diff mbox series

[RFC,net-next,6/6,v2] net/sched: act_ct: Add tc recirc id set/del support

Message ID 1548748926-23822-7-git-send-email-paulb@mellanox.com
State RFC
Delegated to: David Miller
Headers show
Series connection tracking in tc and OVS offload | expand

Commit Message

Paul Blakey Jan. 29, 2019, 8:02 a.m. UTC 
Set or clears (free) the skb tc recirc id extension.
If used with OVS, OVS can clear this recirc id after it reads it.

Signed-off-by: Paul Blakey <paulb@mellanox.com>
---
 include/net/tc_act/tc_ct.h        |  2 ++
 include/uapi/linux/tc_act/tc_ct.h |  2 ++
 net/sched/act_ct.c                | 18 ++++++++++++++++++
 3 files changed, 22 insertions(+)

Comments

Marcelo Leitner Jan. 29, 2019, 6:12 p.m. UTC | #1 
On Tue, Jan 29, 2019 at 10:02:06AM +0200, Paul Blakey wrote:
> Set or clears (free) the skb tc recirc id extension.
> If used with OVS, OVS can clear this recirc id after it reads it.
> 
> Signed-off-by: Paul Blakey <paulb@mellanox.com>
> ---
>  include/net/tc_act/tc_ct.h        |  2 ++
>  include/uapi/linux/tc_act/tc_ct.h |  2 ++
>  net/sched/act_ct.c                | 18 ++++++++++++++++++
>  3 files changed, 22 insertions(+)
> 
> diff --git a/include/net/tc_act/tc_ct.h b/include/net/tc_act/tc_ct.h
> index 4a16375..6ea19d8 100644
> --- a/include/net/tc_act/tc_ct.h
> +++ b/include/net/tc_act/tc_ct.h
> @@ -16,6 +16,8 @@ struct tcf_ct {
>  	u32 mark_mask;
>  	u16 zone;
>  	bool commit;
> +	uint32_t set_recirc;
> +	bool del_recirc;
>  };
>  
>  #define to_ct(a) ((struct tcf_ct *)a)
> diff --git a/include/uapi/linux/tc_act/tc_ct.h b/include/uapi/linux/tc_act/tc_ct.h
> index 6dbd771..2279a9b 100644
> --- a/include/uapi/linux/tc_act/tc_ct.h
> +++ b/include/uapi/linux/tc_act/tc_ct.h
> @@ -14,6 +14,8 @@ struct tc_ct {
>  	__u32 labels_mask[4];
>  	__u32 mark;
>  	__u32 mark_mask;
> +	uint32_t set_recirc;
> +	bool del_recirc;
>  	bool commit;
>  };

Have you considered adding a specific action for this? Asking because
setting recirc_id can be useful outside of ct context too: decap, set
recirc_id, reclassify.

