From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Davide Caratti <dcaratti@redhat.com>,
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 5.10 79/84] net/sched: act_police: more accurate MTU policing
Date: Mon, 20 Jun 2022 14:51:42 +0200 [thread overview]
Message-ID: <20220620124723.225943635@linuxfoundation.org> (raw)
In-Reply-To: <20220620124720.882450983@linuxfoundation.org>
From: Davide Caratti <dcaratti@redhat.com>
commit 4ddc844eb81da59bfb816d8d52089aba4e59e269 upstream.
in current Linux, MTU policing does not take into account that packets at
the TC ingress have the L2 header pulled. Thus, the same TC police action
(with the same value of tcfp_mtu) behaves differently for ingress/egress.
In addition, the full GSO size is compared to tcfp_mtu: as a consequence,
the policer drops GSO packets even when individual segments have the L2 +
L3 + L4 + payload length below the configured valued of tcfp_mtu.
Improve the accuracy of MTU policing as follows:
- account for mac_len for non-GSO packets at TC ingress.
- compare MTU threshold with the segmented size for GSO packets.
Also, add a kselftest that verifies the correct behavior.
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[dcaratti: fix conflicts due to lack of the following commits:
- commit 2ffe0395288a ("net/sched: act_police: add support for
packet-per-second policing")
- commit 53b61f29367d ("selftests: forwarding: Add tc-police tests for
packets per second")]
Link: https://lore.kernel.org/netdev/876d597a0ff55f6ba786f73c5a9fd9eb8d597a03.1644514748.git.dcaratti@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/act_police.c | 16 +++++-
tools/testing/selftests/net/forwarding/tc_police.sh | 52 ++++++++++++++++++++
2 files changed, 67 insertions(+), 1 deletion(-)
--- a/net/sched/act_police.c
+++ b/net/sched/act_police.c
@@ -213,6 +213,20 @@ release_idr:
return err;
}
+static bool tcf_police_mtu_check(struct sk_buff *skb, u32 limit)
+{
+ u32 len;
+
+ if (skb_is_gso(skb))
+ return skb_gso_validate_mac_len(skb, limit);
+
+ len = qdisc_pkt_len(skb);
+ if (skb_at_tc_ingress(skb))
+ len += skb->mac_len;
+
+ return len <= limit;
+}
+
static int tcf_police_act(struct sk_buff *skb, const struct tc_action *a,
struct tcf_result *res)
{
@@ -235,7 +249,7 @@ static int tcf_police_act(struct sk_buff
goto inc_overlimits;
}
- if (qdisc_pkt_len(skb) <= p->tcfp_mtu) {
+ if (tcf_police_mtu_check(skb, p->tcfp_mtu)) {
if (!p->rate_present) {
ret = p->tcfp_result;
goto end;
--- a/tools/testing/selftests/net/forwarding/tc_police.sh
+++ b/tools/testing/selftests/net/forwarding/tc_police.sh
@@ -35,6 +35,8 @@ ALL_TESTS="
police_shared_test
police_rx_mirror_test
police_tx_mirror_test
+ police_mtu_rx_test
+ police_mtu_tx_test
"
NUM_NETIFS=6
source tc_common.sh
@@ -290,6 +292,56 @@ police_tx_mirror_test()
police_mirror_common_test $rp2 egress "police tx and mirror"
}
+police_mtu_common_test() {
+ RET=0
+
+ local test_name=$1; shift
+ local dev=$1; shift
+ local direction=$1; shift
+
+ tc filter add dev $dev $direction protocol ip pref 1 handle 101 flower \
+ dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
+ action police mtu 1042 conform-exceed drop/ok
+
+ # to count "conform" packets
+ tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
+ dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
+ action drop
+
+ mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
+ -t udp sp=12345,dp=54321 -p 1001 -c 10 -q
+
+ mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
+ -t udp sp=12345,dp=54321 -p 1000 -c 3 -q
+
+ tc_check_packets "dev $dev $direction" 101 13
+ check_err $? "wrong packet counter"
+
+ # "exceed" packets
+ local overlimits_t0=$(tc_rule_stats_get ${dev} 1 ${direction} .overlimits)
+ test ${overlimits_t0} = 10
+ check_err $? "wrong overlimits, expected 10 got ${overlimits_t0}"
+
+ # "conform" packets
+ tc_check_packets "dev $h2 ingress" 101 3
+ check_err $? "forwarding error"
+
+ tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
+ tc filter del dev $dev $direction protocol ip pref 1 handle 101 flower
+
+ log_test "$test_name"
+}
+
+police_mtu_rx_test()
+{
+ police_mtu_common_test "police mtu (rx)" $rp1 ingress
+}
+
+police_mtu_tx_test()
+{
+ police_mtu_common_test "police mtu (tx)" $rp2 egress
+}
+
setup_prepare()
{
h1=${NETIFS[p1]}
next prev parent reply other threads:[~2022-06-20 13:11 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-20 12:50 [PATCH 5.10 00/84] 5.10.124-rc1 review Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 01/84] 9p: missing chunk of "fs/9p: Dont update file type when updating file attributes" Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 02/84] nfsd: Replace use of rwsem with errseq_t Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 03/84] bpf: Fix incorrect memory charge cost calculation in stack_map_alloc() Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 04/84] arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3 Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 05/84] powerpc/kasan: Silence KASAN warnings in __get_wchan() Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 06/84] ASoC: nau8822: Add operation for internal PLL off and on Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 07/84] dma-debug: make things less spammy under memory pressure Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 08/84] ASoC: cs42l52: Fix TLV scales for mixer controls Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 09/84] ASoC: cs35l36: Update digital volume TLV Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 10/84] ASoC: cs53l30: Correct number of volume levels on SX controls Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 11/84] ASoC: cs42l52: Correct TLV for Bypass Volume Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 12/84] ASoC: cs42l56: Correct typo in minimum level for SX volume controls Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 13/84] ASoC: cs42l51: Correct minimum value for SX volume control Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 14/84] ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 15/84] quota: Prevent memory allocation recursion while holding dq_lock Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 16/84] ASoC: wm8962: Fix suspend while playing music Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 17/84] ASoC: es8328: Fix event generation for deemphasis control Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 18/84] ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 19/84] Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 20/84] scsi: vmw_pvscsi: Expand vcpuHint to 16 bits Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 21/84] scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 22/84] scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 23/84] scsi: ipr: Fix missing/incorrect