Received: by 10.192.165.148 with SMTP id m20csp4971591imm; Tue, 24 Apr 2018 11:24:55 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/beJB3aNb2//Ka2PyWj6Kiy1/p7tul9D+7ZG0oBf2W5oJMhAlrnrXm9pDIgmS7Pg3lxXSY X-Received: by 10.99.180.6 with SMTP id s6mr21701936pgf.334.1524594295028; Tue, 24 Apr 2018 11:24:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524594294; cv=none; d=google.com; s=arc-20160816; b=IKRLW2sneoVN9Be89x4TFelsvRpvfHyMuLQwZd8NL2u9w3OQZ5ZQwu+mShTlu8bTIM zqmYPpbZlKY/Ck//ShGswR/7wjnl4t6/GNHuOG3JGDSXIZkY7JJhVEkYDZMOtvft2t6U JTQ/8ORqEaHMgMbwPlaIm/0LxuC5TeK0a2XKog56VSHnYfAkjBIcye50rQ1UBokOE601 oaxTeUytGUGSr9wSxvbzxhCxze8pqUEJyfSTNwgv9hxwxHpbfVKKSieCesADbxB4ZYwJ wRRiYmy9MUe68Dnqjx1Hg+rUELu0K0PsNp1wGaurt6edXEKh2ckCBXnxMsvr98vLMZzg GPMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=YjWCuzq94h4C0Z5iiHJ93PmoDbPYdCCXmPjwG/VGvR4=; b=Xcqal+PXxfzWPmQ9gQoykg5EqSRcp37jBMQJyAYl0nbySYWVBJJTSweac89yyWPIkg qWy+uulypVArlwTbntn9dFWFFEnvOTsXQzDvIMBimCp3gVF/5sveqUXLZ34H+B5Bg7L6 wx/bXw3g8Ss+foEodbRrcHBuCXiINCFWK3V1Ii2bcEUyymMCLWtkjzWeAM7Zm7psfKLy zh/TYcee6yQFKyQFcvlelaT11uF6AATmxHw4ggMKR1ebS+jvkz3ZT85cSFS6XhtGsc9M 20OmZBFW7gc5FIuZhc0JTDzvOXvyyV4GUC4FlpaUSvB2mM2uEMwMcRQUbPrqZMkxdKUi gSKg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=PPEYgnrA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x124si12298374pgb.651.2018.04.24.11.24.40; Tue, 24 Apr 2018 11:24:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=PPEYgnrA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752876AbeDXSXb (ORCPT + 99 others); Tue, 24 Apr 2018 14:23:31 -0400 Received: from mail-wr0-f195.google.com ([209.85.128.195]:44475 "EHLO mail-wr0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752732AbeDXSXZ (ORCPT ); Tue, 24 Apr 2018 14:23:25 -0400 Received: by mail-wr0-f195.google.com with SMTP id o15-v6so50887864wro.11; Tue, 24 Apr 2018 11:23:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=YjWCuzq94h4C0Z5iiHJ93PmoDbPYdCCXmPjwG/VGvR4=; b=PPEYgnrAKgP76xNRbytp1DXYNsGlrosVfakakuvvumQFjuZdJEoQoxAOZE6R5pQOge MiisaKw/1d0toZHvJkIpQqJe38ZjDlfuYFVKTvZUlG0tcY5DPuJJ2fJItGftxxnp2QLL KUh4ncIgI1kPnu+ndj2qjmcBqrXLL34P43OKvPy+ma55QYj5YYRF9fhuP6pMuZacB+B/ jCPiBOIUZPDQURIOqPjzDSJGmq3gTmPXcKqwrX7lMtFjg4nWQyOaBqW7r0gikH4RgoJC PQVKoG3BO9fUXsiycoOXYP30Ib72hxobfZOxDksAeRJ3FBxe+s24ohieGoL4avvpwiUm TtxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=YjWCuzq94h4C0Z5iiHJ93PmoDbPYdCCXmPjwG/VGvR4=; b=RijHNcRko0HB44GVIQyyE2zOLUFZJa1xCtEGGmcthvrP23ObGmDKqUX5GXaL6dUNr0 wI+/qimdrFntORe4N3TnlgYRr3UFBx2KrOUjjBdUom/pqvpy33YEWQcFAfB/3XbwK9Ur caE3/9Zq8PBrTLNSXyHEWTkM0RcIE4soLJnkYtrjIi4YyDPUUSi5ERwtZzLZJEm4SuXk lFCDlu1Jh+UPIncaMkiYNYjPMJvMcgE2RtRORyGF38+X3IieTtiQaMl+1ISHpjhcx+Ix IGnD6agOIFvFc2iQkDa86hHvN0kprDK7Qwi6uBzPxZuSmgziP73nD6DFXLNv5F2HgiSQ yJJQ== X-Gm-Message-State: ALQs6tDBGK7sj4aJR95iGs4J1HGeAIG2DFYSdOZTRj9eo+QNSUEsFWIc iw1CRh0Jyj2b5qitlnbQ7Zo= X-Received: by 2002:adf:b850:: with SMTP id u16-v6mr21797903wrf.64.1524594203799; Tue, 24 Apr 2018 11:23:23 -0700 (PDT) Received: from localhost.localdomain ([192.135.27.140]) by smtp.gmail.com with ESMTPSA id c50-v6sm29045332wrc.11.2018.04.24.11.23.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 24 Apr 2018 11:23:22 -0700 (PDT) From: Ahmed Abdelsalam To: davem@davemloft.net, dav.lebrun@gmail.com, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Ahmed Abdelsalam Subject: [net-next v3] ipv6: sr: Compute flowlabel for outer IPv6 header of seg6 encap mode Date: Tue, 24 Apr 2018 20:23:16 +0200 Message-Id: <1524594196-12383-1-git-send-email-amsalam20@gmail.com> X-Mailer: git-send-email 2.1.