From 81ba3e6fbd4bc8a1d41b41032fcb5ba42bba1e9d Mon Sep 17 00:00:00 2001 From: Roman Mashak Date: Wed, 28 Jun 2017 13:05:04 -0400 Subject: [PATCH 1/5] tc: updated ife man page. Explain when skbmark encoding may fail. Signed-off-by: Roman Mashak --- man/man8/tc-ife.8 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/man/man8/tc-ife.8 b/man/man8/tc-ife.8 index a8f1f287..1499a3fc 100644 --- a/man/man8/tc-ife.8 +++ b/man/man8/tc-ife.8 @@ -59,7 +59,10 @@ Encode direction only. Enforce static encoding of specified metadata. .BR mark " [ " .IR u32_value " ]" The value to set for the skb mark. The u32 value is required only when -.BR use " is specified." +.BR use " is specified. If +.BR mark " value is zero, it will not be encoded, instead +"overlimits" statistics increment and +.BR CONTROL " action is taken. .TP .BR prio " [ " .IR u32_value " ]" From 2ce280de9fbaea408de3eced70db559d9ded7d9a Mon Sep 17 00:00:00 2001 From: Lucas Bates Date: Tue, 4 Jul 2017 17:40:35 -0400 Subject: [PATCH 2/5] Add new man page for tc actions. This page is to highlight all operations and options that are applicable to all tc actions. Signed-off-by: Lucas Bates Signed-off-by: Jamal Hadi Salim --- man/man8/tc-actions.8 | 221 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 221 insertions(+) create mode 100644 man/man8/tc-actions.8 diff --git a/man/man8/tc-actions.8 b/man/man8/tc-actions.8 new file mode 100644 index 00000000..51f43afe --- /dev/null +++ b/man/man8/tc-actions.8 @@ -0,0 +1,221 @@ +.TH "actions in tc" 8 "4 Jul 2017" "iproute2" "Linux" + +.SH NAME +actions \- independently defined actions in tc +.SH SYNOPSIS +.B tc +[ +.I TC_OPTIONS +] +.B actions +.BR add " | " change " | " replace +.I ACTSPEC + +.B tc +[ +.I TC_OPTIONS +] +.B actions +.BR get " | " delete +.I ACTISPEC + +.B tc +[ +.I TC_OPTIONS +] +.B actions flush +.I ACTNAMESPEC + +.B tc +[ +.I TC_OPTIONS +] +.B actions +.BR ls " | " list +.I ACTNAMESPEC + +.in +8 +.I ACTSPEC +:= +.B action +.I ACTDETAIL +[ +.I INDEXSPEC +] [ +.I COOKIESPEC +] [ +.I CONTROL +] + +.I ACTISPEC +:= +.I ACTNAMESPEC INDEXSPEC + +.I ACTNAMESPEC +:= +.B action +ACTNAME + +.I INDEXSPEC +:= +.BI index " INDEX" + +.I COOKIESPEC +:= +.BI cookie " COOKIE" + +.I ACTDETAIL +:= +.I ACTNAME ACTPARAMS + +.I ACTNAME +may be any valid action type: gact, mirred, bpf, connmark, csum, police, etc. + +.I ACTPARAMS +are the action-specific parameters; see the man page for the specific action +type to be used for details. + +.I CONTROL +:= { +.IR reclassify " | " pipe " | " drop " | " continue " | " ok +} + +.I TC_OPTIONS +These are the options that are specific to +.B tc +and not only the options. Refer to +.BR tc(8) +for more information. +.in + +.SH DESCRIPTION + +The +.B actions +object in +.B tc +allows a user to define actions independently of a classifier (filter). These +actions can then be assigned to one or more filters, with any +packets matching the classifier's criteria having that action performed +on them. + +Each action type (mirred, police, etc.) will have its own table to store +all created actions. + +.SH OPERATIONS +.TP +.B add +Create a new action in that action's table. + +.TP +.B change +.TQ +.B replace +Make modifications to an existing action. +.TP +.B get +Display the action with the specified index value. When combined with the +.B -s +option for +.BR tc "," +display the statistics for that action. +.TP +.B delete +Delete the action with the specified index value. If the action is already +associated with a classifier, it does not delete the classifier. +.TP +.B ls +.TQ +.B list +List all the actions in the specified table. When combined with the +.B -s +option for +.BR tc "," +display the statistics for all actions in the specified table. +.TP +.B flush +Delete all actions stored in the specified table. + +.SH ACTION OPTIONS +Note that these options are available to all action types. +.TP +.BI index " INDEX" +Specify the table index value of an action. +.I INDEX +is a 32-bit value that is unique to the specific type of action referenced. + +.RS +For +.BR add ", " change ", and" +.B replace +operations, the index is +.BR