From patchwork Tue Jun 2 13:50:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tonghao Zhang X-Patchwork-Id: 1302468 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=g+ML++bV; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49btkb3QGZz9sSc for ; Tue, 2 Jun 2020 23:51:51 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 296AB864EF; Tue, 2 Jun 2020 13:51:48 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aLoVPBwUMCvm; Tue, 2 Jun 2020 13:51:47 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id E3BCF86422; Tue, 2 Jun 2020 13:51:45 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id D721DC0178; Tue, 2 Jun 2020 13:51:45 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id CE39CC016E for ; Tue, 2 Jun 2020 13:51:44 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id BB9B78779F for ; Tue, 2 Jun 2020 13:51:44 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hy-dZkg1JeDG for ; Tue, 2 Jun 2020 13:51:43 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-pj1-f66.google.com (mail-pj1-f66.google.com [209.85.216.66]) by whitealder.osuosl.org (Postfix) with ESMTPS id 93E7A87773 for ; Tue, 2 Jun 2020 13:51:43 +0000 (UTC) Received: by mail-pj1-f66.google.com with SMTP id i12so1389060pju.3 for ; Tue, 02 Jun 2020 06:51:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nX3RecM2aF+SUX4r0TRZRzi8c7lVhmj7QNstVaRVQpY=; b=g+ML++bVavehLkcPW84qV1CY+rXPDBTVtxKHFDdblDBIiCW+Md+L8G0qqW1bap7OYc fh7W8rQwh0fwbPDHL6WMn1Abcefnh8W3rtR35Riye0bb5JNToSkbkDGZ+qVUd7XkVKpG svn8yX9sfX+DdVL8iYpuYLNXhEmTzbRqfUWf+VgXUIX3fzL81hf+jBEkaPW2fDPd/tNn tqdXteCjwl4k1xmxDca1HA28X2VZUX/j3ptGTn4VAq/qah/nsi6J8MCBNoRRiVg7/QSc +b9+R6W10gYZCQ2Imyd5wwgVo/tctSXEh5cvVABJY4YCNHlNSrgngnLakgFeoRu6u1Q5 m9YA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nX3RecM2aF+SUX4r0TRZRzi8c7lVhmj7QNstVaRVQpY=; b=BT3u5PIeHdMF3AKteUSWEzd+BvisnWDV6wE9siGXwmwakvJQA/0wgzHdaEG95PA7Fg UFVip+tGLzd2O23xkozc8X1/KrAM01uP9U5InfNv2GAOISKTy4CEngaAuxzZhdPzRv4v aGxn/vU7yoox0tBFIAvDrFeSRri3e7gibv2SldCm0N1pj1TZUcsyJE+3y7ySyCOoAAmX hcbVvjQCeBDwHLILEGo9H0XifOCc+3HYgRD7ivWbNrh+Bs2bjG4H+TQfXSmB0XFl4BVT dHZqwNzXoKuoqx6lqZn2fUJM6xP0FjRvLcLZ959ZyawXisN8YCl7kV6DDmL79nhYgIsE Y+8A== X-Gm-Message-State: AOAM531/x0Q0lysxqoA5HX6eQjN0WkSRRjE1MbhT/ZAAk4U2I9fIal6v 1qJ17tjUDTXOv/7m0wHgPezc+yf4cCzhPQ== X-Google-Smtp-Source: ABdhPJza+cDwagBW/MvJlMrn8y9chYbKyl/ot9nznBLtOSMLQfhWNo6rUNfH7pAAmCB4w8/Qx+QeWw== X-Received: by 2002:a17:90a:36af:: with SMTP id t44mr5912465pjb.49.1591105903061; Tue, 02 Jun 2020 06:51:43 -0700 (PDT) Received: from localhost.localdomain ([203.100.54.194]) by smtp.gmail.com with ESMTPSA id h21sm2514622pjz.6.2020.06.02.06.51.40 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Jun 2020 06:51:42 -0700 (PDT) From: xiangxia.m.yue@gmail.com To: dev@openvswitch.org Date: Tue, 2 Jun 2020 21:50:22 +0800 Message-Id: <20200602135025.20704-2-xiangxia.m.yue@gmail.com> X-Mailer: git-send-email 2.15.0 In-Reply-To: <20200602135025.20704-1-xiangxia.m.yue@gmail.com> References: <20200602135025.20704-1-xiangxia.m.yue@gmail.com> Cc: simon.horman@netronome.com, i.maximets@ovn.org Subject: [ovs-dev] [PATCH v2 1/4] dpif-netlink: Generate ufids for installing TC flowers X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Tonghao Zhang To support installing the TC flowers to HW, via "ovs-appctl dpctl/add-flow" command, there should be an ufid. This patch will check whether ufid exists, if not, generate an ufid. Should to know that when processing upcall packets, ufid is generated in parse_odp_packet for kernel datapath. Configuring the max-idle/max-revalidator, may help testing this patch. Cc: Simon Horman Cc: Paul Blakey Cc: Roi Dayan Cc: Ben Pfaff Cc: William Tu Cc: Ilya Maximets Signed-off-by: Tonghao Zhang Acked-by: Roi Dayan --- lib/dpif-netlink.