>  
> diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
> index 61155cc..7822385 100644
> --- a/net/sched/act_ct.c
> +++ b/net/sched/act_ct.c
> @@ -117,6 +117,11 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a,
>  	u_int8_t family;
>  	bool cached;
>  
> +	if (ca->del_recirc) {
> +		skb_ext_del(skb, SKB_EXT_TC_RECIRC_ID);
> +		return ca->tcf_action;
> +	}
> +
>  	/* The conntrack module expects to be working at L3. */
>  	nh_ofs = skb_network_offset(skb);
>  	skb_pull_rcsum(skb, nh_ofs);
> @@ -243,6 +248,15 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a,
>  	skb_postpush_rcsum(skb, skb->data, nh_ofs);
>  
>  	spin_unlock(&ca->tcf_lock);
> +
> +	if (ca->set_recirc) {
> +		u32 recirc = ca->set_recirc;
> +		uint32_t *recircp = skb_ext_add(skb, SKB_EXT_TC_RECIRC_ID);
> +
> +		if (recircp)
> +			*recircp = recirc;
> +	}
> +
>  	return ca->tcf_action;
>  
>  drop:
> @@ -305,6 +319,8 @@ static int tcf_ct_init(struct net *net, struct nlattr *nla,
>  		ci->net = net;
>  		ci->commit = parm->commit;
>  		ci->zone = parm->zone;
> +		ci->set_recirc = parm->set_recirc;
> +		ci->del_recirc = parm->del_recirc;
>  #if !IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
>  		if (parm->mark_mask) {
>  			NL_SET_ERR_MSG_MOD(extack, "Mark not supported by kernel config");
> @@ -378,6 +394,8 @@ static inline int tcf_ct_dump(struct sk_buff *skb, struct tc_action *a,
>  	opt.mark_mask = ci->mark_mask,
>  	memcpy(opt.labels, ci->labels, sizeof(opt.labels));
>  	memcpy(opt.labels_mask, ci->labels_mask, sizeof(opt.labels_mask));
> +	opt.set_recirc = ci->set_recirc;
> +	opt.del_recirc = ci->del_recirc;
>  
>  	if (nla_put(skb, TCA_CT_PARMS, sizeof(opt), &opt))
>  		goto nla_put_failure;
> -- 
> 1.8.3.1
>
Paul Blakey Jan. 30, 2019, 8:20 a.m. UTC | #2 
On 29/01/2019 20:12, Marcelo Leitner wrote:
> On Tue, Jan 29, 2019 at 10:02:06AM +0200, Paul Blakey wrote:
>> Set or clears (free) the skb tc recirc id extension.
>> If used with OVS, OVS can clear this recirc id after it reads it.
>>
>> Signed-off-by: Paul Blakey <paulb@mellanox.com>
>> ---
>>  include/net/tc_act/tc_ct.h        |  2 ++
>>  include/uapi/linux/tc_act/tc_ct.h |  2 ++
>>  net/sched/act_ct.c                | 18 ++++++++++++++++++
>>  3 files changed, 22 insertions(+)
>>
>> diff --git a/include/net/tc_act/tc_ct.h b/include/net/tc_act/tc_ct.h
>> index 4a16375..6ea19d8 100644
>> --- a/include/net/tc_act/tc_ct.h
>> +++ b/include/net/tc_act/tc_ct.h
>> @@ -16,6 +16,8 @@ struct tcf_ct {
>>  	u32 mark_mask;
>>  	u16 zone;
>>  	bool commit;
>> +	uint32_t set_recirc;
>> +	bool del_recirc;
>>  };
>>  
>>  #define to_ct(a) ((struct tcf_ct *)a)
>> diff --git a/include/uapi/linux/tc_act/tc_ct.h b/include/uapi/linux/tc_act/tc_ct.h
>> index 6dbd771..2279a9b 100644
>> --- a/include/uapi/linux/tc_act/tc_ct.h
>> +++ b/include/uapi/linux/tc_act/tc_ct.h
>> @@ -14,6 +14,8 @@ struct tc_ct {
>>  	__u32 labels_mask[4];
>>  	__u32 mark;
>>  	__u32 mark_mask;
>> +	uint32_t set_recirc;
>> +	bool del_recirc;
>>  	bool commit;
>>  };
> 
> Have you considered adding a specific action for this? Asking because
> setting recirc_id can be useful outside of ct context too: decap, set
> recirc_id, reclassify.
> 

Yes I did, I didn't know if it was overkill, till a use case such as you
suggested arises beside CT.

One thing I'm not sure of is, who will delete the recirc id, it seems
it's freed only via skb_ext_put(skb) at skb_release_head_state()
But I might be missing a del from skb_scrub_packet like nf_reset does.