optional. +When adding a new action, +specifying an index value will assign the action to that index unless that +index value has already been assigned. Omitting the index value for an add +operation will cause the kernel to assign a value to the new action. +.RE + +.RS +For +.BR get " and " delete +operations, the index is +.B required +to identify the specific action to be displayed or deleted. +.RE + +.TP +.BI cookie " COOKIE" +In addition to the specific action, mark the matching packet with the value +specified by +.IR COOKIE "." +The +.I COOKIE +is a 128-bit value that will not be interpreted by the kernel whatsoever. +As such, it can be used as a correlating value for maintaining user state. +The value to be stored is completely arbitrary and does not require a specific +format. It is stored inside the action structure itself. + +.TP +.I CONTROL +The +.I CONTROL +indicates how +.B tc +should proceed after executing the action. Any of the following are valid: +.RS +.TP +.B reclassify +Restart the classifiction by jumping back to the first filter attached to +the action's parent. +.TP +.B pipe +Continue with the next action. This is the default control. +.TP +.B drop +Drop the packed without running any further actions. +.TP +.B continue +Continue the classification with the next filter. +.TP +.B pass +Return to the calling qdisc for packet processing, and end classification of +this packet. +.RE + +.SH SEE ALSO +.BR tc (8), +.BR tc-bpf (8), +.BR tc-connmark (8), +.BR tc-csum (8), +.BR tc-ife (8), +.BR tc-mirred (8), +.BR tc-nat (8), +.BR tc-pedit (8), +.BR tc-police (8), +.BR tc-simple (8), +.BR tc-skbedit (8), +.BR tc-skbmod (8), +.BR tc-tunnel_key (8), +.BR tc-vlan (8), +.BR tc-xt (8) From 7baca946c416b997e1afacd0bd02faf148786970 Mon Sep 17 00:00:00 2001 From: Krister Johansen Date: Fri, 9 Jun 2017 18:31:30 -0700 Subject: [PATCH 3/5] iptunnel: document mode parameter for sit tunnels Original-Author: Simon Horman Signed-off-by: Krister Johansen --- man/man8/ip-link.8.in | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in index 5d73538b..3cc2f5dc 100644 --- a/man/man8/ip-link.8.in +++ b/man/man8/ip-link.8.in @@ -660,7 +660,9 @@ the following additional arguments are supported: ] [ .RB [ no ] encap-csum ] [ -.RB [ no ] encap-remcsum +.I " [no]encap-remcsum " +] [ +.I " mode " { ip6ip | ipip | any } " ] .in +8 @@ -697,6 +699,12 @@ encapsulation. - specifies if Remote Checksum Offload is enabled. This is only applicable for Generic UDP Encapsulation. +.sp +.BI mode " { ip6ip | ipip | any } " +- specifies mode in which device should run. "ip6ip" indicates +IPv6-Over-IPv4, "ipip" indicates "IPv4-Over-IPv4", "any" indicates either +IPv6 or IPv4 Over IPv4. Only supported for SIT where the default is "ip6ip". + .in -8 .TP From f005b700cf076020e882ffadce693deb13a88488 Mon Sep 17 00:00:00 2001 From: Krister Johansen Date: Fri, 9 Jun 2017 18:31:31 -0700 Subject: [PATCH 4/5] iptunnel: add support for mpls/ip to sit tunnels Original-Author: Simon Horman Signed-off-by: Krister Johansen --- include/utils.h | 3 +++ ip/link_iptnl.c | 9 ++++++--- ip/tunnel.c | 3 +++ man/man8/ip-link.8.in | 9 +++++---- 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/include/utils.h b/include/utils.h index 915c82e9..6080b962 100644 --- a/include/utils.h +++ b/include/utils.h @@ -74,6 +74,9 @@ struct ipx_addr { #ifndef AF_MPLS # define AF_MPLS 28 #endif +#ifndef IPPROTO_MPLS +#define IPPROTO_MPLS 137 +#endif __u32 get_addr32(const char *name); int get_addr_1(inet_prefix *dst, const char *arg, int family); diff --git a/ip/link_iptnl.c b/ip/link_iptnl.c index 2f74d9b7..cf3a9ef4 100644 --- a/ip/link_iptnl.c +++ b/ip/link_iptnl.c @@ -16,6 +16,7 @@ #include #include +#include #include #include #include "rt_names.h" @@ -47,9 +48,8 @@ static void print_usage(FILE *f, int sit) type ); if (sit) { - fprintf(f, - " [ mode { ip6ip | ipip | any } ]\n" - " [ isatap ]\n"); + fprintf(f, " [ mode { ip6ip | ipip | mplsip | any } ]\n"); + fprintf(f, " [ isatap ]\n"); } fprintf(f, " [ external ]\n"); fprintf(f, " [ fwmark MARK ]\n"); @@ -243,6 +243,9 @@ get_failed: strcmp(*argv, "ipip") == 