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c index dc642100fc58..a19ed7e53566 100644 --- a/lib/dpif-netlink.c +++ b/lib/dpif-netlink.c @@ -2231,12 +2231,55 @@ dpif_netlink_operate_chunks(struct dpif_netlink *dpif, struct dpif_op **ops, } } +static void +dpif_netlink_try_update_ufid__(struct dpif_op *op, ovs_u128 *ufid) +{ + switch (op->type) { + case DPIF_OP_FLOW_PUT: + if (!op->flow_put.ufid) { + odp_flow_key_hash(op->flow_put.key, op->flow_put.key_len, + ufid); + op->flow_put.ufid = ufid; + } + break; + case DPIF_OP_FLOW_DEL: + if (!op->flow_del.ufid) { + odp_flow_key_hash(op->flow_del.key, op->flow_del.key_len, + ufid); + op->flow_del.ufid = ufid; + } + break; + case DPIF_OP_FLOW_GET: + if (!op->flow_get.ufid) { + odp_flow_key_hash(op->flow_get.key, op->flow_get.key_len, + ufid); + op->flow_get.ufid = ufid; + } + break; + case DPIF_OP_EXECUTE: + default: + break; + } +} + +static void +dpif_netlink_try_update_ufid(struct dpif_op **ops, ovs_u128 *ufid, + size_t n_ops) +{ + int i; + + for (i = 0; i < n_ops; i++) { + dpif_netlink_try_update_ufid__(ops[i], &ufid[i]); + } +} + static void dpif_netlink_operate(struct dpif *dpif_, struct dpif_op **ops, size_t n_ops, enum dpif_offload_type offload_type) { struct dpif_netlink *dpif = dpif_netlink_cast(dpif_); struct dpif_op *new_ops[OPERATE_MAX_OPS]; + ovs_u128 ufids[OPERATE_MAX_OPS]; int count = 0; int i = 0; int err = 0; @@ -2246,6 +2289,8 @@ dpif_netlink_operate(struct dpif *dpif_, struct dpif_op **ops, size_t n_ops, return; } + dpif_netlink_try_update_ufid(ops, ufids, n_ops); + if (offload_type != DPIF_OFFLOAD_NEVER && netdev_is_flow_api_enabled()) { while (n_ops > 0) { count = 0; From patchwork Tue Jun 2 13:50:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tonghao Zhang X-Patchwork-Id: 1302469 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=JvL1Z53G; dkim-atps=neutral Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49btkb4LzNz9sSd for ; Tue, 2 Jun 2020 23:51:51 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 84700883C0; Tue, 2 Jun 2020 13:51:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yL3Cb-tWDnNP; Tue, 2 Jun 2020 13:51:48 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 9CA5A883A4; Tue, 2 Jun 2020 13:51:48 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8462FC0178; Tue, 2 Jun 2020 13:51:48 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 5B288C016E for ; Tue, 2 Jun 2020 13:51:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 57A3887482 for ; Tue, 2 Jun 2020 13:51:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4d6tdRmeU+cF for ; Tue, 2 Jun 2020 13:51:46 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-pj1-f67.google.com (mail-pj1-f67.google.com [209.85.216.67]) by whitealder.osuosl.org (Postfix) with ESMTPS id C2103877E1 for ; Tue, 2 Jun 2020 13:51:46 +0000 (UTC) Received: by mail-pj1-f67.google.com with SMTP id k2so1393387pjs.2 for ; Tue, 02 Jun 2020 06:51:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=cd1fbrRwKQ8oECp9PvwUDQCezS6PuomjvxnEMHDe9PQ=; b=JvL1Z53G64b4h6ZQ5mdhEYWv7SleCLftXU+GB3sYh910wBx2FJaNrMSGUqPKrUDIe+ RVIfght/CKfbgdoM5LxApqHtkdxWx80nty0Yx8kutAjXNbD1CO6kMSRjTN+FConf8o8p rXJPHV9fyvVPZyIkncDJbmCRhl5reKepmPHWf/S/G7zqO734ZuYTlLAYZW7shTnx6Fu8 WxC5MBETO+Zk2qQNamQJz5WHbCFpFH6BlLBj+vViZ33OtvaUaYrLRlxe48b+NCEq2Cz0 w8uk+RihpXSW1qxQJrADg7TPRawvCI6P/WJSEPE10uXc92R7tCX/SEtZ9BrKxeUMXGMK g9KQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=cd1fbrRwKQ8oECp9PvwUDQCezS6PuomjvxnEMHDe9PQ=; b=iC15na5e+nIWvIr6BROGhVbw8nBMbQkcL0961AfbcHIss1y7d3Gzn4T3PuAWBr6uex FqkCm/eI81sajT08elX5ypM3JcgTEkhzHgB0Ec9GMEdulq960lYnRJFtftdFHt232tS3 j5VXaUGPCN41azZ4r5ZIM08nZExMpCLieiBAxDq7Z4W1rq+e141qYGNGTqjZ3uYqMbgQ 1iRkChugUWC+DqI7aTeeczz2GrVKkOPBP5k4SWVK67QePsCNmSnW5QeoddoQG4N2N6OP VUbWUHfbfhhuytxX+dt6NCK0PQ0VSv0VxAHypjx3In4xJR4JeP8dnXc1hFfhSaW7K4og wzAQ== X-Gm-Message-State: AOAM530BJFmC6C4/Yo6vKyUET1CQLjV9Mzo0/tJWM54lgWt4bMZTmAyr CILXUUtHKj9z0+eMSrVXpvopSpxCri+g1Q== X-Google-Smtp-Source: ABdhPJwXvyWqZTM+5Yd/6nD3kmy5oFg5mjINmP5T6raOqtfwJkE1/fEYJXSKvoZG9esSOaNi+QpmMQ== X-Received: by 2002:a17:90a:881:: with SMTP id v1mr5774607pjc.227.1591105906286; Tue, 02 Jun 2020 06:51:46 -0700 (PDT) Received: from localhost.localdomain ([203.100.54.194]) by smtp.gmail.com with ESMTPSA id h21sm2514622pjz.6.2020.06.02.06.51.43 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Jun 2020 06:51:45 -0700 (PDT) From: xiangxia.m.yue@gmail.com To: dev@openvswitch.org Date: Tue, 2 Jun 2020 21:50:23 +0800 Message-Id: <20200602135025.20704-3-xiangxia.m.yue@gmail.com> X-Mailer: git-send-email 2.15.0 In-Reply-To: <20200602135025.20704-1-xiangxia.m.yue@gmail.com> References: <20200602135025.20704-1-xiangxia.m.yue@gmail.com> Cc: simon.horman@netronome.com, i.maximets@ovn.org Subject: [ovs-dev] [PATCH v2 2/4] netdev-offload-tc: Use ipv6_addr_is_set instead of is_all_zeros X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Tonghao Zhang Not bugfix, make the codes more readable. Cc: Simon Horman Cc: Paul Blakey Cc: Roi Dayan Cc: Ben Pfaff Cc: William Tu Cc: Ilya Maximets Signed-off-by: Tonghao Zhang Acked-by: Roi Dayan --- lib/netdev-offload-tc.c | 6 ++---- lib/tc.c | 6 ++---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/lib/netdev-offload-tc.c b/lib/netdev-offload-tc.c index 875ebef71941..9b7c74aae887 100644 --- a/lib/netdev-offload-tc.c +++ b/lib/netdev-offload-tc.c @@ -734,13 +734,11 @@ parse_tc_flower_to_match(struct tc_flower *flower, nl_msg_put_be32(buf, OVS_TUNNEL_KEY_ATTR_IPV4_DST, action->encap.ipv4.ipv4_dst); } - if (!is_all_zeros(&action->encap.ipv6.ipv6_src, - sizeof action->encap.ipv6.ipv6_src)) { + if (ipv6_addr_is_set(&action->encap.ipv6.ipv6_src)) { nl_msg_put_in6_addr(buf, OVS_TUNNEL_KEY_ATTR_IPV6_SRC, &action->encap.ipv6.ipv6_src); } - if (!is_all_zeros(&action->encap.ipv6.ipv6_dst, - sizeof action->encap.ipv6.ipv6_dst)) { + if (ipv6_addr_is_set(&action->encap.ipv6.ipv6_dst)) { nl_msg_put_in6_addr(buf, OVS_TUNNEL_KEY_ATTR_IPV6_DST, &action->encap.ipv6.ipv6_dst); } diff --git a/lib/tc.c b/lib/tc.c index 12af0192b614..a6297445ca33 100644 --- a/lib/tc.c +++ b/lib/tc.c @@ -2038,7 +2038,7 @@ nl_msg_put_act_tunnel_key_set(struct ofpbuf *request, bool id_present, if (ipv4_dst) { nl_msg_put_be32(request, TCA_TUNNEL_KEY_ENC_IPV4_SRC, ipv4_src); nl_msg_put_be32(request, TCA_TUNNEL_KEY_ENC_IPV4_DST, ipv4_dst); - } else if (!is_all_zeros(ipv6_dst, sizeof *ipv6_dst)) { + } else if (ipv6_addr_is_set(ipv6_dst)) { nl_msg_put_in6_addr(request, TCA_TUNNEL_KEY_ENC_IPV6_DST, ipv6_dst); nl_msg_put_in6_addr(request, TCA_TUNNEL_KEY_ENC_IPV6_SRC, @@ -2135,12 +2135,10 @@ nl_msg_put_act_ct(struct ofpbuf *request, struct tc_action *action) action->ct.range.ipv4.max); } } else if (action->ct.range.ip_family == AF_INET6) { - size_t ipv6_sz = sizeof(action->ct.range.ipv6.max); nl_msg_put_in6_addr(request, TCA_CT_NAT_IPV6_MIN, &action->ct.range.ipv6.min); - if (!is_all_zeros(&action->ct.range.ipv6.max, - ipv6_sz)) { + if (ipv6_addr_is_set(&action->ct.range.ipv6.max)) { nl_msg_put_in6_addr(request, TCA_CT_NAT_IPV6_MAX, &action->ct.range.ipv6.max); } From patchwork Tue Jun 2 13:50:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tonghao Zhang X-Patchwork-Id: 1302470 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=sIkvO8BM; dkim-atps=neutral Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49btks0cjxz9sSf for ; Tue, 2 Jun 2020 23:52:04 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 1AE5687A3A; Tue, 2 Jun 2020 13:52:03 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XOB7UdPRQ+GL; Tue, 2 Jun 2020 13:51:56 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 64C4587ED1; Tue, 2 Jun 2020 13:51:56 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 53166C0178; Tue, 2 Jun 2020 13:51:56 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 55661C0178 for ; Tue, 2 Jun 2020 13:51:54 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 4E98C87831 for ; Tue, 2 Jun 2020 13:51:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ybmBj6-Y74g6 for ; Tue, 2 Jun 2020 13:51:50 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-pf1-f193.google.com (mail-pf1-f193.google.com [209.85.210.193]) by whitealder.osuosl.org (Postfix) with ESMTPS id 59EED8779F for ; Tue, 2 Jun 2020 13:51:50 +0000 (UTC) Received: by mail-pf1-f193.google.com with SMTP id a127so3045588pfa.12 for ; Tue, 02 Jun 2020 06:51:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=uTVJx/3WtCJyqQ5+2j4OV6iCkJVgoHPI1sUSStkKmLE=; b=sIkvO8BMPXZqQwDSJWGBm92LWOfF1HcpKLxqBdkyN+MYDDETbsTJcPEyV+waf3q/7h TBlsP96oFZMnhhfa25Vhg72kA2jEENhj2GBIVB2EbvIzayfAP1McEvmOz+O33Sz8wdwD B0L7szP9UJy/puASu6Y6Lk3Wbu0zdKu+wv9fUCvXwGp97Nqg3N59Lfe7yZmpRXKQpNIE o4FkHSdJMzTUkHusdxlAgWzcf0oZGNp6vHT6d6tDWe3/1qch5ONXa6isOmVFjts1YDnS ly3AudQbyrR/EK9jdvpPAmdnlo1gEBL5RbTGsgdEjfr8iZGNnuoFP8RE2sXKq0QImqjs ikwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=uTVJx/3WtCJyqQ5+2j4OV6iCkJVgoHPI1sUSStkKmLE=; b=tVqpYcjHrhz0EvYOWirVgYx163Q9N/CNuJLslNjzI7e0NMPVWqaXGC9XwxEgZp5YsM WdxN62zk+C4nDsXD1ayLA5AU+riOZvSChem7EuMIi94OaDmHhG6rU9F3fDDzwak6Lhgc usYeVA7QE3xHMcwOaxYl+GF4YVK3gg0F+J6020a/sP2Ei5ex3gQ3wTrGtVqQP8dDDX2O Avxerml5/dvCCapQdr2EQHxctwTJi9YWTEwH38niIeBoFi5GZPyQpf75CZSzmsBZsGwZ 8y94AR+cCIH/WmsmOkzPB2BjlD2vftmRIdP1se06BsszWfbgCi06V64cY9dxCSfDLefk MbcQ== X-Gm-Message-State: AOAM531hqwYEHczIFDPd4RRk8noEQH+VBFuANHIhbKMOlVVp89W0Ufqs d195KdHRno/KXj664Uqv7ywevVsUrRwDMg== X-Google-Smtp-Source: ABdhPJzNOSE9kaIq5i4bGiJLywJ50x8ijpnEX2JJGQeNXYgK/dhVDeSF7apChJMl25RaXxDL0ft9Zw== X-Received: by 2002:a63:f14a:: with SMTP id o10mr24965358pgk.216.1591105909576; Tue, 02 Jun 2020 06:51:49 -0700 (PDT) Received: from localhost.localdomain ([203.100.54.194]) by smtp.gmail.com with ESMTPSA id h21sm2514622pjz.6.2020.06.02.06.51.46 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Jun 2020 06:51:48 -0700 (PDT) From: xiangxia.m.yue@gmail.com To: dev@openvswitch.org Date: Tue, 2 Jun 2020 21:50:24 +0800 Message-Id: <20200602135025.20704-4-xiangxia.m.yue@gmail.com> X-Mailer: git-send-email 2.15.0 In-Reply-To: <20200602135025.20704-1-xiangxia.m.yue@gmail.com> References: <20200602135025.20704-1-xiangxia.m.yue@gmail.com> MIME-Version: 1.0 Cc: simon.horman@netronome.com, i.maximets@ovn.org Subject: [ovs-dev] [PATCH v2 3/4] netdev-offload-tc: Allow to match the IP and port mask of tunnel X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Tonghao Zhang This patch allows users to offload the TC flower rules with tunnel mask. This patch allows masked match of the following, where previously supported an exact match was supported: * Remote (dst) tunnel endpoint address * Local (src) tunnel endpoint address * Remote (dst) tunnel endpoint UDP port And also allows masked match of the following, where previously no match was supported: * Local (src) tunnel endpoint UDP port In some case, mask is useful as wildcards. For example, DDOS, in that case, we don’t want to allow specified hosts IPs or only source Ports to access the targeted host. For example: $ ovs-appctl dpctl/add-flow "tunnel(dst=2.2.2.100,src=2.2.2.0/255.255.255.0,tp_dst=4789),\ recirc_id(0),in_port(3),eth(),eth_type(0x0800),ipv4()" "" $ tc filter show dev vxlan_sys_4789 ingress ... eth_type ipv4 enc_dst_ip 2.2.2.100 enc_src_ip 2.2.2.0/24 enc_dst_port 4789 enc_ttl 64 in_hw in_hw_count 2 action order 1: gact action drop ... Cc: Simon Horman Cc: Paul Blakey Cc: Roi Dayan Cc: Ben Pfaff Cc: William Tu Cc: Ilya Maximets Signed-off-by: Tonghao Zhang Acked-by: Roi Dayan --- NEWS | 5 ++++ include/openvswitch/match.h | 3 ++ lib/match.c | 13 +++++++++ lib/netdev-offload-tc.c | 38 +++++++++++++++++++------ lib/tc.c | 57 +++++++++++++++++++++++++++++++++---- tests/tunnel.at | 22 ++++++++++++++ 6 files changed, 123 insertions(+), 15 deletions(-) diff --git a/NEWS b/NEWS index 70bd17584594..ed6b4486430e 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,11 @@ Post-v2.13.0 * Deprecated DPDK ring ports (dpdkr) are no longer supported. - Linux datapath: * Support for kernel versions up to 5.5.x. + - Tunnels: TC Flower offload + * Tunnel Local endpoint address masked match are supported. + * Tunnel Romte endpoint address masked match are supported. + * Tunnel Local endpoint ports masked match are supported. + * Tunnel Romte endpoint ports masked match are supported. v2.13.0 - 14 Feb 2020 diff --git a/include/openvswitch/match.h b/include/openvswitch/match.h index 8af3b74ed3e0..3b196c7fa462 100644 --- a/include/openvswitch/match.h +++ b/include/openvswitch/match.h @@ -105,6 +105,9 @@ void match_set_tun_flags(struct match *match, uint16_t flags); void match_set_tun_flags_masked(struct match *match, uint16_t flags, uint16_t mask); void match_set_tun_tp_dst(struct match *match, ovs_be16 tp_dst); void match_set_tun_tp_dst_masked(struct match *match, ovs_be16 port, ovs_be16 mask); +void match_set_tun_tp_src(struct match *match, ovs_be16 tp_src); +void match_set_tun_tp_src_masked(struct match *match, + ovs_be16 port, ovs_be16 mask); void match_set_tun_gbp_id_masked(struct match *match, ovs_be16 gbp_id, ovs_be16 mask); void match_set_tun_gbp_id(struct match *match, ovs_be16 