dissector(struct flow_dissector *dissector,
> FLOW_DISSECTOR_KEY_IPSEC, ipsec);
> FL_KEY_SET_IF_MASKED(mask, keys, cnt,
> FLOW_DISSECTOR_KEY_CFM, cfm);
> + FL_KEY_SET_IF_MASKED(mask, keys, cnt,
> + FLOW_DISSECTOR_KEY_ENC_FLAGS, enc_flags);
>
> skb_flow_dissector_init(dissector, keys, cnt);
> }
> @@ -3185,6 +3211,22 @@ static int fl_dump_key_cfm(struct sk_buff *skb,
> return err;
> }
>
> +static int fl_dump_key_enc_flags(struct sk_buff *skb,
> + struct flow_dissector_key_enc_flags *key,
> + struct flow_dissector_key_enc_flags *mask)
> +{
> + if (!memchr_inv(mask, 0, sizeof(*mask)))
> + return 0;
> +
> + if (nla_put_be16(skb, TCA_FLOWER_KEY_ENC_FLAGS, key->flags))
> + return -EMSGSIZE;
> +
> + if (nla_put_be16(skb, TCA_FLOWER_KEY_ENC_FLAGS_MASK, mask->flags))
> + return -EMSGSIZE;
> +
> + return 0;
> +}
> +
> static int fl_dump_key_options(struct sk_buff *skb, int enc_opt_type,
> struct flow_dissector_key_enc_opts *enc_opts)
> {
> @@ -3481,6 +3523,9 @@ static int fl_dump_key(struct sk_buff *skb, struct net *net,
> if (fl_dump_key_cfm(skb, &key->cfm, &mask->cfm))
> goto nla_put_failure;
>
> + if (fl_dump_key_enc_flags(skb, &key->enc_flags, &mask->enc_flags))
> + goto nla_put_failure;
> +
> return 0;
>
> nla_put_failure:
> --
> 2.43.0
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net-next 2/2] net/sched: cls_flower: add support for matching tunnel control flags
2024-01-31 21:13 ` Jamal Hadi Salim
@ 2024-02-01 11:14 ` Davide Caratti
2024-02-01 14:59 ` Jamal Hadi Salim
0 siblings, 1 reply; 6+ messages in thread
From: Davide Caratti @ 2024-02-01 11:14 UTC (permalink / raw)
To: Jamal Hadi Salim
Cc: Cong Wang, Jiri Pirko, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, netdev, Marcelo Ricardo Leitner,
Xin Long, Ilya Maximets
hello Jamal, thanks for looking at this!
On Wed, Jan 31, 2024 at 04:13:25PM -0500, Jamal Hadi Salim wrote:
> On Wed, Jan 31, 2024 at 11:16 AM Davide Caratti <dcaratti@redhat.com> wrote:
> >
> > extend cls_flower to match flags belonging to 'TUNNEL_FLAGS_PRESENT' mask
> > inside skb tunnel metadata.
> >
> > Suggested-by: Ilya Maximets <i.maximets@ovn.org>
> > Signed-off-by: Davide Caratti <dcaratti@redhat.com>
[...]
> > @@ -1748,6 +1753,21 @@ static int fl_set_key_cfm(struct nlattr **tb,
> > return 0;
> > }
> >
> > +static int fl_set_key_enc_flags(struct nlattr **tb, __be16 *flags_key,
> > + __be16 *flags_mask, struct netlink_ext_ack *extack)
> > +{
> > + /* mask is mandatory for flags */
> > + if (!tb[TCA_FLOWER_KEY_ENC_FLAGS_MASK]) {
>
> if (NL_REQ_ATTR_CHECK(extack,...))
>
> > + NL_SET_ERR_MSG(extack, "missing enc_flags mask");
> > + return -EINVAL;
> > + }
right, I will change it in the v2.
[...]
> > @@ -1986,6 +2006,10 @@ static int fl_set_key(struct net *net, struct nlattr **tb,
> > ret = fl_set_key_flags(tb, &key->control.flags,
> > &mask->control.flags, extack);
> >
> > + if (tb[TCA_FLOWER_KEY_ENC_FLAGS])
>
> And here..
>
> cheers,
> jamal
>
> > + ret = fl_set_key_enc_flags(tb, &key->enc_flags.flags,
> > + &mask->enc_flags.flags, extack);
> > +
> > return ret;
here I don't see any advantage in doing
if (!NL_REQ_ATTR_CHECK(extack, NULL, tb, TCA_FLOWER_KEY_ENC_FLAGS))
ret = fl_set_key_enc_flags(tb, ... );
return ret;
the attribute is not mandatory, so a call to NL_SET_ERR_ATTR_MISS()
would do a useless/misleading assignment in extack->miss_type.
