Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp636122ybc; Tue, 12 Nov 2019 07:02:17 -0800 (PST) X-Google-Smtp-Source: APXvYqwjPA6Y1ghsOLQHDIYrsIZ0ADuurDGeZ7n1BhvbhDu2klYPW/oUaiqVr4993F0rCvHB2uH3 X-Received: by 2002:a5d:5227:: with SMTP id i7mr7153727wra.277.1573570937204; Tue, 12 Nov 2019 07:02:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573570937; cv=none; d=google.com; s=arc-20160816; b=tT+GaGUHdAG2i+OCw4m0ImiMbwfct+tJx3CwIII/FjlOUKLmrkm46VDg1EvIGquFqA YR84iNDM5CluIBLl+oE8rbZ1EO4JQCceDjwPdxPw0k3ayL80KgPS/D9dix0T7YI8h2bd vtzphrvxFhrNDi/MXUQur86FvXc/zF2YdkOnli/zlM5/dX48+MvpMVDzt/ZiwGYhxYhp /LIxZ2s2yMDE0soOOnNII6zf2bMZRDWc4GvLMFL/M9yPRvMgvfMoQstRe+xpXMGIku2F ILK1EGcClo9hbLoL+6bvAUDBV00xR44jc7Web99RCSwdwu6S2adJskUVVNHyOc7riuKV S+ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=5UwP7siHF7rXmwCKrvI+cVhn0JyvOeSUcSusWVJIBwM=; b=nO3RQahofifBAigN3Lo5ZQAbce9t40vm3dEXSHWGQ41p58eIq1pgZt58gCU3jCs8jZ T+jre245HjS3Ak10oJWby7AzZ02mGFYQWOwGRTLKIvZnMyoNMxFLqnk91XntWnqH0i+V lJnghN6pQN9BHqx5Hb+goPxia7lY0Z64cwXmf1HjhrzHShv33DSxM7ve4V78eoNEMEnv fONkuJL9C1G9zJV9aeTuqPEpA5vpIfaAdgnEVwoel/Blv3V9F2ohPgNJEteud5h6gUnI KpnR6ynTpos534R7a+sd+xGB7fNBlzmUcqeJ4PlTDTVysAEBddkxKuxb/grAZ+ozacv8 c8Xg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@netronome-com.20150623.gappssmtp.com header.s=20150623 header.b=1x1jPWdz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d7si14091504eda.429.2019.11.12.07.01.47; Tue, 12 Nov 2019 07:02:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@netronome-com.20150623.gappssmtp.com header.s=20150623 header.b=1x1jPWdz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727113AbfKLPAw (ORCPT + 99 others); Tue, 12 Nov 2019 10:00:52 -0500 Received: from mail-wr1-f66.google.com ([209.85.221.66]:34851 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727063AbfKLPAw (ORCPT ); Tue, 12 Nov 2019 10:00:52 -0500 Received: by mail-wr1-f66.google.com with SMTP id s5so7784820wrw.2 for ; Tue, 12 Nov 2019 07:00:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=5UwP7siHF7rXmwCKrvI+cVhn0JyvOeSUcSusWVJIBwM=; b=1x1jPWdzU7c+Yrtlase69mZpy1u6gho3J/UUk2vh8ig52gH+WlLkljzOObNK+S+gBJ VEhhyd/ewCJ6KEgaYKRjNnz69TjSlt2InZNzXwIAsTpRKQsWwoULr+gq+0V9k3/uaIq8 EUvM+2YH1hv69THV/e+h0kcWdsoKE3XDovxDub7fsArXj5PiVk8kBrx8npCEReRLTdc1 7Nq4v2E2UW7yEv+qywYF90LHWP0si+Xqalp4CO7Q8kW/Q2A3FaXQf0j/PHuLwtGjRJW6 9+CPlluBi6DlyCyrfjQF+YPWr4L5WQHdpZ4BHEeHoFtSI2PfF43chQoUFr5KAZ7TOIYt AAIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=5UwP7siHF7rXmwCKrvI+cVhn0JyvOeSUcSusWVJIBwM=; b=kGtF5OIlhEBSwgJ3801evPqh8HDzlR3SB5bTwJkfAidjlciHq3IRUPZqF4Ng6NHWT8 e0PwEwdoyvYYVO8CBjzMfQziaeznhswdokm7qXsq6xv+wxqlOXTj1OWJMS83sKQeF50H 29R5NTLqdYOYMrLtw2iU+iBZQ4whuXoEG8QQ6XdMXTr6uchzIR5YY0trkD9wdT92nd0k 3ejSBkniwJoCkXpC/IZ6HQq5Nh9xRKdo1Pxqs4baVtaEs6JBW4s/2TpxqvO9o0NgY6jl GWCAVI6N/Xvz7sU2j+r+NgIwpubLzyKsaIa/7Y8iYbSagAXgCxERVl6ixNgXXJiZqU66 o/bQ== X-Gm-Message-State: APjAAAVEJx6Wk6268PYi7bBGdM5gEFJH1WI5CDehGFdXMJmXiYBqleKR NpaGaD5bM59cPXFHMMjfZ8PEBw== X-Received: by 2002:a5d:678f:: with SMTP id v15mr24776473wru.242.1573570848873; Tue, 12 Nov 2019 