From patchwork Sun Jul 8 20:04:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Machata X-Patchwork-Id: 10513281 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E63776032C for ; Sun, 8 Jul 2018 20:05:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BB586289C0 for ; Sun, 8 Jul 2018 20:05:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 97A71289D4; Sun, 8 Jul 2018 20:05:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.8 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED, MAILING_LIST_MULTI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 8ECE1289C0 for ; Sun, 8 Jul 2018 20:05:16 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 41Nzw95PsyzDqyp for ; Mon, 9 Jul 2018 06:05:13 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=mellanox.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=Mellanox.com header.i=@Mellanox.com header.b="RnDyXMWz"; dkim-atps=neutral X-Original-To: linux-mlxsw@lists.ozlabs.org Delivered-To: linux-mlxsw@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mellanox.com (client-ip=40.107.2.81; helo=eur02-ve1-obe.outbound.protection.outlook.com; envelope-from=petrm@mellanox.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=mellanox.com Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=Mellanox.com header.i=@Mellanox.com header.b="RnDyXMWz"; dkim-atps=neutral Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20081.outbound.protection.outlook.com [40.107.2.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 41Nzw4724HzDqyp for ; Mon, 9 Jul 2018 06:05:08 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Mellanox.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fEc8rQUFS2BE3ZwxD4MWtX4v2Qfxbh1fJt2Fx525WdY=; b=RnDyXMWztphF5Vc7LexZGpLQR8C73o0X7CSzVQ7odvPsV6wrCA82AFtgD+SI6Zz5DFLBNxSGqUp/DVvZMpsdkOWGG+HQOIO5Fs8g4rK9gDwuotXhRQLps+9iuV8/s2k3izQNzn7zm0yLpTfRBBw+eSIrsR+T7OBaaPRnQ1fd5rU= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=petrm@mellanox.com; Received: from t540p (78.45.160.211) by AM0PR05MB4178.eurprd05.prod.outlook.com (2603:10a6:208:57::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.930.18; Sun, 8 Jul 2018 20:05:00 +0000 From: Petr Machata To: Subject: [PATCH RFC net-next] net: ipv4: Control SKB reprioritization after forwarding Message-Id: <7f3e78990fbbae15da1b1269eeb8ca081ee72b4b.1531080102.git.petrm@mellanox.com> Date: Sun, 08 Jul 2018 22:04:55 +0200 User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 X-Originating-IP: [78.45.160.211] X-ClientProxiedBy: AM5PR0602CA0003.eurprd06.prod.outlook.com (2603:10a6:203:a3::13) To AM0PR05MB4178.eurprd05.prod.outlook.com (2603:10a6:208:57::27) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 744a3126-f4a4-420a-f589-08d5e50e1680 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:AM0PR05MB4178; X-Microsoft-Exchange-Diagnostics: 1; AM0PR05MB4178; 3:iwZpHiorJIhMc5izlu1cKOoQWfGPiVSeJ2s8BlFNX9D4zmcyBSoiGS/taVIq+DrccwmgGWGx+ZCRPjUxjRIGnnNXDERwmw81HE3ysteQIMwNYWWtZeaOwUqWxuHuzjm+7Quhwf4myJa/tn1GWTOTN4bT4GNeUCJIQpbXVSvb6E1tMpLIT0FWq+BpDjqP5co/fOzaHnOZbCAWM3YGDBs4UzSjWp6C5wmoZrkL5qXI6/pzNNZOlmVBy4LT6YDvr4zq; 25:aCR63f4ND+z3Aahj+TKa1iPYCM/Xvt11D8IwvmC9aoZRd3yBqbF4OlisAvYNDdotCL+tuR0I8d0XUigr8n3AExOA8fLu1YnJ+ujkPJAH4WtYADsBBVMKsOXl5SKE6P4fpqeZgOXLQohT2nuLH4naMUjbno81p3necCauNUxnC/3LPJeXg9GUKtLtdcoQX5yOiLLEjObFpAKOc++8Zi617JK/6nlZUfuQoAcOzxykaxbi5iihZ3X5TxayQf/vltyJ+FTYNsmHZiSfaDzau9a8L4ZIFF7jIqeLi3Wuftr20kx+yF/kaxmpzyIqfc3xCDsi/gIDc8aZa8I5hBbO/8q4kw==; 31:PEE9efONE3ioMbpL1XexlyA/EpjPB3buTENp9Ht6QAx/5azzf3KMeSRGlTBUqLQEbZ+br8KbVdlNlYTy9+S41+KrXD3+yZHSrEqC16h/hLa7BvrjHP9p6Wxvn0yraYSsOPnsvubsrMLtK2YMlQw++2KG9Ady9PesoYHhhDCkzbXbGwsiF1JbnleQVUDcqB11+lgT5r7uQWOkFyh7Bx1clxhbZSuGVESgXAbNzfHqxCs= X-MS-TrafficTypeDiagnostic: AM0PR05MB4178: X-Microsoft-Exchange-Diagnostics: 1; AM0PR05MB4178; 20:okoFPIH9rSSeMvA3o2WEA5AEdZiP6aDnxs4gIA9R7vGjMUNjsBjHrvO+vgJfDB+NRHNZ7jlVjzFqamPlfSuZjSippiQSsFn5N5HxOXc+HSRkqDXCYttmWBpkUmKtdT2pOurKGK1xtjEXBK0SMCfKujAU28krqmeBYZxacTbbdTaVMcFkcK78OSlCCX/sJycL5SmJAXjAXN1SR0xyJgksFtCf0Cae1qbpGpkI1X9owIKOmkn63ipKakWW6yPrB2FSACe+hzbyC7wiPMncBC4J9tXYElVrSeo1rl0bnPBxLuUAwuxkQfgkoJ3tnAGv/tGOZkKpTU0b5KPmgBVtwPGBVJRcCruhvSv1yhPjulEW5cfOdkVI7WYSlNgWRiuP9Zbp+zKCWit4skReCWT9syBGpB1f0iWo/Cp/AxUdExhDBXXZyFfd8axe3iL0lkR6Vbu1Dm4LlL2OWqhvkB65nEe5aLy/hax8K5glLMc98W7iHyXjM2KDhyjP0BdmbxuO2Xaa; 4:ypuHiXRi8zwQ3zr6rSqDzXJS4KgZ0KhS1pck3lFv0F3HixeMjvyzH6OtFs7Bd/Lxbk3RiTuYAwhp0N3wVIX0Y5uynKt425MoK4G3gl0WL8mM9uR5P8laawnRpl2r/bnRnZoTpCPBvuHJB39r/kMnPpbWmzdjNvV07Ev0xzfrM4Kyl0m0Dq+P+AhMW+L6mEDn/2H5KbuHkWuSFFDZVz+yOyXV2DjvLQo9H5gbCmdCY4Bss7M9sx4T7o6s1gX46KJrnj2VPMgvlL52F0VCQWbf2A== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3002001)(3231311)(944501410)(52105095)(10201501046)(93006095)(93001095)(6055026)(149027)(150027)(6041310)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:AM0PR05MB4178; BCL:0; PCL:0; RULEID:; SRVR:AM0PR05MB4178; X-Forefront-PRVS: 0727122FC6 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(136003)(346002)(39860400002)(366004)(396003)(376002)(199004)(189003)(956004)(48376002)(53936002)(97736004)(36756003)(3846002)(25786009)(66066001)(486006)(2906002)(47776003)(476003)(50466002)(81156014)(68736007)(81166006)(6116002)(478600001)(8676002)(316002)(58126008)(2616005)(37006003)(8936002)(51416003)(6666003)(305945005)(6636002)(105586002)(52116002)(16586007)(2351001)(26005)(5660300001)(118296001)(6486002)(6862004)(186003)(6496006)(86362001)(386003)(14444005)(7736002)(16526019)(106356001)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR05MB4178; H:t540p; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: None (protection.outlook.com: mellanox.