However, thanks for bringing the attention here :) At a second look,
this hunk introduces a bug: in case the parsing of TCA_FLOWER_KEY_FLAGS
fails, 'ret' is -EINVAL. If attributes TCA_FLOWER_KEY_ENC_FLAGS +
TCA_FLOWER_KEY_ENC_FLAGS_MASK are good to go, 'ret' will be overwritten
with 0 and flower will accept the rule... this is not intentional :)
will fix this in the v2.
--
davide
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net-next 2/2] net/sched: cls_flower: add support for matching tunnel control flags
2024-02-01 11:14 ` Davide Caratti
@ 2024-02-01 14:59 ` Jamal Hadi Salim
0 siblings, 0 replies; 6+ messages in thread
From: Jamal Hadi Salim @ 2024-02-01 14:59 UTC (permalink / raw)
To: Davide Caratti
Cc: Cong Wang, Jiri Pirko, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, netdev, Marcelo Ricardo Leitner,
Xin Long, Ilya Maximets
Hi Davide,
On Thu, Feb 1, 2024 at 6:14 AM Davide Caratti <dcaratti@redhat.com> wrote:
>
> hello Jamal, thanks for looking at this!
>
> On Wed, Jan 31, 2024 at 04:13:25PM -0500, Jamal Hadi Salim wrote:
> > On Wed, Jan 31, 2024 at 11:16 AM Davide Caratti <dcaratti@redhat.com> wrote:
> > >
> > > extend cls_flower to match flags belonging to 'TUNNEL_FLAGS_PRESENT' mask
> > > inside skb tunnel metadata.
> > >
> > > Suggested-by: Ilya Maximets <i.maximets@ovn.org>
> > > Signed-off-by: Davide Caratti <dcaratti@redhat.com>
>
> [...]
>
> > > @@ -1748,6 +1753,21 @@ static int fl_set_key_cfm(struct nlattr **tb,
> > > return 0;
> > > }
> > >
> > > +static int fl_set_key_enc_flags(struct nlattr **tb, __be16 *flags_key,
> > > + __be16 *flags_mask, struct netlink_ext_ack *extack)
> > > +{
> > > + /* mask is mandatory for flags */
> > > + if (!tb[TCA_FLOWER_KEY_ENC_FLAGS_MASK]) {
> >
> > if (NL_REQ_ATTR_CHECK(extack,...))
> >
> > > + NL_SET_ERR_MSG(extack, "missing enc_flags mask");
> > > + return -EINVAL;
> > > + }
>
> right, I will change it in the v2.
>
> [...]
>
> > > @@ -1986,6 +2006,10 @@ static int fl_set_key(struct net *net, struct nlattr **tb,
> > > ret = fl_set_key_flags(tb, &key->control.flags,
> > > &mask->control.flags, extack);
> > >
> > > + if (tb[TCA_FLOWER_KEY_ENC_FLAGS])
> >
> > And here..
> >
> > cheers,
> > jamal
> >
> > > + ret = fl_set_key_enc_flags(tb, &key->enc_flags.flags,
> > > + &mask->enc_flags.flags, extack);
> > > +
> > > return ret;
>
> here I don't see any advantage in doing
>
> if (!NL_REQ_ATTR_CHECK(extack, NULL, tb, TCA_FLOWER_KEY_ENC_FLAGS))
> ret = fl_set_key_enc_flags(tb, ... );
>
> return ret;
>
Ok, i was a little overzealous there. When i see tb[] my brain goes
NL_REQ_ATTR_CHECK ;->
> the attribute is not mandatory, so a call to NL_SET_ERR_ATTR_MISS()
> would do a useless/misleading assignment in extack->miss_type.
>
True.
> However, thanks for bringing the attention here :) At a second look,
> this hunk introduces a bug: in case the parsing of TCA_FLOWER_KEY_FLAGS
> fails, 'ret' is -EINVAL. If attributes TCA_FLOWER_KEY_ENC_FLAGS +
> TCA_FLOWER_KEY_ENC_FLAGS_MASK are good to go, 'ret' will be overwritten
> with 0 and flower will accept the rule... this is not intentional :)
> will fix this in the v2.
>
np ;->
cheers,
jamal
> --
> davide
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-02-01 14:59 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-31 16:13 [PATCH net-next 0/2] net: allow dissecting/matching tunnel control flags Davide Caratti
2024-01-31 16:13 ` [PATCH net-next 1/2] flow_dissector: add support for " Davide Caratti
2024-01-31 16:13 ` [PATCH net-next 2/2] net/sched: cls_flower: add support for matching " Davide Caratti
2024-01-31 21:13 ` Jamal Hadi Salim
2024-02-01 11:14 ` Davide Caratti
2024-02-01 14:59 ` Jamal Hadi Salim
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).