resource cleanup in error case Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 24/84] scsi: pmcraid: Fix missing " Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 25/84] ALSA: hda/realtek - Add HW8326 support Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 26/84] virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 27/84] nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 28/84] ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 29/84] net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 30/84] mellanox: mlx5: avoid uninitialized variable warning with gcc-12 Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 31/84] netfs: gcc-12: temporarily disable -Wattribute-warning for now Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 32/84] MIPS: Loongson-3: fix compile mips cpu_hwmon as module build error Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 33/84] gpio: dwapb: Dont print error on -EPROBE_DEFER Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 34/84] random: credit cpu and bootloader seeds by default Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 35/84] pNFS: Dont keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE Greg Kroah-Hartman
2022-06-20 12:50 ` [PATCH 5.10 36/84] pNFS: Avoid a live lock condition in pnfs_update_layout() Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 37/84] clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 38/84] i40e: Fix adding ADQ filter to TC0 Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 39/84] i40e: Fix calculating the number of queue pairs Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 40/84] i40e: Fix call trace in setup_tx_descriptors Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 41/84] Drivers: hv: vmbus: Release cpu lock in error case Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 42/84] tty: goldfish: Fix free_irq() on remove Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 43/84] misc: atmel-ssc: Fix IRQ check in ssc_probe Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 44/84] drm/i915/reset: Fix error_state_read ptr + offset use Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 45/84] nvme: use sysfs_emit instead of sprintf Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 46/84] nvme: add device name to warning in uuid_show() Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 47/84] mlxsw: spectrum_cnt: Reorder counter pools Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 48/84] net: bgmac: Fix an erroneous kfree() in bgmac_remove() Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 49/84] net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 50/84] arm64: ftrace: fix branch range checks Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 51/84] arm64: ftrace: consistently handle PLTs Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 52/84] certs/blacklist_hashes.c: fix const confusion in certs blacklist Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 53/84] block: Fix handling of offline queues in blk_mq_alloc_request_hctx() Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 54/84] faddr2line: Fix overlapping text section failures, the sequel Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 55/84] i2c: npcm7xx: Add check for platform_driver_register Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 56/84] irqchip/gic/realview: Fix refcount leak in realview_gic_of_init Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 57/84] irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 58/84] irqchip/gic-v3: Fix refcount leak " Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 59/84] i2c: designware: Use standard optional ref clock implementation Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 60/84] mei: me: add raptor lake point S DID Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 61/84] comedi: vmk80xx: fix expression for tx buffer size Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 62/84] crypto: memneq - move into lib/ Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 63/84] USB: serial: option: add support for Cinterion MV31 with new baseline Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 64/84] USB: serial: io_ti: add Agilent E5805A support Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 65/84] usb: dwc2: Fix memory leak in dwc2_hcd_init Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 66/84] usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 67/84] serial: 8250: Store to lsr_save_flags after lsr read Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 68/84] dm mirror log: round up region bitmap size to BITS_PER_LONG Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 69/84] drm/amd/display: Cap OLED brightness per max frame-average luminance Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 70/84] ext4: fix bug_on ext4_mb_use_inode_pa Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 71/84] ext4: make variable "count" signed Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 72/84] ext4: add reserved GDT blocks check Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 73/84] KVM: arm64: Dont read a HW interrupt pending state in user context Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 74/84] KVM: x86: Account a variety of miscellaneous allocations Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 75/84] KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 76/84] ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 77/84] virtio-pci: Remove wrong address verification in vp_del_vqs() Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 78/84] dma-direct: dont over-decrypt memory Greg Kroah-Hartman
2022-06-20 12:51 ` Greg Kroah-Hartman [this message]
2022-06-20 12:51 ` [PATCH 5.10 80/84] net: openvswitch: fix misuse of the cached connection on tuple changes Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 81/84] Revert "PCI: Make pci_enable_ptm() private" Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 82/84] igc: Enable PCIe PTM Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 83/84] powerpc/book3e: get rid of #include <generated/compile.h> Greg Kroah-Hartman
2022-06-20 12:51 ` [PATCH 5.10 84/84] clk: imx8mp: fix usb_root_clk parent Greg Kroah-Hartman
2022-06-20 17:31 ` [PATCH 5.10 00/84] 5.10.124-rc1 review Florian Fainelli
2022-06-20 20:30 ` Pavel Machek
2022-06-20 21:29 ` Fox Chen
2022-06-21 0:46 ` Guenter Roeck
2022-06-21 2:12 ` Samuel Zou
2022-06-21 8:38 ` Naresh Kamboju
2022-06-21 9:36 ` Sudip Mukherjee
2022-06-21 9:58 ` Jon Hunter
2022-06-21 21:48 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220620124723.225943635@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=dcaratti@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=marcelo.leitner@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox