提交 408fbc22 编写于 作者: J Jamal Hadi Salim 提交者: David S. Miller

net sched ife action: Introduce skb tcindex metadata encap decap

Sample use case of how this is encoded:
user space via tuntap (or a connected VM/Machine/container)
encodes the tcindex TLV.

Sample use case of decoding:
IFE action decodes it and the skb->tc_index is then used to classify.
So something like this for encoded ICMP packets:

.. first decode then reclassify... skb->tcindex will be set
sudo $TC filter add dev $ETH parent ffff: prio 2 protocol 0xbeef \
u32 match u32 0 0 flowid 1:1 \
action ife decode reclassify

...next match the decode icmp packet...
sudo $TC filter add dev $ETH parent ffff: prio 4 protocol ip \
u32 match ip protocol 1 0xff flowid 1:1 \
action continue

... last classify it using the tcindex classifier and do someaction..
sudo $TC filter add dev $ETH parent ffff: prio 5 protocol ip \
handle 0x11 tcindex classid 1:1 \
action blah..
Signed-off-by: NJamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 6a5d58b6
......@@ -32,8 +32,9 @@ enum {
#define IFE_META_HASHID 2
#define IFE_META_PRIO 3
#define IFE_META_QMAP 4
#define IFE_META_TCINDEX 5
/*Can be overridden at runtime by module option*/
#define __IFE_META_MAX 5
#define __IFE_META_MAX 6
#define IFE_META_MAX (__IFE_META_MAX - 1)
#endif
......@@ -793,6 +793,11 @@ config NET_IFE_SKBPRIO
depends on NET_ACT_IFE
---help---
config NET_IFE_SKBTCINDEX
tristate "Support to encoding decoding skb tcindex on IFE action"
depends on NET_ACT_IFE
---help---
config NET_CLS_IND
bool "Incoming device classification"
depends on NET_CLS_U32 || NET_CLS_FW
......
......@@ -23,6 +23,7 @@ obj-$(CONFIG_NET_ACT_SKBMOD) += act_skbmod.o
obj-$(CONFIG_NET_ACT_IFE) += act_ife.o
obj-$(CONFIG_NET_IFE_SKBMARK) += act_meta_mark.o
obj-$(CONFIG_NET_IFE_SKBPRIO) += act_meta_skbprio.o
obj-$(CONFIG_NET_IFE_SKBTCINDEX) += act_meta_skbtcindex.o
obj-$(CONFIG_NET_ACT_TUNNEL_KEY)+= act_tunnel_key.o
obj-$(CONFIG_NET_SCH_FIFO) += sch_fifo.o
obj-$(CONFIG_NET_SCH_CBQ) += sch_cbq.o
......
/*
* net/sched/act_meta_tc_index.c IFE skb->tc_index metadata module
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
* copyright Jamal Hadi Salim (2016)
*
*/
#include <linux/types.h>
#include <linux/kernel.h>
#include <linux/string.h>
#include <linux/errno.h>
#include <linux/skbuff.h>
#include <linux/rtnetlink.h>
#include <linux/module.h>
#include <linux/init.h>
#include <net/netlink.h>
#include <net/pkt_sched.h>
#include <uapi/linux/tc_act/tc_ife.h>
#include <net/tc_act/tc_ife.h>
#include <linux/rtnetlink.h>
static int skbtcindex_encode(struct sk_buff *skb, void *skbdata,
struct tcf_meta_info *e)
{
u32 ifetc_index = skb->tc_index;
return ife_encode_meta_u16(ifetc_index, skbdata, e);
}
static int skbtcindex_decode(struct sk_buff *skb, void *data, u16 len)
{
u16 ifetc_index = *(u16 *)data;
skb->tc_index = ntohs(ifetc_index);
return 0;
}
static int skbtcindex_check(struct sk_buff *skb, struct tcf_meta_info *e)
{
return ife_check_meta_u16(skb->tc_index, e);
}
static struct tcf_meta_ops ife_skbtcindex_ops = {
.metaid = IFE_META_TCINDEX,
.metatype = NLA_U16,
.name = "tc_index",
.synopsis = "skb tc_index 16 bit metadata",
.check_presence = skbtcindex_check,
.encode = skbtcindex_encode,
.decode = skbtcindex_decode,
.get = ife_get_meta_u16,
.alloc = ife_alloc_meta_u16,
.release = ife_release_meta_gen,
.validate = ife_validate_meta_u16,
.owner = THIS_MODULE,
};
static int __init ifetc_index_init_module(void)
{
return register_ife_op(&ife_skbtcindex_ops);
}
static void __exit ifetc_index_cleanup_module(void)
{
unregister_ife_op(&ife_skbtcindex_ops);
}
module_init(ifetc_index_init_module);
module_exit(ifetc_index_cleanup_module);
MODULE_AUTHOR("Jamal Hadi Salim(2016)");
MODULE_DESCRIPTION("Inter-FE skb tc_index metadata module");
MODULE_LICENSE("GPL");
MODULE_ALIAS_IFE_META(IFE_META_SKBTCINDEX);
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册