extend TC flower for matching on tunnel metadata.
Changes since v2:
- split uAPI changes and TC code in separate patches, as per David's request [2]
Changes since v1:
- fix incostintent naming in explain() and in tc-flower.8 (Asbjørn)
Changes since RFC:
- update uAPI bits to Asbjørn's most recent code [1]
- add 'tun' prefix to all flag names (Asbjørn)
- allow parsing 'enc_flags' multiple times, without clearing the match
mask every time, like happens for 'ip_flags' (Asbjørn)
- don't use "matches()" for parsing argv[] (Stephen)
- (hopefully) improve usage() printout (Asbjørn)
- update man page
[1] https://lore.kernel.org/netdev/20240709163825.1210046-1-ast@fiberby.net/
[2] https://lore.kernel.org/netdev/cc73004c-9aa8-9cd3-b46e-443c0727c34d@kernel.org/
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Expression 'ttl & ~(255 >> 0)' is always zero, because right operand
has 8 trailing zero bits, which is greater or equal than the size
of the left operand == 8 bits.
Found by RASU JSC.
Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
Reviewed-by: Guillaume Nault <gnault@redhat.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
There is a helper in utilities to handle missing argument,
but it was not being used consistently.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Allow adding tc filter for PFCP header.
Add support for parsing TCA_FLOWER_KEY_ENC_OPTS_PFCP.
Options are as follows: TYPE:SEID.
TYPE is a 8-bit value represented in hex and can be 1
for session header and 0 for node header. In PFCP packet
this is S flag in header.
SEID is a 64-bit session id value represented in hex.
This patch enables adding hardware filters using PFCP fields, see [1].
[1] https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=d823265dd45bbf14bd67aa476057108feb4143ce
Signed-off-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
Signed-off-by: Wojciech Drewek <wojciech.drewek@intel.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
The function doesn't use the FILE handle.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
The pretty printing routines no longer use the file handle.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
The removal of tick usage in netem, means that some of the
helper functions in tc are no longer used and can be safely removed.
Other functions can be made static.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The current version of netem in iproute2 has a maximum of 4.3 seconds
because of scaled 32 bit clock values. Some users would like to be
able to use larger delays to emulate things like storage delays.
Since kernel version 4.15, netem qdisc had netlink parameters
to express wider range of delays in nanoseconds. But the iproute2
side was never updated to use them.
This does break compatibility with older kernels (4.14 and earlier).
With these out of support kernels, the latency/delay parameter
will end up being ignored.
Reported-by: Marc Blanchet <marc.blanchet@viagenie.ca>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The callbacks in exec_util should not be modifying underlying
qdisc operations structure.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The callbacks in action_util should not be modifying underlying
qdisc operations structure.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The callbacks in filter_util should not be modifying underlying
qdisc operations structure.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The callbacks in qdisc_util should not be modifying underlying
qdisc operations structure.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Fix json corruption when using the "-json" option in some cases
Signed-off-by: Takanori Hirano <me@hrntknr.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
In the case of a process such as mapping a json to a structure,
it can be difficult if the keys have the same name but different types.
Since handle is used in hex string, change it to fw.
Signed-off-by: Takanori Hirano <me@hrntknr.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Add assertion to check for case of snprintf failing (bad format?)
or buffer getting full.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Fix json corruption when using the "-json" option in cases where tc-fw is set.
Signed-off-by: Takanori Hirano <me@hrntknr.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Fix various typos and spelling errors in some iproute2 comments.
Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
If the user specifies this flag for a filter command the kernel will
return the command's result back to user space.
For example:
tc -echo filter add dev lo parent ffff: protocol ip matchall action ok
added filter dev lo parent ffff: protocol ip pref 49152 matchall chain 0
As illustrated above, the kernel will give us a pref of 491252
The same can be done for other filter commands (replace, delete, and
change). For example:
tc -echo filter del dev lo parent ffff: pref 49152 protocol ip matchall
deleted filter dev lo parent ffff: protocol ip pref 49152 matchall chain 0
Signed-off-by: Victor Nogueira <victor@mojatatu.com>
Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
This patch adds the -echo flag to tc command line and support for it in
tc actions. If the user specifies this flag for an action command, the
kernel will return the command's result back to user space.
For example:
tc -echo actions add action mirred egress mirror dev lo
total acts 0
Added action
action order 1: mirred (Egress Mirror to device lo) pipe
index 10 ref 1 bind 0
not_in_hw
As illustrated above, the kernel will give us an index of 10
The same can be done for other action commands (replace, change, and
delete). For example:
tc -echo actions delete action mirred index 10
total acts 0
Deleted action
action order 1: mirred (Egress Mirror to device lo) pipe
index 10 ref 0 bind 0
not_in_hw
Signed-off-by: Victor Nogueira <victor@mojatatu.com>
Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
So far the mirred action has dealt with syntax that handles
mirror/redirection for netdev. A matching packet is redirected or mirrored
to a target netdev.
In this patch we enable mirred to mirror to a tc block as well.
IOW, the new syntax looks as follows:
... mirred <ingress | egress> <mirror | redirect> [index INDEX] < <blockid BLOCKID> | <dev <devname>> >
Examples of mirroring or redirecting to a tc block:
$ tc filter add block 22 protocol ip pref 25 \
flower dst_ip 192.168.0.0/16 action mirred egress mirror blockid 22
$ tc filter add block 22 protocol ip pref 25 \
flower dst_ip 10.10.10.10/32 action mirred egress redirect blockid 22
Co-developed-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Co-developed-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: Victor Nogueira <victor@mojatatu.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
There are three places in tc which all have same code for
handling clockid (copy/paste). Move it into tc_util.c.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
There is an open upstream kernel patch to remove ipt action from
kernel. This is corresponding iproute2 change.
- Remove support fot ipt and xt in tc.
- Remove no longer used header files.
- Update man pages.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Report new fields added in linux-6.7:
- fastpath : Number of packets that have used the fast path.
- band[012]_pkts : Number of packets currently queued per band.
- band[012]_drops : Counters of dropped packets, per band
(only printed if not zero)
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
The upstream kernel dropped support for ATM qdisc in
fb38306ceb9e (net/sched: Retire ATM qdisc, 2023-02-14)
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The kernel has removed support for dsmark qdisc in commit
bbe77c14ee61 (net/sched: Retire dsmark qdisc, 2023-02-14)
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Support for tcindex classifier was removed by upstream commit
8c710f75256b (net/sched: Retire tcindex classifier, 2023-02-14)
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The RSVP classifier was removed in 6.3 kernel by upstream commit
265b4da82dbf (net/sched: Retire rsvp classifier, 2023-02-14)
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
