mirror of
https://git.proxmox.com/git/mirror_iproute2
synced 2025-10-09 19:25:37 +00:00
35f2a7639d
Sample use case: ... add ingress qdisc sudo $TC qdisc add dev $ETH ingress ... if we exceed rate of 1kbps (burst of 90K), do an absolute jump of 2 actions sudo $TC actions add action police rate 1kbit burst 90k conform-exceed jump 2 / pipe sudo $TC -s actions ls action police action order 0: police 0x4 rate 1Kbit burst 23440b mtu 2Kb action jump 2/pipe overhead 0b ref 1 bind 0 installed 41 sec used 41 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 ... lets add a couple of marks so we can use them to mark exceed/not exceed sudo $TC actions add action skbedit mark 11 ok index 11 sudo $TC actions add action skbedit mark 12 ok index 12 ... if we dont exceed our rate we get a mark of 11, else mark of 12 sudo $TC filter add dev $ETH parent ffff: protocol ip prio 8 u32 \ match ip dst 127.0.0.8/32 flowid 1:10 \ action police index 4 \ action skbedit index 11 \ action skbedit index 12 Ok, lets keep this thing a little busy.. sudo ping -f -c 10000 127.0.0.8 ... now lets see the filters.. sudo $TC -s filter ls dev $ETH parent ffff: protocol ip filter pref 8 u32 chain 0 filter pref 8 u32 chain 0 fh 800: ht divisor 1 filter pref 8 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:10 not_in_hw (rule hit 20000 success 10000) match 7f000008/ffffffff at 16 (success 10000 ) action order 1: police 0x4 rate 1Kbit burst 23440b mtu 2Kb action jump 2/pipe overhead 0b ref 2 bind 1 installed 198 sec used 2 sec Action statistics: Sent 840000 bytes 10000 pkt (dropped 0, overlimits 9721 requeues 0) backlog 0b 0p requeues 0 action order 2: skbedit mark 11 pass index 11 ref 2 bind 1 installed 127 sec used 2 sec Action statistics: Sent 23436 bytes 279 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 action order 3: skbedit mark 12 pass index 12 ref 2 bind 1 installed 127 sec used 2 sec Action statistics: Sent 816564 bytes 9721 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 As can be seen 97.21% of the packets were marked as exceeding the allocated rate; you could do something clever with the skb mark after this. Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
216 lines
4.7 KiB
C
216 lines
4.7 KiB
C
/*
|
|
* m_gact.c generic actions module
|
|
*
|
|
* This program is free software; you can distribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*
|
|
* Authors: J Hadi Salim (hadi@cyberus.ca)
|
|
*
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <unistd.h>
|
|
#include <syslog.h>
|
|
#include <fcntl.h>
|
|
#include <sys/socket.h>
|
|
#include <netinet/in.h>
|
|
#include <arpa/inet.h>
|
|
#include <string.h>
|
|
|
|
#include "utils.h"
|
|
#include "tc_util.h"
|
|
#include <linux/tc_act/tc_gact.h>
|
|
|
|
/* define to turn on probablity stuff */
|
|
|
|
#ifdef CONFIG_GACT_PROB
|
|
static const char *prob_n2a(int p)
|
|
{
|
|
if (p == PGACT_NONE)
|
|
return "none";
|
|
if (p == PGACT_NETRAND)
|
|
return "netrand";
|
|
if (p == PGACT_DETERM)
|
|
return "determ";
|
|
return "none";
|
|
}
|
|
#endif
|
|
|
|
static void
|
|
explain(void)
|
|
{
|
|
#ifdef CONFIG_GACT_PROB
|
|
fprintf(stderr, "Usage: ... gact <ACTION> [RAND] [INDEX]\n");
|
|
fprintf(stderr,
|
|
"Where: \tACTION := reclassify | drop | continue | pass | pipe |\n"
|
|
" \t goto chain <CHAIN_INDEX> | jump <JUMP_COUNT>\n"
|
|
"\tRAND := random <RANDTYPE> <ACTION> <VAL>\n"
|
|
"\tRANDTYPE := netrand | determ\n"
|
|
"\tVAL : = value not exceeding 10000\n"
|
|
"\tJUMP_COUNT := Absolute jump from start of action list\n"
|
|
"\tINDEX := index value used\n"
|
|
"\n");
|
|
#else
|
|
fprintf(stderr, "Usage: ... gact <ACTION> [INDEX]\n");
|
|
fprintf(stderr,
|
|