gbp_id); void match_set_tun_gbp_flags_masked(struct match *match, uint8_t flags, uint8_t mask); diff --git a/lib/match.c b/lib/match.c index 25c277cc670b..29b25a73bab4 100644 --- a/lib/match.c +++ b/lib/match.c @@ -293,6 +293,19 @@ match_set_tun_tp_dst_masked(struct match *match, ovs_be16 port, ovs_be16 mask) match->flow.tunnel.tp_dst = port & mask; } +void +match_set_tun_tp_src(struct match *match, ovs_be16 tp_src) +{ + match_set_tun_tp_src_masked(match, tp_src, OVS_BE16_MAX); +} + +void +match_set_tun_tp_src_masked(struct match *match, ovs_be16 port, ovs_be16 mask) +{ + match->wc.masks.tunnel.tp_src = mask; + match->flow.tunnel.tp_src = port & mask; +} + void match_set_tun_gbp_id_masked(struct match *match, ovs_be16 gbp_id, ovs_be16 mask) { diff --git a/lib/netdev-offload-tc.c b/lib/netdev-offload-tc.c index 9b7c74aae887..8ba22312ec00 100644 --- a/lib/netdev-offload-tc.c +++ b/lib/netdev-offload-tc.c @@ -633,13 +633,20 @@ parse_tc_flower_to_match(struct tc_flower *flower, match_set_tun_id(match, flower->key.tunnel.id); match->flow.tunnel.flags |= FLOW_TNL_F_KEY; } - if (flower->key.tunnel.ipv4.ipv4_dst) { - match_set_tun_src(match, flower->key.tunnel.ipv4.ipv4_src); - match_set_tun_dst(match, flower->key.tunnel.ipv4.ipv4_dst); - } else if (!is_all_zeros(&flower->key.tunnel.ipv6.ipv6_dst, - sizeof flower->key.tunnel.ipv6.ipv6_dst)) { - match_set_tun_ipv6_src(match, &flower->key.tunnel.ipv6.ipv6_src); - match_set_tun_ipv6_dst(match, &flower->key.tunnel.ipv6.ipv6_dst); + if (flower->mask.tunnel.ipv4.ipv4_dst) { + match_set_tun_dst_masked(match, + flower->key.tunnel.ipv4.ipv4_dst, + flower->mask.tunnel.ipv4.ipv4_dst); + match_set_tun_src_masked(match, + flower->key.tunnel.ipv4.ipv4_src, + flower->mask.tunnel.ipv4.ipv4_src); + } else if (ipv6_addr_is_set(&flower->mask.tunnel.ipv6.ipv6_dst)) { + match_set_tun_ipv6_dst_masked(match, + &flower->key.tunnel.ipv6.ipv6_dst, + &flower->mask.tunnel.ipv6.ipv6_dst); + match_set_tun_ipv6_src_masked(match, + &flower->key.tunnel.ipv6.ipv6_src, + &flower->mask.tunnel.ipv6.ipv6_src); } if (flower->key.tunnel.tos) { match_set_tun_tos_masked(match, flower->key.tunnel.tos, @@ -649,8 +656,15 @@ parse_tc_flower_to_match(struct tc_flower *flower, match_set_tun_ttl_masked(match, flower->key.tunnel.ttl, flower->mask.tunnel.ttl); } - if (flower->key.tunnel.tp_dst) { - match_set_tun_tp_dst(match, flower->key.tunnel.tp_dst); + if (flower->mask.tunnel.tp_dst) { + match_set_tun_tp_dst_masked(match, + flower->key.tunnel.tp_dst, + flower->mask.tunnel.tp_dst); + } + if (flower->mask.tunnel.tp_src) { + match_set_tun_tp_src_masked(match, + flower->key.tunnel.tp_src, + flower->mask.tunnel.tp_src); } if (flower->key.tunnel.metadata.present.len) { flower_tun_opt_to_match(match, flower); @@ -1402,8 +1416,14 @@ netdev_tc_flow_put(struct netdev *netdev, struct match *match, flower.key.tunnel.ttl = tnl->ip_ttl; flower.key.tunnel.tp_src = tnl->tp_src; flower.key.tunnel.tp_dst = tnl->tp_dst; + flower.mask.tunnel.ipv4.ipv4_src = tnl_mask->ip_src; + flower.mask.tunnel.ipv4.ipv4_dst = tnl_mask->ip_dst; + flower.mask.tunnel.ipv6.ipv6_src = tnl_mask->ipv6_src; + flower.mask.tunnel.ipv6.ipv6_dst = tnl_mask->ipv6_dst; flower.mask.tunnel.tos = tnl_mask->ip_tos; flower.mask.tunnel.ttl = tnl_mask->ip_ttl; + flower.mask.tunnel.tp_src = tnl_mask->tp_src; + flower.mask.tunnel.tp_dst = tnl_mask->tp_dst; flower.mask.tunnel.id = (tnl->flags & FLOW_TNL_F_KEY) ? tnl_mask->tun_id : 0; flower_match_to_tun_opt(&flower, tnl, tnl_mask); flower.tunnel = true; diff --git a/lib/tc.c b/lib/tc.c index a6297445ca33..ac5ecc2b7e6f 100644 --- a/lib/tc.c +++ b/lib/tc.c @@ -372,6 +372,12 @@ static const struct nl_policy tca_flower_policy[] = { .optional = true, }, [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NL_A_U16, .optional = true, }, + [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NL_A_U16, + .optional = true, }, + [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NL_A_U16, + .optional = true, }, + [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NL_A_U16, + .optional = true, }, [TCA_FLOWER_KEY_FLAGS] = { .type = NL_A_BE32, .optional = true, }, [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NL_A_BE32, .optional = true, }, [TCA_FLOWER_KEY_IP_TTL] = { .type = NL_A_U8, @@ -650,22 +656,38 @@ nl_parse_flower_tunnel(struct nlattr **attrs, struct tc_flower *flower) flower->mask.tunnel.id = OVS_BE64_MAX; } if (attrs[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK]) { + flower->mask.tunnel.ipv4.ipv4_src = + nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK]); flower->key.tunnel.ipv4.ipv4_src = nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_IPV4_SRC]); } if (attrs[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK]) { + flower->mask.tunnel.ipv4.ipv4_dst = + nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK]); flower->key.tunnel.ipv4.ipv4_dst = nl_attr_get_be32(attrs[TCA_FLOWER_KEY_ENC_IPV4_DST]); } if (attrs[TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK]) { + flower->mask.tunnel.ipv6.ipv6_src = + nl_attr_get_in6_addr(attrs[TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK]); flower->key.tunnel.ipv6.ipv6_src = nl_attr_get_in6_addr(attrs[TCA_FLOWER_KEY_ENC_IPV6_SRC]); } if (attrs[TCA_FLOWER_KEY_ENC_IPV6_DST_MASK]) { + flower->mask.tunnel.ipv6.ipv6_dst = + nl_attr_get_in6_addr(attrs[TCA_FLOWER_KEY_ENC_IPV6_DST_MASK]); flower->key.tunnel.ipv6.ipv6_dst = nl_attr_get_in6_addr(attrs[TCA_FLOWER_KEY_ENC_IPV6_DST]); } - if (attrs[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]) { + if (attrs[TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK]) { + flower->mask.tunnel.tp_src = + nl_attr_get_be16(attrs[TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK]); + flower->key.tunnel.tp_src = + nl_attr_get_be16(attrs[TCA_FLOWER_KEY_ENC_UDP_SRC_PORT]); + } + if (attrs[TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK]) { + flower->mask.tunnel.tp_dst = + nl_attr_get_be16(attrs[TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK]); flower->key.tunnel.tp_dst = nl_attr_get_be16(attrs[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]); } @@ -2592,11 +2614,18 @@ nl_msg_put_flower_tunnel_opts(struct ofpbuf *request, uint16_t type, static void nl_msg_put_flower_tunnel(struct ofpbuf *request, struct tc_flower *flower) { + ovs_be32 ipv4_src_mask = flower->mask.tunnel.ipv4.ipv4_src; + ovs_be32 ipv4_dst_mask = flower->mask.tunnel.ipv4.ipv4_dst; ovs_be32 ipv4_src = flower->key.tunnel.ipv4.ipv4_src; ovs_be32 ipv4_dst = flower->key.tunnel.ipv4.ipv4_dst; + struct in6_addr *ipv6_src_mask = &flower->mask.tunnel.ipv6.ipv6_src; + struct in6_addr *ipv6_dst_mask = &flower->mask.tunnel.ipv6.ipv6_dst; struct in6_addr *ipv6_src = &flower->key.tunnel.ipv6.ipv6_src; struct in6_addr *ipv6_dst = &flower->key.tunnel.ipv6.ipv6_dst; + ovs_be16 tp_dst_mask = flower->mask.tunnel.tp_dst; + ovs_be16 tp_src_mask = flower->mask.tunnel.tp_src; ovs_be16 tp_dst = flower->key.tunnel.tp_dst; + ovs_be16 tp_src = flower->key.tunnel.tp_src; ovs_be32 id = be64_to_be32(flower->key.tunnel.id); uint8_t tos = flower->key.tunnel.tos; uint8_t ttl = flower->key.tunnel.ttl; @@ -2604,12 +2633,21 @@ nl_msg_put_flower_tunnel(struct ofpbuf *request, struct tc_flower *flower) uint8_t ttl_mask = flower->mask.tunnel.ttl; ovs_be64 id_mask = flower->mask.tunnel.id; - if (ipv4_dst) { - nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_IPV4_SRC, ipv4_src); + if (ipv4_dst_mask || ipv4_src_mask) { + nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_IPV4_DST_MASK, + ipv4_dst_mask); + nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK, + ipv4_src_mask); nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_IPV4_DST, ipv4_dst); - } else if (!is_all_zeros(ipv6_dst, sizeof *ipv6_dst)) { - nl_msg_put_in6_addr(request, TCA_FLOWER_KEY_ENC_IPV6_SRC, ipv6_src); + nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_IPV4_SRC, ipv4_src); + } else if (ipv6_addr_is_set(ipv6_dst_mask) || + ipv6_addr_is_set(ipv6_src_mask)) { + nl_msg_put_in6_addr(request, TCA_FLOWER_KEY_ENC_IPV6_DST_MASK, + ipv6_dst_mask); + nl_msg_put_in6_addr(request, TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK, + ipv6_src_mask); nl_msg_put_in6_addr(request, TCA_FLOWER_KEY_ENC_IPV6_DST, ipv6_dst); + nl_msg_put_in6_addr(request, TCA_FLOWER_KEY_ENC_IPV6_SRC, ipv6_src); } if (tos_mask) { nl_msg_put_u8(request, TCA_FLOWER_KEY_ENC_IP_TOS, tos); @@ -2619,9 +2657,16 @@ nl_msg_put_flower_tunnel(struct ofpbuf *request, struct tc_flower *flower) nl_msg_put_u8(request, TCA_FLOWER_KEY_ENC_IP_TTL, ttl); nl_msg_put_u8(request, TCA_FLOWER_KEY_ENC_IP_TTL_MASK, ttl_mask); } - if (tp_dst) { + if (tp_dst_mask) { + nl_msg_put_be16(request, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK, + tp_dst_mask); nl_msg_put_be16(request, TCA_FLOWER_KEY_ENC_UDP_DST_PORT, tp_dst); } + if (tp_src_mask) { + nl_msg_put_be16(request, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK, + tp_src_mask); + nl_msg_put_be16(request, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT, tp_src); + } if (id_mask) { nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_KEY_ID, id); } diff --git a/tests/tunnel.at b/tests/tunnel.at index d65bf4412aa9..d3fdbbe3c4d3 100644 --- a/tests/tunnel.at +++ b/tests/tunnel.at @@ -110,6 +110,28 @@ Datapath actions: drop OVS_VSWITCHD_STOP(["/dropping tunnel packet marked ECN CE but is not ECN capable/d"]) AT_CLEANUP +AT_SETUP([tunnel - input with matching tunnel mask]) +OVS_VSWITCHD_START([add-port br0 p1 -- set Interface p1 type=gre \ + options:remote_ip=1.1.1.1 \ + ofport_request=1 \ + -- add-port br0 p2 -- set Interface p2 type=dummy \ + ofport_request=2]) + +AT_CHECK([ovs-appctl dpif/show | tail -n +3], [0], [dnl + br0 65534/100: (dummy-internal) + p1 1/1: (gre: remote_ip=1.1.1.1) + p2 2/2: (dummy) +]) + +AT_CHECK([ovs-appctl dpctl/add-flow "tunnel(dst=1.1.1.1,src=3.3.3.200/255.255.255.0,tp_dst=123,tp_src=1/0xf,ttl=64),recirc_id(0),in_port(1),eth(),eth_type(0x0800),ipv4()" "2"]) + +AT_CHECK([ovs-appctl dpctl/dump-flows | tail -1], [0], [dnl +tunnel(src=3.3.3.200/255.255.255.0,dst=1.1.1.1,ttl=64,tp_src=1/0xf,tp_dst=123),recirc_id(0),in_port(1),eth_type(0x0800), packets:0, bytes:0, used:never, actions:2 +]) + +OVS_VSWITCHD_STOP +AT_CLEANUP + AT_SETUP([tunnel - output]) OVS_VSWITCHD_START([add-port br0 p1 -- set Interface p1 type=gre \ options:remote_ip=1.1.1.1 options:local_ip=2.2.2.2 \ From patchwork Tue Jun 2 13:50:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tonghao Zhang X-Patchwork-Id: 1302471 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=bxczIqEB; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49btl44xvgz9sSy for ; Tue, 2 Jun 2020 23:52:16 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 7EB40878BA; Tue, 2 Jun 2020 13:52:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ODdRhbnUdk70; Tue, 2 Jun 2020 13:52:10 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 19E9387773; Tue, 2 Jun 2020 13:51:58 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id E19FEC08A6; Tue, 2 Jun 2020 13:51:57 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 16E85C0893 for ; Tue, 2 Jun 2020 13:51:57 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 0206B87886 for ; Tue, 2 Jun 2020 13:51:57 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id maOYWwk5CkhH for ; Tue, 2 Jun 2020 13:51:53 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-pl1-f195.google.com (mail-pl1-f195.google.com [209.85.214.195]) by whitealder.osuosl.org (Postfix) with ESMTPS id 2E4C8877E1 for ; Tue, 2 Jun 2020 13:51:53 +0000 (UTC) Received: by mail-pl1-f195.google.com with SMTP id y17so1363166plb.8 for ; Tue, 02 Jun 2020 06:51:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=7yHOX2++G1cZ56BC5ofUsLGeBCIQWlUe34g8m5MyS9Q=; b=bxczIqEBr5qT3B4OF5Tc8h0cGcEgkafIT/5aaLdpSfDuWzC7+p3YaY96QaW74GM/fi +oEk3Zp4HCQsk9GIFMhEBVL5u8IWKYW5qjN6mLQF6XwSwAx8NADNUpCepF9dum9yvY4F ahRKAk776rxeIavm9+dT50aj7nCOScCR95eioMWJYrfWNuxCI7a+CpxxK8+61PAZ9x3k lB1ftfsyo67x02C3gZFxGm6i9u9JgHKpCG28clZ3MlDYY2hlYrPetxJxN4T8k1oM03g7 gH4yLispgLNHCmPBiNFpn9ExsFadtpjqEQIJTybiRZfKM/gKbjOi1fNq1+WfaKBO1ZX2 i+Uw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=7yHOX2++G1cZ56BC5ofUsLGeBCIQWlUe34g8m5MyS9Q=; b=X2oY8UdgTzS6Uldw7WZMRMLQHOam43pks9t8pqIf3o1BvkPehqGiiNtmQfm92mjudO G/9HRfaCc0PI2nQlkhdhKw9UECqU+NPQ1C66r5JHWKUzbYNens22PrrHcSZw/t1wfqzh dSHbBrTDwqPocSzaZskDfelIjaKMIxQiB7wwS3ySNmsJirHTSQ1ajveuP5gmcLaLb303 iLzafXVi7hWVqYczkQ9bPqbeOkMXFMYQav8mpNooXlsC/7V/9TEFOZGJB5D838/dbzjL czWxYL5wSbggwi09g4UoG8b1S1+JqQOjY+WaiUTq+lqIVpNsG3rP6GL6IUXe+buYt7QZ 2rww== X-Gm-Message-State: AOAM531J/ERjkP2h8piRoCo6TFGdoF+To2AjRJK7yo7G2lLtutPJ52E9 