>>  
>> diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
>> index 61155cc..7822385 100644
>> --- a/net/sched/act_ct.c
>> +++ b/net/sched/act_ct.c
>> @@ -117,6 +117,11 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a,
>>  	u_int8_t family;
>>  	bool cached;
>>  
>> +	if (ca->del_recirc) {
>> +		skb_ext_del(skb, SKB_EXT_TC_RECIRC_ID);
>> +		return ca->tcf_action;
>> +	}
>> +
>>  	/* The conntrack module expects to be working at L3. */
>>  	nh_ofs = skb_network_offset(skb);
>>  	skb_pull_rcsum(skb, nh_ofs);
>> @@ -243,6 +248,15 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a,
>>  	skb_postpush_rcsum(skb, skb->data, nh_ofs);
>>  
>>  	spin_unlock(&ca->tcf_lock);
>> +
>> +	if (ca->set_recirc) {
>> +		u32 recirc = ca->set_recirc;
>> +		uint32_t *recircp = skb_ext_add(skb, SKB_EXT_TC_RECIRC_ID);
>> +
>> +		if (recircp)
>> +			*recircp = recirc;
>> +	}
>> +
>>  	return ca->tcf_action;
>>  
>>  drop:
>> @@ -305,6 +319,8 @@ static int tcf_ct_init(struct net *net, struct nlattr *nla,
>>  		ci->net = net;
>>  		ci->commit = parm->commit;
>>  		ci->zone = parm->zone;
>> +		ci->set_recirc = parm->set_recirc;
>> +		ci->del_recirc = parm->del_recirc;
>>  #if !IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
>>  		if (parm->mark_mask) {
>>  			NL_SET_ERR_MSG_MOD(extack, "Mark not supported by kernel config");
>> @@ -378,6 +394,8 @@ static inline int tcf_ct_dump(struct sk_buff *skb, struct tc_action *a,
>>  	opt.mark_mask = ci->mark_mask,
>>  	memcpy(opt.labels, ci->labels, sizeof(opt.labels));
>>  	memcpy(opt.labels_mask, ci->labels_mask, sizeof(opt.labels_mask));
>> +	opt.set_recirc = ci->set_recirc;
>> +	opt.del_recirc = ci->del_recirc;
>>  
>>  	if (nla_put(skb, TCA_CT_PARMS, sizeof(opt), &opt))
>>  		goto nla_put_failure;
>> -- 
>> 1.8.3.1
>>
diff mbox series

Patch

diff --git a/include/net/tc_act/tc_ct.h b/include/net/tc_act/tc_ct.h
index 4a16375..6ea19d8 100644
--- a/include/net/tc_act/tc_ct.h
+++ b/include/net/tc_act/tc_ct.h
@@ -16,6 +16,8 @@  struct tcf_ct {
 	u32 mark_mask;
 	u16 zone;
 	bool commit;
+	uint32_t set_recirc;
+	bool del_recirc;
 };
 
 #define to_ct(a) ((struct tcf_ct *)a)
diff --git a/include/uapi/linux/tc_act/tc_ct.h b/include/uapi/linux/tc_act/tc_ct.h
index 6dbd771..2279a9b 100644
--- a/include/uapi/linux/tc_act/tc_ct.h
+++ b/include/uapi/linux/tc_act/tc_ct.h
@@ -14,6 +14,8 @@  struct tc_ct {
 	__u32 labels_mask[4];
 	__u32 mark;
 	__u32 mark_mask;
+	uint32_t set_recirc;
+	bool del_recirc;
 	bool commit;
 };
 
diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index 61155cc..7822385 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -117,6 +117,11 @@  static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a,
 	u_int8_t family;
 	bool cached;
 
+	if (ca->del_recirc) {
+		skb_ext_del(skb, SKB_EXT_TC_RECIRC_ID);
+		return ca->tcf_action;
+	}
+
 	/* The conntrack module expects to be working at L3. */
 	nh_ofs = skb_network_offset(skb);
 	skb_pull_rcsum(skb, nh_ofs);
@@ -243,6 +248,15 @@  static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a,
 	skb_postpush_rcsum(skb, skb->data, nh_ofs);
 
 	spin_unlock(&ca->tcf_lock);
+
+	if (ca->set_recirc) {
+		u32 recirc = ca->set_recirc;
+		uint32_t *recircp = skb_ext_add(skb, SKB_EXT_TC_RECIRC_ID);
+
+		if (recircp)
+			*recircp = recirc;
+	}
+
 	return ca->tcf_action;
 
 drop:
@@ -305,6 +319,8 @@  static int tcf_ct_init(struct net *net, struct nlattr *nla,
 		ci->net = net;
 		ci->commit = parm->commit;
 		ci->zone = parm->zone;
+		ci->set_recirc = parm->set_recirc;
+		ci->del_recirc = parm->del_recirc;
 #if !IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
 		if (parm->mark_mask) {
 			NL_SET_ERR_MSG_MOD(extack, "Mark not supported by kernel config");
@@ -378,6 +394,8 @@  static inline int tcf_ct_dump(struct sk_buff *skb, struct tc_action *a,
 	opt.mark_mask = ci->mark_mask,
 	memcpy(opt.labels, ci->labels, sizeof(opt.labels));
 	memcpy(opt.labels_mask, ci->labels_mask, sizeof(opt.labels_mask));
+	opt.set_recirc = ci->set_recirc;
+	opt.del_recirc = ci->del_recirc;
 
 	if (nla_put(skb, TCA_CT_PARMS, sizeof(opt), &opt))
 		goto nla_put_failure;