Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp3142021ybl; Fri, 20 Dec 2019 04:38:47 -0800 (PST) X-Google-Smtp-Source: APXvYqxWV7IOkWuKbuuDJwIhonSbXMoHLOTr+2UbyaLa0UAjwhdUCeqL5NLorkaJ4fCeG4KqUy9j X-Received: by 2002:a9d:6f0a:: with SMTP id n10mr15294896otq.54.1576845527873; Fri, 20 Dec 2019 04:38:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576845527; cv=none; d=google.com; s=arc-20160816; b=u42u79EOgv0tVjtQyDCU94t39GHCM/ePo5ONtC55alLLMIcVraJtGtwsuHnfvWObZu Lw9IhJ8qYa/ogILrtg4s618UiAgGDc+NcCcwWPvSXlO1cke+em0cEwAQlrTX//bmdj9n N/4EyGogX/xiPRUxiLJ/dv7ePJf/ENXSB2KhMQak8wOBfHaSM9pr9+4LdVT2agqUx8M5 wvqs6FldlAOQtihHQmM0aaTpvv11DD3ANPxAHN/Ju4JGfwu5r4riBMDBJAKqz/LEAph3 /gq6/O8XfIqJN8nyLSK0aflWN8OEkRAq9bsXN/zJVt8EJ//qndxjxCCAJUHUubZIIPby 3SkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=tej/n4A7UHRnvHhgibQAxYCuLBCu3uUQkoxEy/wczjQ=; b=qTbF9Dqtk5bTYqfw8wwYxFJq4D/S96qRwHAxSKtk+bGfgr+RfDOnRU6F06kFfHZNf8 eDb6mBa1uCrur9A2gqvLxVtxSj0PCbHeUSiGSKT6/N2fCb6Gx1dI7RuBI9iKjNQcvtye JqCipK0R282dlJoNGmIxVUDu5pvdM3LNv/VFsa4f71VwcCuHAYZkHDxGJapeh48i2Cur OoGjXK0I02nduAPrDC4aigXHwWUk8XikSk7WOh9nSEoCZE+JsrgXdto9rwbg05ubFKqK NtFAcPk8M4I9o3Diq8DZU6GfJdKsVFARHwMNXl4lKOsDFOl0T2wz/Cra0+xi0VZnVm2F Gmmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=efTQfkRZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n9si4665078ota.103.2019.12.20.04.38.35; Fri, 20 Dec 2019 04:38:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=efTQfkRZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727382AbfLTMhm (ORCPT + 99 others); Fri, 20 Dec 2019 07:37:42 -0500 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:58158 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727298AbfLTMhk (ORCPT ); Fri, 20 Dec 2019 07:37:40 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1576845459; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=tej/n4A7UHRnvHhgibQAxYCuLBCu3uUQkoxEy/wczjQ=; b=efTQfkRZFR9DqOcuPWqdjgjQRzkkHB7odZYBfqtthJF8tT4JajBu5cLVjDGeHLDbSvC8vW ms/EmI39S4h54pkDYO3ou9tR6QgC3VWLrdYmY/9G3eIsgZ7gqNKDaY30TM6xmve1ef+YTJ 7gvgWQychV/wNiEO3ecI6D5AlrxQYx8= Received: from mail-lj1-f198.google.com (mail-lj1-f198.google.com [209.85.208.198]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-356-zWBiBxNiM-2PJbHI_oYDmg-1; Fri, 20 Dec 2019 07:37:37 -0500 X-MC-Unique: zWBiBxNiM-2PJbHI_oYDmg-1 Received: by mail-lj1-f198.google.com with SMTP id z17so2830074ljz.2 for ; Fri, 20 Dec 2019 04:37:37 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tej/n4A7UHRnvHhgibQAxYCuLBCu3uUQkoxEy/wczjQ=; b=O78RhPKDv8DFs9z/0Xzb5ubzMcJYZMNxT+q3PK1nOrUWmMRyFdto5pccrH8qljJRgl sRXXIqJzsR6/INHR5WMmWNy7apxtT/G7xRSielT5pmTVUH3WO6i1AWGG4+jjYkdyuVz5 FbRWLU+z0QO15w347kYRAtpIeFEF8LDdCAGwYbz9USA3ZLNqCnXl3rO24skgBdZWEkZE lPY0ywLAeixXB5sO5fi9X/daHNG1kokpOz8lE4O2BqonWwSY2WvXzoHmgWb2vs210Oik BZGZY96Ff/ZvmzQ02Lr7wN6ic36BlshbjieF8E0Lc1fPIuDTS+iARCyYDDVrWjMF8Z+M M6Lw== X-Gm-Message-State: APjAAAU17bRVH2CQIPpHrKJTpmcjOcEz0zRDFNlpRSyyi0bhmDhSUxvi O4J4syoZBZk90u65CbjCItHHa3lYsWYUtaJan71mEDGpBJyrmGrFavpgYVJOGcD4D8fAQqClm/T a0MV2CU4KIjU7OO4NSHatiu4GIoIUW6dlQDRjZ0eV X-Received: by 2002:a2e:8651:: with SMTP id i17mr1302211ljj.121.1576845455904; Fri, 20 Dec 2019 04:37:35 -0800 (PST) X-Received: by 2002:a2e:8651:: with SMTP id i17mr1302188ljj.121.1576845455600; Fri, 20 