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; AM0PR05MB4178; 23:3SnHB1NEVoVCuwLnilMEjzno2UrN3ILKXT1ZVlCD4?= =?us-ascii?Q?q/yXZkNlSleGEPAh6+420uPjac6LbicFMq38P+qocF1KqmE6H5xQu/HwarOC?= =?us-ascii?Q?JnxH7BjA18lGfMoSdxlTY8oJ4feq1XcNtQAGBj6JsUOjrv1s+EXE0/OkjW3D?= =?us-ascii?Q?Ge0yyLsQUCIDbrfN3/Snyd1T6eq/cDTEjJDDHVnb8eJXR/jfwczSCdgsKmFz?= =?us-ascii?Q?p1oMg4iyBYxzaw9zEgDjpTgIspJSlulY3uf0FIsvrXWlmixT8/QN2grjs5Cq?= =?us-ascii?Q?mYmOLBviMqb/q+8iH2CNg2WmWlJOe6+PVvgEfXLx1vdzj1SbDsrgl6F3Dbb1?= =?us-ascii?Q?BDKGBY5xt/lT/jjB5iwKpt2RK6piPvrdLi+ibFKJE9x7rIDqJCrqxeLCh0Ax?= =?us-ascii?Q?bmBNlMbupwgddLBCaeLRN9Hm0CLKWF04nS/nQz7MX7cKjCp8kx1IVq8nnl42?= =?us-ascii?Q?0v5zrdFseZPvoI79wjzTXuCb7zPRBGY+e5SAwxUBgWu69om4hWp4p0kzRSdN?= =?us-ascii?Q?vLIX3nDQlHFGGCUx6PSmc40evMicR2SK1i4xnAAVaiPfSFPB6Se8mqMjkt98?= =?us-ascii?Q?LLOLM6VQAgXqBOS/A2qM7yaJHoLA35rmnLD7TTWJ1EUPQY14Vqbb7Y60tWNz?= =?us-ascii?Q?McqZ4klxVzGAY0Q7RuRRAYR6RW4e8LMm0TqBgwKU+RZiwJXni7SrhmF9Xhl6?= =?us-ascii?Q?HRMrZaLfeFxCJQDG71zdqNdT9yFpxgGjCcwZrmc3XsPnm4Yav3f3UPzc2sOG?= =?us-ascii?Q?pCEenTBVnPn+CHJJSO4amSBFEZ1F86cLfDsGLewNqYsuQBIIOv2T83Vy/pzo?= =?us-ascii?Q?h5XoCk28+rwh7BZAay22KgWkkFOpFaYEYm9AzLRK6aPhWbU6djEtxhrpxMej?= =?us-ascii?Q?IUClVrMEHzZZoTW7D3Gh5ZrqQVym4LwaMJW6ELqeBMYk9A3nPOaJgrgdwu7J?= =?us-ascii?Q?Q18kIf+9vCIeTJXH4wkq0chTu8JJfNIetegSwf/lbSj2qZXhnsOYnJ4a2y/J?= =?us-ascii?Q?FBh/0FBoIN/ku0AcObIid12RTIoQdbSucXX7dR+YPlzCFlAEYvnDCa6WCSLU?= =?us-ascii?Q?qdaGJnX0AlRLre7zbmWFMVtc1vnhyt6ZPrKJFIRv6G9UpXt+hC452WKF0ZBi?= =?us-ascii?Q?epbxjNjGvaB8PxdCeGW+uI6CxbFZN/YkPm6D1WOKcK7Q1W63ExRikn3hXlFS?= =?us-ascii?Q?qt1vjfsg4PWBZg=3D?= X-Microsoft-Antispam-Message-Info: qD+OapbHpo5xNDtH/FP2q7kCrDntAs7YOP4l7fiFBqXLh/olCcZWHXXDIdIybIJF49ZRQx2akS9kmRnqVSElT7WmC+cZGBx/F1MWxnTv4Hiq+mlXRE4vucxtvwMmKrYRdQpqftQdVun/lp1LezyC35PpDYldEOdiykTKQmUrlzmzdLKcjXN9cAXDrMR/+B+QCDFGuc2pBUSMkTOTruBBDgxKHYpl4iQWqDj+Nie+BNayXvoDxaegSL9/09nXWan+M7nKXW4acz0qa29fqG0y3QRAjKi9dFsiuTE1p3xBC+XF08fTzNgD3g+yw2powMYroOSIq9BTfsAPDgGN7fUg7FQglFn9cYhXVEbo7dYWrRc= X-Microsoft-Exchange-Diagnostics: 1; AM0PR05MB4178; 