Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp1409473ybc; Tue, 12 Nov 2019 20:56:12 -0800 (PST) X-Google-Smtp-Source: APXvYqzGvARkDJuaT5z0Yvja7GO1VasxLcDHtctbe7fN5NZhKZDF5v7augsIfI6mOrsY01GIfyqN X-Received: by 2002:a50:90a6:: with SMTP id c35mr1569032eda.22.1573620972385; Tue, 12 Nov 2019 20:56:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573620972; cv=none; d=google.com; s=arc-20160816; b=YdU6lxbZEWzwsiXiuE5RPMsgTSajOIF7A0lNMF7rDm5IktZbgbsHddk3GKnVnkwP8K tCnGr3ppU3m2fkqbn1WIRMvnetvVmfEc1VG5JzZza6FBzxVEYzwLjVDgEAZzgyUjHPde uOlZLD45gEiKGRkvkhyib1MoPqiJgzq3/PVtdQKs7qaNN5Vl5inHJ4tOf2ncIlX5iaQO c2EBHFAKXARyPdG8jGoPnEhvsbj7y6Z/y3AL4tg4Xy3TStrZqEC9oiOYXuk0ER4jnPxy mn5h5WrewkPpgnkB9hI+pS3/443f3gNjFUrBJMpdL23CFgLQv0tvw6FmutyhXO3/zxFI zdNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=62TwrVSWBBBZnbZQ1VAr54F4O9nClgAAmGzm6XG+fOY=; b=J17XOUvfJ6OYMUHOLNIozXLR+RVfARN2CALNQLzGdCGDYuYK5FVWSLimlinreSmKia B8pzsUrC49lMwAmZVNawmqv2cqs4tKhR7NoMZh+VyKL6XjQFTwpk6GA7F2jc5+cwIVMh BguOFlSZbSdi4oeBkUSz8D6wjDz+XJB2o6GQQTsy9wRsVMd37SIne2Q4/dM9sj9MZFqd kYeWfr6ZXY9r9yrvrj5TATAjCbbRfMR31Nnqt26FeOMnddsHTl0YfgLrT/ZR5Q5zoiI7 GpllT/bFcB7Sn+T7V5nhiQuT7nU/HtYV+d9uPTDJzY3S2NWY5J7kG0288iT1Bf+BI93c BM9g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c6si496572ejc.350.2019.11.12.20.55.47; Tue, 12 Nov 2019 20:56:12 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727344AbfKMEy4 (ORCPT + 99 others); Tue, 12 Nov 2019 23:54:56 -0500 Received: from relay5-d.mail.gandi.net ([217.70.183.197]:45841 "EHLO relay5-d.mail.gandi.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726995AbfKMEy4 (ORCPT ); Tue, 12 Nov 2019 23:54:56 -0500 X-Originating-IP: 209.85.217.45 Received: from mail-vs1-f45.google.com (mail-vs1-f45.google.com [209.85.217.45]) (Authenticated sender: pshelar@ovn.org) by relay5-d.mail.gandi.net (Postfix) with ESMTPSA id CCFF71C0005; Wed, 13 Nov 2019 04:54:53 +0000 (UTC) Received: by mail-vs1-f45.google.com with SMTP id b16so497459vso.10; Tue, 12 Nov 2019 20:54:53 -0800 (PST) X-Gm-Message-State: APjAAAWnE7at9VgipNKtub3F5SbKI+Q2CJ0tc+uPs5SaJ4Orikqa2U7i vqquOmrjDloAIADuSpfC934fRylno9oDZmxwRjQ= X-Received: by 2002:a67:eec7:: with SMTP id o7mr754529vsp.58.1573620892707; Tue, 12 Nov 2019 20:54:52 -0800 (PST) MIME-Version: 1.0 References: <20191112102518.4406-1-mcroce@redhat.com> In-Reply-To: <20191112102518.4406-1-mcroce@redhat.com> From: Pravin Shelar Date: Tue, 12 Nov 2019 20:54:43 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH net-next] openvswitch: add TTL decrement action To: Matteo Croce Cc: Linux Kernel Network Developers , ovs dev , linux-kernel@vger.kernel.org, "David S. Miller" , Bindiya Kurle Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 12, 2019 at 2:25 AM Matteo Croce wrote: > > New action to decrement TTL instead of setting it to a fixed value. > This action will decrement the TTL and, in case of expired TTL, send the > packet to userspace via output_userspace() to take care of it. > > Supports both IPv4 and IPv6 via the ttl and hop_limit fields, respectively. > > Tested with a corresponding change in the userspace: > > # ovs-dpctl dump-flows > in_port(2),eth(),eth_type(0x0800), packets:0, bytes:0, used:never, actions:dec_ttl,1 > in_port(1),eth(),eth_type(0x0800), packets:0, bytes:0, used:never, actions:dec_ttl,2 > in_port(1),eth(),eth_type(0x0806), packets:0, bytes:0, used:never, actions:2 > in_port(2),eth(),eth_type(0x0806), packets:0, bytes:0, used:never, actions:1 > > # ping -c1 192.168.0.2 -t 42 > IP (tos 