mbox series

[net-next,v8,0/5] net/sched: Introduce tc block ports tracking and use

Message ID 20231219181623.3845083-1-victor@mojatatu.com (mailing list archive)
Headers show
Series net/sched: Introduce tc block ports tracking and use | expand

Message

Victor Nogueira Dec. 19, 2023, 6:16 p.m. UTC
__context__
The "tc block" is a collection of netdevs/ports which allow qdiscs to share
match-action block instances (as opposed to the traditional tc filter per
netdev/port)[1].

Up to this point in the implementation, the block is unaware of its ports.
This patch makes the tc block ports available to the datapath.

For the datapath we provide a use case of the tc block in a mirred
action in patch 3. For users can levarage mirred to do something like
the following:

$ tc qdisc add dev ens7 ingress_block 22 clsact
$ tc qdisc add dev ens8 ingress_block 22 clsact
$ tc qdisc add dev ens9 ingress_block 22 clsact
$ tc filter add block 22 protocol ip pref 25 \
  flower dst_ip 192.168.0.0/16 action mirred egress mirror blockid 22

In this case, if the packet arrives on ens8, it will be copied and sent to
all ports in the block excluding ens8. Note that the packet is still in
the pipeline at this point - meaning other actions could be added after the
mirror because mirred copies/clones the skb. Example the following is
valid:

$ tc filter add block 22 protocol ip pref 25 flower dst_ip 192.168.0.0/16 \
action mirred egress mirror blockid 22 \
action vlan push id 123 \
action mirred egress redirect dev dummy0

redirect behavior always steals the packet from the pipeline and therefore
the skb is no longer available for a subsequent action as illustrated above
(in redirecting to dummy0).

The behavior of redirecting to a tc block is therefore adapted to work in
the same manner. So a setup as such:
$ tc qdisc add dev ens7 ingress_block 22
$ tc qdisc add dev ens8 ingress_block 22
$ tc qdisc add dev ens9 ingress_block 22
$ tc filter add block 22 protocol ip pref 25 \
  flower dst_ip 192.168.0.0/16 action mirred egress redirect blockid 22

for a matching packet arriving on ens7 will first send a copy/clone to ens8
(as in the "mirror" behavior) then to ens9 as in the redirect behavior
above. Once this processing is done - no other actions are able to process
this skb. i.e it is removed from the "pipeline".

In this case, if the packet arrives on ens8, it will be copied and sent to
all ports in the block excluding ens8.

Patch 1 separates/exports mirror and redirect functions from act_mirred
Patch 2 introduces the required infra.
Patch 3 Allows mirred to blocks

Subsequent patches will come with tdc test cases.

__Acknowledgements__
Suggestions from Vlad Buslov and Marcelo Ricardo Leitner made this patchset
better. The idea of integrating the ports into the tc block was suggested
by Jiri Pirko.

[1] See commit ca46abd6f89f ("Merge branch'net-sched-allow-qdiscs-to-share-filter-block-instances'")

Changes in v2:
  - Remove RFC tag
  - Add more details in patch 0(Jiri)
  - When CONFIG_NET_TC_SKB_EXT is selected we have unused qdisc_cb
    Reported-by: kernel test robot <lkp@intel.com> (and
horms@kernel.org)
  - Fix bad dev dereference in printk of blockcast action (Simon)

Changes in v3:
  - Add missing xa_destroy (pointed out by Vlad)
  - Remove bugfix pointed by Vlad (will send in separate patch)
  - Removed ports from subject in patch #2 and typos (suggested by
    Marcelo)
  - Remove net_notice_ratelimited debug messages in error
    cases (suggested by Marcelo)
  - Minor changes to appease sparse's lock context warning

Changes in v4:
  - Avoid code repetition using gotos in cast_one (suggested by Paolo)
  - Fix typo in cover letter (pointed out by Paolo)
  - Create a module description for act_blockcast
    (reported by Paolo and CI)

Changes in v5:
  - Add new patch which separated mirred into mirror and redirect
    functions (suggested by Jiri)
  - Instead of repeating the code to mirror in blockcast use mirror
    exported function by patch1 (tcf_mirror_act)
  - Make Block ID into act_blockcast's parameter passed by user space
    instead of always getting it from SKB (suggested by Jiri)
  - Add tx_type parameter which will specify what transmission behaviour
    we want (as described earlier)

Changes in v6:
  - Remove blockcast and make it a part of mirred (suggestd by Jiri)
  - Block ID is now a mirred parameter
  - We now allow redirecting and mirroring to either ingress or egress

Changes in v7:
  - Remove set but not used variable in tcf_mirred_act (pointed out by
    Jakub)

Changes in v8:
  - Fix uapi issues (pointed out by Jiri)
  - Separate last patch into 3 - two as preparations for adding
    block ID to mirred and one allowing mirred to block (suggested by Jiri)
  - Remove declaration initialisation of eg_block and in_block in
    qdisc_block_add_dev (suggested by Jiri)
  - Avoid unnecessary if guards in qdisc_block_add_dev (suggested by Jiri)
  - Remove unncessary block_index retrieval in __qdisc_destroy
    (suggested by Jiri)

Victor Nogueira (5):
  net/sched: Introduce tc block netdev tracking infra
  net/sched: cls_api: Expose tc block to the datapath
  net/sched: act_mirred: Create function tcf_mirred_to_dev and improve
    readability
  net/sched: act_mirred: Add helper function tcf_mirred_replace_dev
  net/sched: act_mirred: Allow mirred to block

 include/net/sch_generic.h             |   4 +
 include/net/tc_act/tc_mirred.h        |   1 +
 include/uapi/linux/tc_act/tc_mirred.h |   1 +
 net/sched/act_mirred.c                | 263 ++++++++++++++++++++------
 net/sched/cls_api.c                   |   5 +-
 net/sched/sch_api.c                   |  41 ++++
 net/sched/sch_generic.c               |  18 +-
 7 files changed, 268 insertions(+), 65 deletions(-)

Comments

patchwork-bot+netdevbpf@kernel.org Dec. 26, 2023, 9:30 p.m. UTC | #1
Hello:

This series was applied to netdev/net-next.git (main)
by David S. Miller <davem@davemloft.net>:

On Tue, 19 Dec 2023 15:16:18 -0300 you wrote:
> __context__
> The "tc block" is a collection of netdevs/ports which allow qdiscs to share
> match-action block instances (as opposed to the traditional tc filter per
> netdev/port)[1].
> 
> Up to this point in the implementation, the block is unaware of its ports.
> This patch makes the tc block ports available to the datapath.
> 
> [...]

Here is the summary with links:
  - [net-next,v8,1/5] net/sched: Introduce tc block netdev tracking infra
    https://git.kernel.org/netdev/net-next/c/913b47d3424e
  - [net-next,v8,2/5] net/sched: cls_api: Expose tc block to the datapath
    https://git.kernel.org/netdev/net-next/c/a7042cf8f231
  - [net-next,v8,3/5] net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability
    https://git.kernel.org/netdev/net-next/c/16085e48cb48
  - [net-next,v8,4/5] net/sched: act_mirred: Add helper function tcf_mirred_replace_dev
    https://git.kernel.org/netdev/net-next/c/415e38bf1d8d
  - [net-next,v8,5/5] net/sched: act_mirred: Allow mirred to block
    https://git.kernel.org/netdev/net-next/c/42f39036cda8

You are awesome, thank you!