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ECMP (equal-cost multipath) hashes are typically computed on the packets' 5-tuple(src IP, dst IP, src port, dst port, L4 proto). For encapsulated packets, the L4 data is not readily available and ECMP hashing will often revert to (src IP, dst IP). This will lead to traffic polarization on a single ECMP path, causing congestion and waste of network capacity. In IPv6, the 20-bit flow label field is also used as part of the ECMP hash. In the lack of L4 data, the hashing will be on (src IP, dst IP, flow label). Having a non-zero flow label is thus important for proper traffic load balancing when L4 data is unavailable (i.e., when packets are encapsulated). Currently, the seg6_do_srh_encap() function extracts the original packet's flow label and set it as the outer IPv6 flow label. There are two issues with this behaviour: a) There is no guarantee that the inner flow label is set by the source. b) If the original packet is not IPv6, the flow label will be set to zero (e.g., IPv4 or L2 encap). This patch adds a function, named seg6_make_flowlabel(), that computes a flow label from a given skb. It supports IPv6, IPv4 and L2 payloads, and leverages the per namespace 'seg6_flowlabel" sysctl value. The currently support behaviours are as follows: -1 set flowlabel to zero. 0 copy flowlabel from Inner paceket in case of Inner IPv6 (Set flowlabel to 0 in case IPv4/L2) 1 Compute the flowlabel using seg6_make_flowlabel() This patch has been tested for IPv6, IPv4, and L2 traffic. Signed-off-by: Ahmed Abdelsalam --- include/net/netns/ipv6.h | 1 + net/ipv6/seg6_iptunnel.c | 24 ++++++++++++++++++++++-- net/ipv6/sysctl_net_ipv6.c | 8 ++++++++ 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h index 97b3a54..c978a31 100644 --- a/include/net/netns/ipv6.h +++ b/include/net/netns/ipv6.h @@ -43,6 +43,7 @@ struct netns_sysctl_ipv6 { int max_hbh_opts_cnt; int max_dst_opts_len; int max_hbh_opts_len; + int seg6_flowlabel; }; struct netns_ipv6 { diff --git a/net/ipv6/seg6_iptunnel.c b/net/ipv6/seg6_iptunnel.c index 5fe1394..9898926 100644 --- a/net/ipv6/seg6_iptunnel.c +++ b/net/ipv6/seg6_iptunnel.c @@ -91,6 +91,24 @@ static void set_tun_src(struct net *net, struct net_device *dev, rcu_read_unlock(); } +/* Compute flowlabel for outer IPv6 header */ +static __be32 seg6_make_flowlabel(struct net *net, struct sk_buff *skb, + struct ipv6hdr *inner_hdr) +{ + int do_flowlabel = net->ipv6.sysctl.seg6_flowlabel; + __be32 flowlabel = 0; + u32 hash; + + if (do_flowlabel > 0) { + hash = skb_get_hash(skb); + rol32(hash, 16); + flowlabel = (__force __be32)hash & IPV6_FLOWLABEL_MASK; + } else if (!do_flowlabel && skb->protocol == htons(ETH_P_IPV6)) { + flowlabel = ip6_flowlabel(inner_hdr); + } + return flowlabel; +} + /* encapsulate an IPv6 packet within an outer IPv6 header with a given SRH */ int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh, int proto) { @@ -99,6 +117,7 @@ int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh, int proto) struct ipv6hdr *hdr, *inner_hdr; struct ipv6_sr_hdr *isrh; int hdrlen, tot_len, err; + __be32 flowlabel; hdrlen = (osrh->hdrlen + 1) << 3; tot_len = hdrlen + sizeof(*hdr); @@ -119,12 +138,13 @@ int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh, int proto) * decapsulation will overwrite inner hlim with outer hlim */ + flowlabel = seg6_make_flowlabel(net, skb, inner_hdr); if (skb->protocol == htons(ETH_P_IPV6)) { ip6_flow_hdr(hdr, ip6_tclass(ip6_flowinfo(inner_hdr)), - ip6_flowlabel(inner_hdr)); + flowlabel); hdr->hop_limit = inner_hdr->hop_limit; } else { - ip6_flow_hdr(hdr, 0, 0); + ip6_flow_hdr(hdr, 0, flowlabel); hdr->hop_limit = ip6_dst_hoplimit(skb_dst(skb)); } diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c index 6fbdef6..e15cd37 100644 --- a/net/ipv6/sysctl_net_ipv6.c +++ b/net/ipv6/sysctl_net_ipv6.c @@ -152,6 +152,13 @@ static struct ctl_table ipv6_table_template[] = { .extra1 = &zero, .extra2 = &one, }, + { + .procname = "seg6_flowlabel", + .data = &init_net.ipv6.sysctl.seg6_flowlabel, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec + }, { } }; @@ -217,6 +224,7 @@ static int __net_init ipv6_sysctl_net_init(struct net *net) ipv6_table[12].data = &net->ipv6.sysctl.max_dst_opts_len; ipv6_table[13].data = &net->ipv6.sysctl.max_hbh_opts_len; ipv6_table[14].data = &net->ipv6.sysctl.multipath_hash_policy, + ipv6_table[15].data = &net->ipv6.sysctl.seg6_flowlabel; ipv6_route_table = ipv6_route_sysctl_init(net); if (!ipv6_route_table) -- 2.1.4