0x0, ttl 41, id 61647, offset 0, flags [DF], proto ICMP (1), length 84) > 192.168.0.1 > 192.168.0.2: ICMP echo request, id 386, seq 1, length 64 > # ping -c1 192.168.0.2 -t 120 > IP (tos 0x0, ttl 119, id 62070, offset 0, flags [DF], proto ICMP (1), length 84) > 192.168.0.1 > 192.168.0.2: ICMP echo request, id 388, seq 1, length 64 > # ping -c1 192.168.0.2 -t 1 > # > > Co-authored-by: Bindiya Kurle > Signed-off-by: Bindiya Kurle > Signed-off-by: Matteo Croce > --- > include/uapi/linux/openvswitch.h | 2 ++ > net/openvswitch/actions.c | 46 ++++++++++++++++++++++++++++++++ > net/openvswitch/flow_netlink.c | 6 +++++ > 3 files changed, 54 insertions(+) > > diff --git a/include/uapi/linux/openvswitch.h b/include/uapi/linux/openvswitch.h > index 1887a451c388..a3bdb1ecd1e7 100644 > --- a/include/uapi/linux/openvswitch.h > +++ b/include/uapi/linux/openvswitch.h > @@ -890,6 +890,7 @@ struct check_pkt_len_arg { > * @OVS_ACTION_ATTR_CHECK_PKT_LEN: Check the packet length and execute a set > * of actions if greater than the specified packet length, else execute > * another set of actions. > + * @OVS_ACTION_ATTR_DEC_TTL: Decrement the IP TTL. > * > * Only a single header can be set with a single %OVS_ACTION_ATTR_SET. Not all > * fields within a header are modifiable, e.g. the IPv4 protocol and fragment > @@ -925,6 +926,7 @@ enum ovs_action_attr { > OVS_ACTION_ATTR_METER, /* u32 meter ID. */ > OVS_ACTION_ATTR_CLONE, /* Nested OVS_CLONE_ATTR_*. */ > OVS_ACTION_ATTR_CHECK_PKT_LEN, /* Nested OVS_CHECK_PKT_LEN_ATTR_*. */ > + OVS_ACTION_ATTR_DEC_TTL, /* Decrement ttl action */ > > __OVS_ACTION_ATTR_MAX, /* Nothing past this will be accepted > * from userspace. */ > diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c > index 12936c151cc0..077b7f309c93 100644 > --- a/net/openvswitch/actions.c > +++ b/net/openvswitch/actions.c > @@ -1174,6 +1174,43 @@ static int execute_check_pkt_len(struct datapath *dp, struct sk_buff *skb, > nla_len(actions), last, clone_flow_key); > } > > +static int execute_dec_ttl(struct sk_buff *skb, struct sw_flow_key *key) > +{ > + int err; > + > + if (skb->protocol == htons(ETH_P_IPV6)) { > + struct ipv6hdr *nh = ipv6_hdr(skb); > + > + err = skb_ensure_writable(skb, skb_network_offset(skb) + > + sizeof(*nh)); > + if (unlikely(err)) > + return err; > + > + if (nh->hop_limit <= 1) > + return -EHOSTUNREACH; > + > + key->ip.ttl = --nh->hop_limit; > + } else { > + struct iphdr *nh = ip_hdr(skb); > + u8 old_ttl; > + > + err = skb_ensure_writable(skb, skb_network_offset(skb) + > + sizeof(*nh)); > + if (unlikely(err)) > + return err; > + > + if (nh->ttl <= 1) > + return -EHOSTUNREACH; > + > + old_ttl = nh->ttl--; > + csum_replace2(&nh->check, htons(old_ttl << 8), > + htons(nh->ttl << 8)); > + key->ip.ttl = nh->ttl; > + } > + > + return 0; > +} > + > /* Execute a list of actions against 'skb'. */ > static int do_execute_actions(struct datapath *dp, struct sk_buff *skb, > struct sw_flow_key *key, > @@ -1345,6 +1382,15 @@ static int do_execute_actions(struct datapath *dp, struct sk_buff *skb, > > break; > } > + > + case OVS_ACTION_ATTR_DEC_TTL: > + err = execute_dec_ttl(skb, key); > + if (err == -EHOSTUNREACH) { > + output_userspace(dp, skb, key, a, attr, > + len, OVS_CB(skb)->cutlen); > + OVS_CB(skb)->cutlen = 0; > + } This needs to be programmable rather than fixed action. Can you add nested actions list as argument to execute in case of this exception. This way we can implement rate limiting or port redirections for handling such packet.