setting meta priority to select link vlan qos 802.1q priority via egress map

setting meta priority to select link vlan qos 802.1q priority via egress map

[Brad Pousland]

I am trying to control the vlan qos priority of a link by using an
egress qos map on the vlan link and setting the packet priority using
an nftables rule.

I have a vlan link defined with an egress map from 3 packet priorities
to 3 vlan qos priorities as follows:

30: eth0.2@enx00e07cc8db5b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
qdisc noqueue state UP mode DEFAULT group default
    link/ether 00:e0:7c:c8:db:5b brd ff:ff:ff:ff:ff:ff promiscuity 0
    vlan protocol 802.1Q id 2 <REORDER_HDR>
      egress-qos-map { 0:3 1:2 2:6 } addrgenmode eui64

As a test I am using a simple rule to set the packet priority of any
packet from the vlan address:

table ip mangle {
     chain postrouting {
          type filter hook postrouting priority 0; policy accept;
          ip saddr 192.168.1.62 meta priority set 0200: counter
packets 0 bytes 0
     }
}

I then send packets from eth0.2 and inspect the packets from the
physical parent device. The QOS field is always set to 3 as if the
priority was never modified on the outgoing packet by the rule, even
though the rule counter shows the rule was invoked.

Does anyone know if the "meta priority set" can be used for this
purpose?  I  could give up and use tc for vlan priority control but
that seems overkill since I don't have complex traffic shaping
requirements.

Thanks,
Brad

Re: setting meta priority to select link vlan qos 802.1q priority via egress map

[Brad Pousland]

It appears to be a bug with the nftables userspace utility nft. I
wrote a program to decode nftables rules and found the nft utility is
trying to fill the BPF data register with the priority value in
big-endian format.  If I hack it to use little-endian format for the
meta value, the skb->priority is set appropriately.

Brad



Brad Pousland
Principle Software Engineer
WigWag, Inc.
c - 512-963-2446
www.wigwag.com



On Tue, Apr 12, 2016 at 12:13 PM, Brad Pousland <bpousland@izuma.net> wrote:
> I am trying to control the vlan qos priority of a link by using an
> egress qos map on the vlan link and setting the packet priority using
> an nftables rule.
>
> I have a vlan link defined with an egress map from 3 packet priorities
> to 3 vlan qos priorities as follows:
>
> 30: eth0.2@enx00e07cc8db5b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
> qdisc noqueue state UP mode DEFAULT group default
>     link/ether 00:e0:7c:c8:db:5b brd ff:ff:ff:ff:ff:ff promiscuity 0
>     vlan protocol 802.1Q id 2 <REORDER_HDR>
>       egress-qos-map { 0:3 1:2 2:6 } addrgenmode eui64
>
> As a test I am using a simple rule to set the packet priority of any
> packet from the vlan address:
>
> table ip mangle {
>      chain postrouting {
>           type filter hook postrouting priority 0; policy accept;
>           ip saddr 192.168.1.62 meta priority set 0200: counter
> packets 0 bytes 0
>      }
> }
>
> I then send packets from eth0.2 and inspect the packets from the
> physical parent device. The QOS field is always set to 3 as if the
> priority was never modified on the outgoing packet by the rule, even
> though the rule counter shows the rule was invoked.
>
> Does anyone know if the "meta priority set" can be used for this
> purpose?  I  could give up and use tc for vlan priority control but
> that seems overkill since I don't have complex traffic shaping
> requirements.
>
> Thanks,
> Brad

Re: setting meta priority to select link vlan qos 802.1q priority via egress map

[Pablo Neira Ayuso]

On Wed, May 11, 2016 at 03:07:42PM -0500, Brad Pousland wrote:
> It appears to be a bug with the nftables userspace utility nft. I
> wrote a program to decode nftables rules and found the nft utility is
> trying to fill the BPF data register with the priority value in
> big-endian format.  If I hack it to use little-endian format for the
> meta value, the skb->priority is set appropriately.

Could you pass your hack so we can have a look?

Thanks!

Re: setting meta priority to select link vlan qos 802.1q priority via egress map

[Brad Pousland]

Decidedly not and endian issue.  It appears the the bison parser is
not allowing the colon to specify the min:max priority so this hack
allowed me to set the priority by specifying the 32-bit value:

nft add rule mangle postrouting ip protocol 6 tcp dport 22 meta
priority set 40000000 counter

diff --git a/src/meta.c b/src/meta.c
index bfc1258..60231ce 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -108,10 +108,10 @@ static struct error_record
*tchandle_type_parse(const struct expr *sym,
        } else {
                uint32_t min, max;

-               if (sscanf(sym->identifier, "%04x:%04x", &min, &max) < 0)
+               if (sscanf(sym->identifier, "%08x", &max) < 0)
                        goto err;

-               handle = max << 16 | min;
+               handle = max;// << 16 | min;
        }
        *res = constant_expr_alloc(&sym->location, sym->dtype,
                                   BYTEORDER_HOST_ENDIAN,


Brad Pousland
Principle Software Engineer
WigWag, Inc.
c - 512-963-2446
www.wigwag.com



On Wed, May 11, 2016 at 3:49 PM, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> On Wed, May 11, 2016 at 03:07:42PM -0500, Brad Pousland wrote:
>> It appears to be a bug with the nftables userspace utility nft. I
>> wrote a program to decode nftables rules and found the nft utility is
>> trying to fill the BPF data register with the priority value in
>> big-endian format.  If I hack it to use little-endian format for the
>> meta value, the skb->priority is set appropriately.
>
> Could you pass your hack so we can have a look?
>
> Thanks!