BR0jOFRRDoLn8k/TlgA+hP/etZ6uV0p5qw== X-Google-Smtp-Source: ABdhPJyCgiR8DnhqRCq3Ah+Cew6ICRRoSJ8PS/lDG1XLN7eqVmUGFZAL6zVbxSrYm4/LHiUJM3lhXg== X-Received: by 2002:a17:902:9f90:: with SMTP id g16mr17995500plq.146.1591105912220; Tue, 02 Jun 2020 06:51:52 -0700 (PDT) Received: from localhost.localdomain ([203.100.54.194]) by smtp.gmail.com with ESMTPSA id h21sm2514622pjz.6.2020.06.02.06.51.49 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Jun 2020 06:51:51 -0700 (PDT) From: xiangxia.m.yue@gmail.com To: dev@openvswitch.org Date: Tue, 2 Jun 2020 21:50:25 +0800 Message-Id: <20200602135025.20704-5-xiangxia.m.yue@gmail.com> X-Mailer: git-send-email 2.15.0 In-Reply-To: <20200602135025.20704-1-xiangxia.m.yue@gmail.com> References: <20200602135025.20704-1-xiangxia.m.yue@gmail.com> Cc: simon.horman@netronome.com, i.maximets@ovn.org Subject: [ovs-dev] [PATCH v2 4/4] netdev-offload-tc: Expand tunnel source IPs masked match X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From: Tonghao Zhang To support more use case, for example, DDOS, which packets should be dropped in hardware, this patch allows users to match only the tunnel source IPs with masked value. $ ovs-appctl dpctl/add-flow "tunnel(src=2.2.2.0/255.255.255.0,tp_dst=4789,ttl=64),\ recirc_id(2),in_port(3),eth(),eth_type(0x0800),ipv4()" "" $ ovs-appctl dpctl/dump-flows tunnel(src=2.2.2.0/255.255.255.0,ttl=64,tp_dst=4789) ... actions:drop $ tc filter show dev vxlan_sys_4789 ingress ... eth_type ipv4 enc_src_ip 2.2.2.0/24 enc_dst_port 4789 enc_ttl 64 in_hw in_hw_count 2 action order 1: gact action drop ... Cc: Simon Horman Cc: Paul Blakey Cc: Roi Dayan Cc: Ben Pfaff Cc: William Tu Cc: Ilya Maximets Signed-off-by: Tonghao Zhang Acked-by: Roi Dayan --- lib/netdev-offload-tc.c | 9 ++++++--- lib/odp-util.c | 3 ++- lib/packets.h | 6 ++++++ 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/lib/netdev-offload-tc.c b/lib/netdev-offload-tc.c index 8ba22312ec00..f7f9c231e3cf 100644 --- a/lib/netdev-offload-tc.c +++ b/lib/netdev-offload-tc.c @@ -633,14 +633,16 @@ parse_tc_flower_to_match(struct tc_flower *flower, match_set_tun_id(match, flower->key.tunnel.id); match->flow.tunnel.flags |= FLOW_TNL_F_KEY; } - if (flower->mask.tunnel.ipv4.ipv4_dst) { + if (flower->mask.tunnel.ipv4.ipv4_dst || + flower->mask.tunnel.ipv4.ipv4_src) { match_set_tun_dst_masked(match, flower->key.tunnel.ipv4.ipv4_dst, flower->mask.tunnel.ipv4.ipv4_dst); match_set_tun_src_masked(match, flower->key.tunnel.ipv4.ipv4_src, flower->mask.tunnel.ipv4.ipv4_src); - } else if (ipv6_addr_is_set(&flower->mask.tunnel.ipv6.ipv6_dst)) { + } else if (ipv6_addr_is_set(&flower->mask.tunnel.ipv6.ipv6_dst) || + ipv6_addr_is_set(&flower->mask.tunnel.ipv6.ipv6_src)) { match_set_tun_ipv6_dst_masked(match, &flower->key.tunnel.ipv6.ipv6_dst, &flower->mask.tunnel.ipv6.ipv6_dst); @@ -1400,7 +1402,8 @@ netdev_tc_flow_put(struct netdev *netdev, struct match *match, chain = key->recirc_id; mask->recirc_id = 0; - if (flow_tnl_dst_is_set(&key->tunnel)) { + if (flow_tnl_dst_is_set(&key->tunnel) || + flow_tnl_src_is_set(&key->tunnel)) { VLOG_DBG_RL(&rl, "tunnel: id %#" PRIx64 " src " IP_FMT " dst " IP_FMT " tp_src %d tp_dst %d", diff --git a/lib/odp-util.c b/lib/odp-util.c index b66d266cca1d..72601dc6ba2b 100644 --- a/lib/odp-util.c +++ b/lib/odp-util.c @@ -6125,7 +6125,8 @@ odp_flow_key_from_flow__(const struct odp_flow_key_parms *parms, nl_msg_put_u32(buf, OVS_KEY_ATTR_PRIORITY, data->skb_priority); - if (flow_tnl_dst_is_set(&flow->tunnel) || export_mask) { + if (flow_tnl_dst_is_set(&flow->tunnel) || + flow_tnl_src_is_set(&flow->tunnel) || export_mask) { tun_key_to_attr(buf, &data->tunnel, &parms->flow->tunnel, parms->key_buf, NULL); } diff --git a/lib/packets.h b/lib/packets.h index 447e6f6fafa5..395bc869eb00 100644 --- a/lib/packets.h +++ b/lib/packets.h @@ -52,6 +52,12 @@ flow_tnl_dst_is_set(const struct flow_tnl *tnl) return tnl->ip_dst || ipv6_addr_is_set(&tnl->ipv6_dst); } +static inline bool +flow_tnl_src_is_set(const struct flow_tnl *tnl) +{ + return tnl->ip_src || ipv6_addr_is_set(&tnl->ipv6_src); +} + struct in6_addr flow_tnl_dst(const struct flow_tnl *tnl); struct in6_addr flow_tnl_src(const struct flow_tnl *tnl);