6:/q5/x4aCeZ01Ccsiy7z8pjK+B0hcrGYxtpyKO+f0D/MpmaBp9MInDHT9B+BDrBe04Wb6xkzWtDQPeT8HlutIC+vGNIuD1hEKqT7ac4Gbofl5mo5TLDTrCBOS00ZELez2yFpEy+eqhx3hHCLnyoSZP6+hONLVYQM7/r+XYVlkcsypUl54SbpDjqvegKuNyKisiTXdJ6M55iYE2lRNhFvOsdlSADibst4um4GZVWT5kbxSBP/+ews2+oo9/KJGeesOr5/ClZLeHGE1195YIqfwXUlWk/fS5DCf/mLl/903Je7gR1rwgat74NKHUZAWjsQCnylZ0uj9YjDAHd28c6mAFh8caLqnJ7+9zoOdp8Dd7qGW5Fre5AVAKJq/LaTazMsL7sc47Ni+Cxv7NSKaOEgZw6TlWdB8vlfyBQ187o9oZOyFTprVh97Iv84MdsuzuEudQp2LL0UOfwJg+pudP2lcZg==; 5:wlcBaoKbHGKel1gVzA3TlbKLMYIRABw6/DkVetVk0j/tuNn5uGOco95wt9ESIvgp+GISTPpHldqfJs2LHGf0K5IOjfrrKTjI507IZpO0Iq+l9Ii0C+A0GHHtxCtZ/kF3kdyoS3Zu92btPRx1I3x7SfzacFClxULg3Wr+03dGSq4=; 24:lOwluQ3XG2Wf6sYxlkddbnfO+4PXR4bH29sohbqxh/kIwweI6Lg+Y9ZS4IA1wqQVlGsnQ7C5eq86DONB10wAi9oxaodAJ4CCR0kO1/Ua0YY= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; AM0PR05MB4178; 7:08cuOpMgkBPfFLf9Uw83xmPbcqZPUx21NZQy87aVa1dyreQaQN/Ui0JaYs5RUc0i3jXgvgbNmoC4pF1Nt0S2lWHAVP/w2PR3Si+RDH9aNp2doCJkQy5iQwSkwXLr/RRBPATa6EQYJVdm2PD6yNh1JfYE3a1VYYfGT3jBR5fJoXUTGdcHJWm6T8FwYGOggYU8Yv28/VmDoys/9fWUHBmwiDAngn6/SvXUA44CIB26fAOmSqozkTcuDsPmcg35Uzle X-OriginatorOrg: Mellanox.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jul 2018 20:05:00.9674 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 744a3126-f4a4-420a-f589-08d5e50e1680 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: a652971c-7d2e-4d9b-a6a4-d149256f461b X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR05MB4178 X-BeenThere: linux-mlxsw@lists.ozlabs.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: mlxsw driver development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: linux-mlxsw-bounces+patchwork-linux-mlxsw=patchwork.kernel.org@lists.ozlabs.org X-Virus-Scanned: ClamAV using ClamSMTP After IPv4 packets are forwarded, the priority of the corresponding SKB is updated according to the TOS field of IPv4 header. This overrides any prioritization done earlier by e.g. an skbedit action or ingress-qos-map defined at a vlan device. Such overriding may not always be desirable. Even if the packet ends up being routed, which implies this is an L3 network node, an administrator may wish to preserve whatever prioritization was done earlier on in the pipeline. Therefore introduce a sysctl that controls this behavior. Keep the default value at 1 to maintain backward-compatible behavior. Signed-off-by: Petr Machata --- Notes: I want to get upstream feedback on this, so I'll send it upstream as an RFC, before adding events and mlxsw handling etc. Any comments here, before I send it? Documentation/networking/ip-sysctl.txt | 9 +++++++++ include/net/netns/ipv4.h | 1 + net/ipv4/af_inet.c | 1 + net/ipv4/ip_forward.c | 3 ++- net/ipv4/sysctl_net_ipv4.c | 9 +++++++++ 5 files changed, 22 insertions(+), 1 deletion(-) diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt index f4c042be0216..d1fdd2c3e060 100644 --- a/Documentation/networking/ip-sysctl.txt +++ b/Documentation/networking/ip-sysctl.txt @@ -81,6 +81,15 @@ fib_multipath_hash_policy - INTEGER 0 - Layer 3 1 - Layer 4 +fib_update_priority - INTEGER + Whether to update SKB priority from "TOS" field in IPv4 header after it + is forwarded. The new SKB priority is mapped from TOS field value + according to an rt_tos2priority table (see e.g. man tc-prio). + Default: 1 (Update priority.) + Possible values: + 0 - Do not update priority. + 1 - Update priority. + route/max_size - INTEGER Maximum number of routes allowed in the kernel. Increase this when using large numbers of interfaces and/or routes. diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h index 661348f23ea5..e47503b4e4d1 100644 --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h @@ -98,6 +98,7 @@ struct netns_ipv4 { int sysctl_ip_default_ttl; int sysctl_ip_no_pmtu_disc; int sysctl_ip_fwd_use_pmtu; + int sysctl_ip_fwd_update_priority; int sysctl_ip_nonlocal_bind; /* Shall we try to damage output packets if routing dev changes? */ int sysctl_ip_dynaddr; diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 06b218a2870f..6de1da68ae02 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -1801,6 +1801,7 @@ static __net_init int inet_init_net(struct net *net) * We set them here, in case sysctl is not compiled. */ net->ipv4.sysctl_ip_default_ttl = IPDEFTTL; + net->ipv4.sysctl_ip_fwd_update_priority = true; net->ipv4.sysctl_ip_dynaddr = 0; net->ipv4.sysctl_ip_early_demux = 1; net->ipv4.sysctl_udp_early_demux = 1; diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c index b54b948b0596..32662e9e5d21 100644 --- a/net/ipv4/ip_forward.c +++ b/net/ipv4/ip_forward.c @@ -143,7 +143,8 @@ int ip_forward(struct sk_buff *skb) !skb_sec_path(skb)) ip_rt_send_redirect(skb); - skb->priority = rt_tos2priority(iph->tos); + if (net->ipv4.sysctl_ip_fwd_update_priority) + skb->priority = rt_tos2priority(iph->tos); return NF_HOOK(NFPROTO_IPV4, NF_INET_FORWARD, net, NULL, skb, skb->dev, rt->dst.dev, diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index d06247ba08b2..56277539b919 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c @@ -655,6 +655,15 @@ static struct ctl_table ipv4_net_table[] = { .proc_handler = proc_dointvec, }, { + .procname = "ip_forward_update_priority", + .data = &init_net.ipv4.sysctl_ip_fwd_update_priority, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec_minmax, + .extra1 = &zero, + .extra2 = &one, + }, + { .procname = "ip_nonlocal_bind", .data = &init_net.ipv4.sysctl_ip_nonlocal_bind, .maxlen = sizeof(int),