Re: [PATCH net-next 2/7] net: openvswitch: add explicit drop action

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Aaron Conole <aconole@redhat.com>
To: Adrian Moreno <amorenoz@redhat.com>
Cc: netdev@vger.kernel.org,  Eric Garver <eric@garver.life>,
	dev@openvswitch.org,  i.maximets@ovn.org
Subject: Re: [PATCH net-next 2/7] net: openvswitch: add explicit drop action
Date: Mon, 24 Jul 2023 10:47:34 -0400	[thread overview]
Message-ID: <f7tcz0hl62h.fsf@redhat.com> (raw)
In-Reply-To: <20230722094238.2520044-3-amorenoz@redhat.com> (Adrian Moreno's message of "Sat, 22 Jul 2023 11:42:32 +0200")

Adrian Moreno <amorenoz@redhat.com> writes:

> From: Eric Garver <eric@garver.life>
>
> This adds an explicit drop action. This is used by OVS to drop packets
> for which it cannot determine what to do. An explicit action in the
> kernel allows passing the reason _why_ the packet is being dropped or
> zero to indicate no particular error happened (i.e: OVS intentionally
> dropped the packet).
>
> Since the error codes coming from userspace mean nothing for the kernel,
> we squash all of them into only two drop reasons:
> - OVS_DROP_EXPLICIT_ACTION_ERROR to indicate a non-zero value was passed
> - OVS_DROP_EXPLICIT_ACTION to indicate a zero value was passed (no
>   error)
>
> e.g. trace all OVS dropped skbs
>
>  # perf trace -e skb:kfree_skb --filter="reason >= 0x30000"
>  [..]
>  106.023 ping/2465 skb:kfree_skb(skbaddr: 0xffffa0e8765f2000, \
>   location:0xffffffffc0d9b462, protocol: 2048, reason: 196610)
>
> reason: 196610 --> 0x30002 (OVS_DROP_EXPLICIT_ACTION)
>
> Signed-off-by: Eric Garver <eric@garver.life>
> Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
> ---
>  include/uapi/linux/openvswitch.h                     | 2 ++
>  net/openvswitch/actions.c                            | 9 +++++++++
>  net/openvswitch/drop.h                               | 2 ++
>  net/openvswitch/flow_netlink.c                       | 8 +++++++-
>  tools/testing/selftests/net/openvswitch/ovs-dpctl.py | 3 +++
>  5 files changed, 23 insertions(+), 1 deletion(-)
>
> diff --git a/include/uapi/linux/openvswitch.h b/include/uapi/linux/openvswitch.h
> index e94870e77ee9..efc82c318fa2 100644
> --- a/include/uapi/linux/openvswitch.h
> +++ b/include/uapi/linux/openvswitch.h
> @@ -965,6 +965,7 @@ struct check_pkt_len_arg {
>   * start of the packet or at the start of the l3 header depending on the value
>   * of l3 tunnel flag in the tun_flags field of OVS_ACTION_ATTR_ADD_MPLS
>   * argument.
> + * @OVS_ACTION_ATTR_DROP: Explicit drop action.
>   *
>   * Only a single header can be set with a single %OVS_ACTION_ATTR_SET.  Not all
>   * fields within a header are modifiable, e.g. the IPv4 protocol and fragment
> @@ -1002,6 +1003,7 @@ enum ovs_action_attr {
>  	OVS_ACTION_ATTR_CHECK_PKT_LEN, /* Nested OVS_CHECK_PKT_LEN_ATTR_*. */
>  	OVS_ACTION_ATTR_ADD_MPLS,     /* struct ovs_action_add_mpls. */
>  	OVS_ACTION_ATTR_DEC_TTL,      /* Nested OVS_DEC_TTL_ATTR_*. */
> +	OVS_ACTION_ATTR_DROP,         /* u32 error code. */
>  
>  	__OVS_ACTION_ATTR_MAX,	      /* Nothing past this will be accepted
>  				       * from userspace. */
> diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
> index af676dcac2b4..194379d58b62 100644
> --- a/net/openvswitch/actions.c
> +++ b/net/openvswitch/actions.c
> @@ -1485,6 +1485,15 @@ static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
>  				return dec_ttl_exception_handler(dp, skb,
>  								 key, a);
>  			break;
> +
> +		case OVS_ACTION_ATTR_DROP: {
> +			enum ovs_drop_reason reason = nla_get_u32(a)
> +				? OVS_DROP_EXPLICIT_ACTION_ERROR
> +				: OVS_DROP_EXPLICIT_ACTION;
> +
> +			kfree_skb_reason(skb, reason);
> +			return 0;
> +		}
>  		}
>  
>  		if (unlikely(err)) {
> diff --git a/net/openvswitch/drop.h b/net/openvswitch/drop.h
> index cdd10629c6be..f9e9c1610f6b 100644
> --- a/net/openvswitch/drop.h
> +++ b/net/openvswitch/drop.h
> @@ -9,6 +9,8 @@
>  
>  #define OVS_DROP_REASONS(R)			\
>  	R(OVS_DROP_FLOW)		        \
> +	R(OVS_DROP_EXPLICIT_ACTION)		\
> +	R(OVS_DROP_EXPLICIT_ACTION_ERROR)	\
>  	/* deliberate comment for trailing \ */
>  
>  enum ovs_drop_reason {
> diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
> index 41116361433d..244280922a14 100644
> --- a/net/openvswitch/flow_netlink.c
> +++ b/net/openvswitch/flow_netlink.c
> @@ -38,6 +38,7 @@
>  #include <net/tun_proto.h>
>  #include <net/erspan.h>
>  
> +#include "drop.h"
>  #include "flow_netlink.h"
>  
>  struct ovs_len_tbl {
> @@ -61,6 +62,7 @@ static bool actions_may_change_flow(const struct nlattr *actions)
>  		case OVS_ACTION_ATTR_RECIRC:
>  		case OVS_ACTION_ATTR_TRUNC:
>  		case OVS_ACTION_ATTR_USERSPACE:
> +		case OVS_ACTION_ATTR_DROP:
>  			break;
>  
>  		case OVS_ACTION_ATTR_CT:
> @@ -2394,7 +2396,7 @@ static void ovs_nla_free_nested_actions(const struct nlattr *actions, int len)
>  	/* Whenever new actions are added, the need to update this
>  	 * function should be considered.
>  	 */
> -	BUILD_BUG_ON(OVS_ACTION_ATTR_MAX != 23);
> +	BUILD_BUG_ON(OVS_ACTION_ATTR_MAX != 24);
>  
>  	if (!actions)
>  		return;
> @@ -3182,6 +3184,7 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
>  			[OVS_ACTION_ATTR_CHECK_PKT_LEN] = (u32)-1,
>  			[OVS_ACTION_ATTR_ADD_MPLS] = sizeof(struct ovs_action_add_mpls),
>  			[OVS_ACTION_ATTR_DEC_TTL] = (u32)-1,
> +			[OVS_ACTION_ATTR_DROP] = sizeof(u32),
>  		};
>  		const struct ovs_action_push_vlan *vlan;
>  		int type = nla_type(a);
> @@ -3453,6 +3456,9 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
>  			skip_copy = true;
>  			break;
>  
> +		case OVS_ACTION_ATTR_DROP:
> +			break;
> +

