net/sched: act_mirred: Implement ingress actions
authorShmulik Ladkani <shmulik.ladkani@gmail.com>
Thu, 13 Oct 2016 06:06:44 +0000 (09:06 +0300)
committerDavid S. Miller <davem@davemloft.net>
Fri, 14 Oct 2016 14:23:07 +0000 (10:23 -0400)
Up until now, 'action mirred' supported only egress actions (either
TCA_EGRESS_REDIR or TCA_EGRESS_MIRROR).

This patch implements the corresponding ingress actions
TCA_INGRESS_REDIR and TCA_INGRESS_MIRROR.

This allows attaching filters whose target is to hand matching skbs into
the rx processing of a specified device.

Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Tested-by: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/sched/act_mirred.c

index 69dcce8c7532e0a7b48b836991aa0417e5d9ff3a..2d93be6717e583042e9b0de50d82ea83568b81f3 100644 (file)
 static LIST_HEAD(mirred_list);
 static DEFINE_SPINLOCK(mirred_list_lock);
 
+static bool tcf_mirred_is_act_redirect(int action)
+{
+       return action == TCA_EGRESS_REDIR || action == TCA_INGRESS_REDIR;
+}
+
+static u32 tcf_mirred_act_direction(int action)
+{
+       switch (action) {
+       case TCA_EGRESS_REDIR:
+       case TCA_EGRESS_MIRROR:
+               return AT_EGRESS;
+       case TCA_INGRESS_REDIR:
+       case TCA_INGRESS_MIRROR:
+               return AT_INGRESS;
+       default:
+               BUG();
+       }
+}
+
 static void tcf_mirred_release(struct tc_action *a, int bind)
 {
        struct tcf_mirred *m = to_mirred(a);
@@ -97,6 +116,8 @@ static int tcf_mirred_init(struct net *net, struct nlattr *nla,
        switch (parm->eaction) {
        case TCA_EGRESS_MIRROR:
        case TCA_EGRESS_REDIR:
+       case TCA_INGRESS_REDIR:
+       case TCA_INGRESS_MIRROR:
                break;
        default:
                if (exists)
@@ -156,15 +177,20 @@ static int tcf_mirred(struct sk_buff *skb, const struct tc_action *a,
                      struct tcf_result *res)
 {
        struct tcf_mirred *m = to_mirred(a);
+       bool m_mac_header_xmit;
        struct net_device *dev;
        struct sk_buff *skb2;
-       int retval, err;
+       int retval, err = 0;
+       int m_eaction;
+       int mac_len;
        u32 at;
 
        tcf_lastuse_update(&m->tcf_tm);
        bstats_cpu_update(this_cpu_ptr(m->common.cpu_bstats), skb);
 
        rcu_read_lock();
+       m_mac_header_xmit = READ_ONCE(m->tcfm_mac_header_xmit);
+       m_eaction = READ_ONCE(m->tcfm_eaction);
        retval = READ_ONCE(m->tcf_action);
        dev = rcu_dereference(m->tcfm_dev);
        if (unlikely(!dev)) {
@@ -183,23 +209,36 @@ static int tcf_mirred(struct sk_buff *skb, const struct tc_action *a,
        if (!skb2)
                goto out;
 
-       if (!(at & AT_EGRESS)) {
-               if (m->tcfm_mac_header_xmit)
+       /* If action's target direction differs than filter's direction,
+        * and devices expect a mac header on xmit, then mac push/pull is
+        * needed.
+        */
+       if (at != tcf_mirred_act_direction(m_eaction) && m_mac_header_xmit) {
+               if (at & AT_EGRESS) {
+                       /* caught at egress, act ingress: pull mac */
+                       mac_len = skb_network_header(skb) - skb_mac_header(skb);
+                       skb_pull_rcsum(skb2, mac_len);
+               } else {
+                       /* caught at ingress, act egress: push mac */
                        skb_push_rcsum(skb2, skb->mac_len);
+               }
        }
 
        /* mirror is always swallowed */
-       if (m->tcfm_eaction != TCA_EGRESS_MIRROR)
+       if (tcf_mirred_is_act_redirect(m_eaction))
                skb2->tc_verd = SET_TC_FROM(skb2->tc_verd, at);
 
        skb2->skb_iif = skb->dev->ifindex;
        skb2->dev = dev;
-       err = dev_queue_xmit(skb2);
+       if (tcf_mirred_act_direction(m_eaction) & AT_EGRESS)
+               err = dev_queue_xmit(skb2);
+       else
+               err = netif_receive_skb(skb2);
 
        if (err) {
 out:
                qstats_overlimit_inc(this_cpu_ptr(m->common.cpu_qstats));
-               if (m->tcfm_eaction != TCA_EGRESS_MIRROR)
+               if (tcf_mirred_is_act_redirect(m_eaction))
                        retval = TC_ACT_SHOT;
        }
        rcu_read_unlock();