0 || strcmp(*argv, "ip4ip4") == 0) proto = IPPROTO_IPIP; + else if (strcmp(*argv, "mpls/ipv4") == 0 || + strcmp(*argv, "mplsip") == 0) + proto = IPPROTO_MPLS; else if (strcmp(*argv, "any/ipv4") == 0 || strcmp(*argv, "any") == 0) proto = 0; diff --git a/ip/tunnel.c b/ip/tunnel.c index 7956d71a..d359eb95 100644 --- a/ip/tunnel.c +++ b/ip/tunnel.c @@ -54,6 +54,9 @@ const char *tnl_strproto(__u8 proto) case IPPROTO_ESP: strcpy(buf, "esp"); break; + case IPPROTO_MPLS: + strcpy(buf, "mpls"); + break; case 0: strcpy(buf, "any"); break; diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in index 3cc2f5dc..994b539e 100644 --- a/man/man8/ip-link.8.in +++ b/man/man8/ip-link.8.in @@ -662,7 +662,7 @@ the following additional arguments are supported: ] [ .I " [no]encap-remcsum " ] [ -.I " mode " { ip6ip | ipip | any } " +.I " mode " { ip6ip | ipip | mplsip | any } " ] .in +8 @@ -700,10 +700,11 @@ encapsulation. applicable for Generic UDP Encapsulation. .sp -.BI mode " { ip6ip | ipip | any } " +.BI mode " { ip6ip | ipip | mplsip | any } " - specifies mode in which device should run. "ip6ip" indicates -IPv6-Over-IPv4, "ipip" indicates "IPv4-Over-IPv4", "any" indicates either -IPv6 or IPv4 Over IPv4. Only supported for SIT where the default is "ip6ip". +IPv6-Over-IPv4, "ipip" indicates "IPv4-Over-IPv4", "mplsip" indicates +MPLS-Over-IPv4, "any" indicates IPv6, IPv4 or MPLS Over IPv4. Only +supported for SIT where the default is "ip6ip". .in -8 From 288c28bc114890cb043e13934e39677fd3532ff9 Mon Sep 17 00:00:00 2001 From: Krister Johansen Date: Fri, 9 Jun 2017 18:31:32 -0700 Subject: [PATCH 5/5] iptunnel: add support for mpls/ip to ipip tunnels Original-Author: Simon Horman Signed-off-by: Krister Johansen --- ip/link_iptnl.c | 21 ++++++++++++++++++++- man/man8/ip-link.8.in | 5 +++-- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/ip/link_iptnl.c b/ip/link_iptnl.c index cf3a9ef4..d24e7376 100644 --- a/ip/link_iptnl.c +++ b/ip/link_iptnl.c @@ -50,6 +50,8 @@ static void print_usage(FILE *f, int sit) if (sit) { fprintf(f, " [ mode { ip6ip | ipip | mplsip | any } ]\n"); fprintf(f, " [ isatap ]\n"); + } else { + fprintf(f, " [ mode { ipip | mplsip | any } ]\n"); } fprintf(f, " [ external ]\n"); fprintf(f, " [ fwmark MARK ]\n"); @@ -251,6 +253,21 @@ get_failed: proto = 0; else invarg("Cannot guess tunnel mode.", *argv); + } else if (strcmp(lu->id, "ipip") == 0 && + strcmp(*argv, "mode") == 0) { + NEXT_ARG(); + if (strcmp(*argv, "ipv4/ipv4") == 0 || + strcmp(*argv, "ipip") == 0 || + strcmp(*argv, "ip4ip4") == 0) + proto = IPPROTO_IPIP; + else if (strcmp(*argv, "mpls/ipv4") == 0 || + strcmp(*argv, "mplsip") == 0) + proto = IPPROTO_MPLS; + else if (strcmp(*argv, "any/ipv4") == 0 || + strcmp(*argv, "any") == 0) + proto = 0; + else + invarg("Cannot guess tunnel mode.", *argv); } else if (strcmp(*argv, "noencap") == 0) { encaptype = TUNNEL_ENCAP_NONE; } else if (strcmp(*argv, "encap") == 0) { @@ -343,9 +360,11 @@ get_failed: addattr16(n, 1024, IFLA_IPTUN_ENCAP_SPORT, htons(encapsport)); addattr16(n, 1024, IFLA_IPTUN_ENCAP_DPORT, htons(encapdport)); + if (strcmp(lu->id, "ipip") == 0 || strcmp(lu->id, "sit") == 0) + addattr8(n, 1024, IFLA_IPTUN_PROTO, proto); + if (strcmp(lu->id, "sit") == 0) { addattr16(n, 1024, IFLA_IPTUN_FLAGS, iflags); - addattr8(n, 1024, IFLA_IPTUN_PROTO, proto); if (ip6rdprefixlen) { addattr_l(n, 1024, IFLA_IPTUN_6RD_PREFIX, &ip6rdprefix, sizeof(ip6rdprefix)); diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in index 994b539e..a7827124 100644 --- a/man/man8/ip-link.8.in +++ b/man/man8/ip-link.8.in @@ -703,8 +703,9 @@ applicable for Generic UDP Encapsulation. .BI mode " { ip6ip | ipip | mplsip | any } " - specifies mode in which device should run. "ip6ip" indicates IPv6-Over-IPv4, "ipip" indicates "IPv4-Over-IPv4", "mplsip" indicates -MPLS-Over-IPv4, "any" indicates IPv6, IPv4 or MPLS Over IPv4. Only -supported for SIT where the default is "ip6ip". +MPLS-Over-IPv4, "any" indicates IPv6, IPv4 or MPLS Over IPv4. Supported for +SIT where the default is "ip6ip" and IPIP where the default is "ipip". +IPv6-Over-IPv4 is not supported for IPIP. .in -8