From patchwork Mon May 17 13:20:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eelco Chaudron X-Patchwork-Id: 1479507 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Gzka0u2w; dkim-atps=neutral Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FkKWf24dSz9sSs for ; Mon, 17 May 2021 23:20:45 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id A3AFA83C9C; Mon, 17 May 2021 13:20:43 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pZX5_9GL3SPW; Mon, 17 May 2021 13:20:42 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp1.osuosl.org (Postfix) with ESMTP id 9AB0D83935; Mon, 17 May 2021 13:20:41 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 81B19C000E; Mon, 17 May 2021 13:20:41 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 79E13C0001 for ; Mon, 17 May 2021 13:20:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 5C34683863 for ; Mon, 17 May 2021 13:20:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Da6hh0wOyB-g for ; Mon, 17 May 2021 13:20:34 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp1.osuosl.org (Postfix) with ESMTPS id 9D10083148 for ; Mon, 17 May 2021 13:20:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1621257633; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ReUpXugYSkF8+BAUwvrT4CG303yiO5gImfkUhJ98uAg=; b=Gzka0u2w9sN3MflznXYQGePm3iIYuG3zbalpimtUhKQmUhEsoBo2qx1o13i2fMMjpkoKBp h5eLZPcFklHBXG/yEZqZr2G/qTnlJ5tHgkYhdsAalIxdyDcjVGKqfvBD8xvYWormLJhhg7 4nB+zZE+1dXKYVr6F5LCJ2Eb4naAC4I= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-42-AEhPgUcROxCLoUuvBmb4ig-1; Mon, 17 May 2021 09:20:31 -0400 X-MC-Unique: AEhPgUcROxCLoUuvBmb4ig-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id CA3FE107ACED for ; Mon, 17 May 2021 13:20:30 +0000 (UTC) Received: from wsfd-netdev64.ntdv.lab.eng.bos.redhat.com (wsfd-netdev64.ntdv.lab.eng.bos.redhat.com [10.19.188.127]) by smtp.corp.redhat.com (Postfix) with ESMTP id 881F818965; Mon, 17 May 2021 13:20:30 +0000 (UTC) From: Eelco Chaudron To: dev@openvswitch.org Date: Mon, 17 May 2021 09:20:28 -0400 Message-Id: <162125761321.4661.6113737795293023919.stgit@wsfd-netdev64.ntdv.lab.eng.bos.redhat.com> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=echaudro@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: mleitner@redhat.com Subject: [ovs-dev] [PATCH] netdev-offload-tc: verify the flower rule installed X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" When OVs installs the flower rule, it only checks for the OK from the kernel. It does not check if the rule requested matches the one actually programmed. This change will add this check and warns the user if this is not the case. Signed-off-by: Eelco Chaudron Reviewed-by: Marcelo Ricardo Leitner --- lib/tc.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/lib/tc.c b/lib/tc.c index a27cca2cc..e134f6a06 100644 --- a/lib/tc.c +++ b/lib/tc.c @@ -2979,6 +2979,50 @@ nl_msg_put_flower_options(struct ofpbuf *request, struct tc_flower *flower) return 0; } +static bool +cmp_tc_flower_match_action(const struct tc_flower *a, + const struct tc_flower *b) +{ + if (memcmp(&a->mask, &b->mask, sizeof a->mask)) { + VLOG_DBG_RL(&error_rl, "tc flower compare failed mask compare"); + return false; + } + + /* We can not memcmp() the key as some keys might be set while the mask + * is not.*/ + + for (int i = 0; i < sizeof a->key; i++) { + uint8_t mask = ((uint8_t *)&a->mask)[i]; + uint8_t key_a = ((uint8_t *)&a->key)[i] & mask; + uint8_t key_b = ((uint8_t *)&b->key)[i] & mask; + + if (key_a != key_b) { + VLOG_DBG_RL(&error_rl, "tc flower compare failed key compare at " + "%d", i); + return false; + } + } + + /* Compare the actions. */ + const struct tc_action *action_a = a->actions; + const struct tc_action *action_b = b->actions; + + if (a->action_count != b->action_count) { + VLOG_DBG_RL(&error_rl, "tc flower compare failed action length check"); + return false; + } + + for (int i = 0; i < a->action_count; i++, action_a++, action_b++) { + if (memcmp(action_a, action_b, sizeof *action_a)) { + VLOG_DBG_RL(&error_rl, "tc flower compare failed action compare " + "for %d", i); + return false; + } + } + + return true; +} + int tc_replace_flower(struct tcf_id *id, struct tc_flower *flower) { @@ -3010,6 +3054,21 @@ tc_replace_flower(struct tcf_id *id, struct tc_flower *flower) id->prio = tc_get_major(tc->tcm_info); id->handle = tc->tcm_handle; + + if (id->prio != TC_RESERVED_PRIORITY_POLICE) { + struct tc_flower flower_out; + struct tcf_id id_out; + int ret; + + ret = parse_netlink_to_tc_flower(reply, &id_out, &flower_out, + false); + + if (ret || !cmp_tc_flower_match_action(flower, &flower_out)) { + VLOG_WARN_RL(&error_rl, "Kernel flower acknowledgment does " + "not match request!\n Set dpif_netlink to dbg to " + "see which rule caused this error."); + } + } ofpbuf_delete(reply); }