"Where: \tACTION := reclassify | drop | continue | pass | pipe |\n"
|
|
" \t goto chain <CHAIN_INDEX> | jump <JUMP_COUNT>\n"
|
|
"\tINDEX := index value used\n"
|
|
"\tJUMP_COUNT := Absolute jump from start of action list\n"
|
|
"\n");
|
|
#endif
|
|
}
|
|
|
|
|
|
static void
|
|
usage(void)
|
|
{
|
|
explain();
|
|
exit(-1);
|
|
}
|
|
|
|
static int
|
|
parse_gact(struct action_util *a, int *argc_p, char ***argv_p,
|
|
int tca_id, struct nlmsghdr *n)
|
|
{
|
|
int argc = *argc_p;
|
|
char **argv = *argv_p;
|
|
struct tc_gact p = { 0 };
|
|
#ifdef CONFIG_GACT_PROB
|
|
int rd = 0;
|
|
struct tc_gact_p pp;
|
|
#endif
|
|
struct rtattr *tail;
|
|
|
|
if (argc < 0)
|
|
return -1;
|
|
|
|
|
|
if (matches(*argv, "gact") == 0) {
|
|
argc--;
|
|
argv++;
|
|
} else if (parse_action_control(&argc, &argv, &p.action, false) == -1) {
|
|
usage(); /* does not return */
|
|
}
|
|
|
|
#ifdef CONFIG_GACT_PROB
|
|
if (argc > 0) {
|
|
if (matches(*argv, "random") == 0) {
|
|
rd = 1;
|
|
NEXT_ARG();
|
|
if (matches(*argv, "netrand") == 0) {
|
|
NEXT_ARG();
|
|
pp.ptype = PGACT_NETRAND;
|
|
} else if (matches(*argv, "determ") == 0) {
|
|
NEXT_ARG();
|
|
pp.ptype = PGACT_DETERM;
|
|
} else {
|
|
fprintf(stderr, "Illegal \"random type\"\n");
|
|
return -1;
|
|
}
|
|
|
|
if (parse_action_control(&argc, &argv,
|
|
&pp.paction, false) == -1)
|
|
usage();
|
|
if (get_u16(&pp.pval, *argv, 10)) {
|
|
fprintf(stderr, "Illegal probability val 0x%x\n", pp.pval);
|
|
return -1;
|
|
}
|
|
if (pp.pval > 10000) {
|
|
fprintf(stderr, "Illegal probability val 0x%x\n", pp.pval);
|
|
return -1;
|
|
}
|
|
argc--;
|
|
argv++;
|
|
} else if (matches(*argv, "help") == 0) {
|
|
usage();
|
|
}
|
|
}
|
|
#endif
|
|
|
|
if (argc > 0) {
|
|
if (matches(*argv, "index") == 0) {
|
|
NEXT_ARG();
|
|
if (get_u32(&p.index, *argv, 10)) {
|
|
fprintf(stderr, "Illegal \"index\"\n");
|
|
return -1;
|
|
}
|
|
argc--;
|
|
argv++;
|
|
} else if (matches(*argv, "help") == 0) {
|
|
usage();
|
|
}
|
|
}
|
|
|
|
tail = NLMSG_TAIL(n);
|
|
addattr_l(n, MAX_MSG, tca_id, NULL, 0);
|
|
addattr_l(n, MAX_MSG, TCA_GACT_PARMS, &p, sizeof(p));
|
|
#ifdef CONFIG_GACT_PROB
|
|
if (rd) {
|
|
addattr_l(n, MAX_MSG, TCA_GACT_PROB, &pp, sizeof(pp));
|
|
}
|
|
#endif
|
|
tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail;
|
|
|
|
*argc_p = argc;
|
|
*argv_p = argv;
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
print_gact(struct action_util *au, FILE * f, struct rtattr *arg)
|
|
{
|
|
#ifdef CONFIG_GACT_PROB
|
|
struct tc_gact_p *pp = NULL;
|
|
struct tc_gact_p pp_dummy;
|
|
#endif
|
|
struct tc_gact *p = NULL;
|
|
struct rtattr *tb[TCA_GACT_MAX + 1];
|
|
|
|
if (arg == NULL)
|
|
return -1;
|
|
|
|
parse_rtattr_nested(tb, TCA_GACT_MAX, arg);
|
|
|
|
if (tb[TCA_GACT_PARMS] == NULL) {
|
|
fprintf(f, "[NULL gact parameters]");
|
|
return -1;
|
|
}
|
|
p = RTA_DATA(tb[TCA_GACT_PARMS]);
|
|
|
|
fprintf(f, "gact ");
|
|
print_action_control(f, "action ", p->action, "");
|
|
#ifdef CONFIG_GACT_PROB
|
|
if (tb[TCA_GACT_PROB] != NULL) {
|
|
pp = RTA_DATA(tb[TCA_GACT_PROB]);
|
|
} else {
|
|
/* need to keep consistent output */
|
|
memset(&pp_dummy, 0, sizeof(pp_dummy));
|
|
pp = &pp_dummy;
|
|
}
|
|
fprintf(f, "\n\t random type %s", prob_n2a(pp->ptype));
|
|
print_action_control(f, " ", pp->paction, " ");
|
|
fprintf(f, "val %d", pp->pval);
|
|
#endif
|
|
fprintf(f, "\n\t index %u ref %d bind %d", p->index, p->refcnt,
|
|
p->bindcnt);
|
|
if (show_stats) {
|
|
if (tb[TCA_GACT_TM]) {
|
|
struct tcf_t *tm = RTA_DATA(tb[TCA_GACT_TM]);
|
|
|
|
print_tm(f, tm);
|
|
}
|
|
}
|
|
fprintf(f, "\n ");
|
|
return 0;
|
|
}
|
|
|
|
struct action_util gact_action_util = {
|
|
.id = "gact",
|
|
.parse_aopt = parse_gact,
|
|
.print_aopt = print_gact,
|
|
};
|