We may want to have an explicit check in this area to warn about an
action list like:

  output:1,drop(something),output:2

I see the action handling code will correctly return when we encounter
drop action, so it should stop the current skb context from being
accessed further.  But it may also be good to prevent extra actions from
being attempted in the first place.

>  		default:
>  			OVS_NLERR(log, "Unknown Action type %d", type);
>  			return -EINVAL;
> diff --git a/tools/testing/selftests/net/openvswitch/ovs-dpctl.py b/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
> index 12ba5265b88f..61c4d7b75261 100644
> --- a/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
> +++ b/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
> @@ -280,6 +280,7 @@ class ovsactions(nla):
>          ("OVS_ACTION_ATTR_CHECK_PKT_LEN", "none"),
>          ("OVS_ACTION_ATTR_ADD_MPLS", "none"),
>          ("OVS_ACTION_ATTR_DEC_TTL", "none"),
> +        ("OVS_ACTION_ATTR_DROP", "uint32"),
>      )
>  
>      class ctact(nla):
> @@ -426,6 +427,8 @@ class ovsactions(nla):
>                      print_str += "recirc(0x%x)" % int(self.get_attr(field[0]))
>                  elif field[0] == "OVS_ACTION_ATTR_TRUNC":
>                      print_str += "trunc(%d)" % int(self.get_attr(field[0]))
> +                elif field[0] == "OVS_ACTION_ATTR_DROP":
> +                    print_str += "drop"
>              elif field[1] == "flag":
>                  if field[0] == "OVS_ACTION_ATTR_CT_CLEAR":
>                      print_str += "ct_clear"

next prev parent reply	other threads:[~2023-07-24 14:47 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-07-22  9:42 [PATCH net-next 0/7] openvswitch: add drop reasons Adrian Moreno
2023-07-22  9:42 ` [PATCH net-next 1/7] net: openvswitch: add datapath flow drop reason Adrian Moreno
2023-07-22  9:42 ` [PATCH net-next 2/7] net: openvswitch: add explicit drop action Adrian Moreno
2023-07-24 14:47   ` Aaron Conole [this message]
2023-07-26  8:31     ` Adrian Moreno
2023-07-22  9:42 ` [PATCH net-next 3/7] net: openvswitch: add meter drop reason Adrian Moreno
2023-07-22  9:42 ` [PATCH net-next 4/7] net: openvswitch: add misc error drop reasons Adrian Moreno
2023-07-24 15:23   ` Aaron Conole
2023-07-26  8:32     ` Adrian Moreno
2023-07-22  9:42 ` [PATCH net-next 5/7] selftests: openvswitch: support key masks Adrian Moreno
2023-07-22  9:42 ` [PATCH net-next 6/7] selftests: openvswitch: add drop reason testcase Adrian Moreno
2023-07-22  9:42 ` [PATCH net-next 7/7] selftests: openvswitch: add explicit drop testcase Adrian Moreno
2023-07-24 14:49   ` Aaron Conole
2023-07-24 14:34 ` [PATCH net-next 0/7] openvswitch: add drop reasons Aaron Conole
2023-07-26  8:34   ` Adrian Moreno

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f7tcz0hl62h.fsf@redhat.com \
    --to=aconole@redhat.com \
    --cc=amorenoz@redhat.com \
    --cc=dev@openvswitch.org \
    --cc=eric@garver.life \
    --cc=i.maximets@ovn.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).