Dec 2019 04:37:35 -0800 (PST) MIME-Version: 1.0 References: <20191217155102.46039-1-mcroce@redhat.com> In-Reply-To: From: Matteo Croce Date: Fri, 20 Dec 2019 13:36:59 +0100 Message-ID: Subject: Re: [PATCH net-next v2] openvswitch: add TTL decrement action To: Nikolay Aleksandrov Cc: netdev , ovs dev , LKML , Pravin B Shelar , "David S. Miller" , Bindiya Kurle , Simon Horman , Ben Pfaff Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 17, 2019 at 5:30 PM Nikolay Aleksandrov wrote: > > On 17/12/2019 17:51, Matteo Croce wrote: > > New action to decrement TTL instead of setting it to a fixed value. > > This action will decrement the TTL and, in case of expired TTL, drop it > > or execute an action passed via a nested attribute. > > The default TTL expired action is to drop the packet. > > > > Supports both IPv4 and IPv6 via the ttl and hop_limit fields, respectively. > > > > Tested with a corresponding change in the userspace: > > > > # ovs-dpctl dump-flows > > in_port(2),eth(),eth_type(0x0800), packets:0, bytes:0, used:never, actions:dec_ttl{ttl<=1 action:(drop)},1,1 > > in_port(1),eth(),eth_type(0x0800), packets:0, bytes:0, used:never, actions:dec_ttl{ttl<=1 action:(drop)},1,2 > > in_port(1),eth(),eth_type(0x0806), packets:0, bytes:0, used:never, actions:2 > > in_port(2),eth(),eth_type(0x0806), packets:0, bytes:0, used:never, actions:1 > > > > # ping -c1 192.168.0.2 -t 42 > > IP (tos 0x0, ttl 41, id 61647, offset 0, flags [DF], proto ICMP (1), length 84) > > 192.168.0.1 > 192.168.0.2: ICMP echo request, id 386, seq 1, length 64 > > # ping -c1 192.168.0.2 -t 120 > > IP (tos 0x0, ttl 119, id 62070, offset 0, flags [DF], proto ICMP (1), length 84) > > 192.168.0.1 > 192.168.0.2: ICMP echo request, id 388, seq 1, length 64 > > # ping -c1 192.168.0.2 -t 1 > > # > > > > Co-authored-by: Bindiya Kurle > > Signed-off-by: Bindiya Kurle > > Signed-off-by: Matteo Croce > > --- > > include/uapi/linux/openvswitch.h | 22 +++++++ > > net/openvswitch/actions.c | 71 +++++++++++++++++++++ > > net/openvswitch/flow_netlink.c | 105 +++++++++++++++++++++++++++++++ > > 3 files changed, 198 insertions(+) > > > > Hi Matteo, > > [snip] > > +} > > + > > /* When 'last' is true, sample() should always consume the 'skb'. > > * Otherwise, sample() should keep 'skb' intact regardless what > > * actions are executed within sample(). > > @@ -1176,6 +1201,44 @@ static int execute_check_pkt_len(struct datapath *dp, struct sk_buff *skb, > > nla_len(actions), last, clone_flow_key); > > } > > > > +static int execute_dec_ttl(struct sk_buff *skb, struct sw_flow_key *key) > > +{ > > + int err; > > + > > + if (skb->protocol == htons(ETH_P_IPV6)) { > > + struct ipv6hdr *nh = ipv6_hdr(skb); > > + > > + err = skb_ensure_writable(skb, skb_network_offset(skb) + > > + sizeof(*nh)); > > skb_ensure_writable() calls pskb_may_pull() which may reallocate so nh might become invalid. > It seems the IPv4 version below is ok as the ptr is reloaded. > Right > One q as I don't know ovs that much - can this action be called only with > skb->protocol == ETH_P_IP/IPV6 ? I.e. Are we sure that if it's not v6, then it must be v4 ? > I'm adding a check in validate_and_copy_dec_ttl() so only ipv4/ipv6 packet will pass. Thanks, -- Matteo Croce per aspera ad upstream