07:00:48 -0800 (PST) Received: from netronome.com ([2001:982:756:703:d63d:7eff:fe99:ac9d]) by smtp.gmail.com with ESMTPSA id n17sm18481152wrp.40.2019.11.12.07.00.48 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 12 Nov 2019 07:00:48 -0800 (PST) Date: Tue, 12 Nov 2019 16:00:47 +0100 From: Simon Horman To: Matteo Croce Cc: netdev@vger.kernel.org, dev@openvswitch.org, linux-kernel@vger.kernel.org, Pravin B Shelar , "David S. Miller" , Bindiya Kurle Subject: Re: [PATCH net-next] openvswitch: add TTL decrement action Message-ID: <20191112150046.2aehmeoq7ri6duwo@netronome.com> References: <20191112102518.4406-1-mcroce@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20191112102518.4406-1-mcroce@redhat.com> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 12, 2019 at 11:25:18AM +0100, Matteo Croce wrote: > New action to decrement TTL instead of setting it to a fixed value. > This action will decrement the TTL and, in case of expired TTL, send the > packet to userspace via output_userspace() to take care of it. > > Supports both IPv4 and IPv6 via the ttl and hop_limit fields, respectively. > > Tested with a corresponding change in the userspace: > > # ovs-dpctl dump-flows > in_port(2),eth(),eth_type(0x0800), packets:0, bytes:0, used:never, actions:dec_ttl,1 > in_port(1),eth(),eth_type(0x0800), packets:0, bytes:0, used:never, actions:dec_ttl,2 > in_port(1),eth(),eth_type(0x0806), packets:0, bytes:0, used:never, actions:2 > in_port(2),eth(),eth_type(0x0806), packets:0, bytes:0, used:never, actions:1 > > # ping -c1 192.168.0.2 -t 42 > IP (tos 0x0, ttl 41, id 61647, offset 0, flags [DF], proto ICMP (1), length 84) > 192.168.0.1 > 192.168.0.2: ICMP echo request, id 386, seq 1, length 64 > # ping -c1 192.168.0.2 -t 120 > IP (tos 0x0, ttl 119, id 62070, offset 0, flags [DF], proto ICMP (1), length 84) > 192.168.0.1 > 192.168.0.2: ICMP echo request, id 388, seq 1, length 64 > # ping -c1 192.168.0.2 -t 1 > # > > Co-authored-by: Bindiya Kurle > Signed-off-by: Bindiya Kurle > Signed-off-by: Matteo Croce Usually OVS achieves this behaviour by matching on the TTL and setting it to the desired value, pre-calculated as TTL -1. With that in mind could you explain the motivation for this change? > --- > include/uapi/linux/openvswitch.h | 2 ++ > net/openvswitch/actions.c | 46 ++++++++++++++++++++++++++++++++ > net/openvswitch/flow_netlink.c | 6 +++++ > 3 files changed, 54 insertions(+) > > diff --git a/include/uapi/linux/openvswitch.h b/include/uapi/linux/openvswitch.h > index 1887a451c388..a3bdb1ecd1e7 100644 > --- a/include/uapi/linux/openvswitch.h > +++ b/include/uapi/linux/openvswitch.h > @@ -890,6 +890,7 @@ struct check_pkt_len_arg { > * @OVS_ACTION_ATTR_CHECK_PKT_LEN: Check the packet length and execute a set > * of actions if greater than the specified packet length, else execute > * another set of actions. > + * @OVS_ACTION_ATTR_DEC_TTL: Decrement the IP TTL. > * > * Only a single header can be set with a single %OVS_ACTION_ATTR_SET. Not all > * fields within a header are modifiable, e.g. the IPv4 protocol and fragment > @@ -925,6 +926,7 @@ enum ovs_action_attr { > OVS_ACTION_ATTR_METER, /* u32 meter ID. */ > OVS_ACTION_ATTR_CLONE, /* Nested OVS_CLONE_ATTR_*. */ > OVS_ACTION_ATTR_CHECK_PKT_LEN, /* Nested OVS_CHECK_PKT_LEN_ATTR_*. */ > + OVS_ACTION_ATTR_DEC_TTL, /* Decrement ttl action */ > > __OVS_ACTION_ATTR_MAX, /* Nothing past this will be accepted > * from userspace. */ > diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c > index 12936c151cc0..077b7f309c93 100644 > --- a/net/openvswitch/actions.c > +++ b/net/openvswitch/actions.c > @@ -1174,6 +1174,43 @@ static int execute_check_pkt_len(struct datapath *dp, struct sk_buff *skb, > nla_len(actions), last, clone_flow_key); > } > > +static int execute_dec_ttl(struct sk_buff *skb, struct sw_flow_key *key) > +{ > + int err; > + > + if (skb->protocol == htons(ETH_P_IPV6)) { > + struct ipv6hdr *nh = ipv6_hdr(skb); > + > + err = skb_ensure_writable(skb, skb_network_offset(skb) + > + sizeof(*nh)); > + if (unlikely(err)) > + return err; > + > + if (nh->hop_limit <= 1) > + return -EHOSTUNREACH; > + > + key->ip.ttl = --nh->hop_limit; > + } else { > + struct iphdr *nh = ip_hdr(skb); > + u8 old_ttl; > + > + err = skb_ensure_writable(skb, skb_network_offset(skb) + > + sizeof(*nh)); > + if (unlikely(err)) > + return err; > + > + if (nh->ttl <= 1) > + return -EHOSTUNREACH; > + > + old_ttl = nh->ttl--; > + csum_replace2(&nh->check, htons(old_ttl << 8), > + htons(nh->ttl << 8)); > + key->ip.ttl = nh->ttl; > + } The above may send packets with TTL = 0, is that desired? > + > + return 0; > +} > + > /* Execute a list of actions against 'skb'. */ > static int do_execute_actions(struct datapath *dp, struct sk_buff *skb, > struct sw_flow_key *key, > @@ -1345,6 +1382,15 @@ static int do_execute_actions(struct datapath *dp, struct sk_buff *skb, > > break; > } > + > + case OVS_ACTION_ATTR_DEC_TTL: > + err = execute_dec_ttl(skb, key); > + if (err == -EHOSTUNREACH) { > + output_userspace(dp, skb, key, a, attr, > + len, OVS_CB(skb)->cutlen); > + OVS_CB(skb)->cutlen = 0; > + } > + break; > } > > if (unlikely(err)) { > diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c > index 65c2e3458ff5..d17f2d4b420f 100644 > --- a/net/openvswitch/flow_netlink.c > +++ b/net/openvswitch/flow_netlink.c > @@ -79,6 +79,7 @@ static bool actions_may_change_flow(const struct nlattr *actions) > case OVS_ACTION_ATTR_SET_MASKED: > case OVS_ACTION_ATTR_METER: > case OVS_ACTION_ATTR_CHECK_PKT_LEN: > + case OVS_ACTION_ATTR_DEC_TTL: > default: > return true; > } > @@ -3005,6 +3006,7 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, > [OVS_ACTION_ATTR_METER] = sizeof(u32), > [OVS_ACTION_ATTR_CLONE] = (u32)-1, > [OVS_ACTION_ATTR_CHECK_PKT_LEN] = (u32)-1, > + [OVS_ACTION_ATTR_DEC_TTL] = 0, > }; > const struct ovs_action_push_vlan *vlan; > int type = nla_type(a); > @@ -3233,6 +3235,10 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, > break; > } > > + case OVS_ACTION_ATTR_DEC_TTL: > + /* Nothing to do. */ > + break; > + > default: > OVS_NLERR(log, "Unknown Action type %d", type); > return -EINVAL; > -- > 2.23.0 >