lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 31 Mar 2020 11:42:51 +0300 From: Ido Schimmel <idosch@...sch.org> To: netdev@...r.kernel.org Cc: dsahern@...il.com, stephen@...workplumber.org, jiri@...lanox.com, mlxsw@...lanox.com, Ido Schimmel <idosch@...lanox.com> Subject: [PATCH iproute2-next v2 1/3] devlink: Add devlink trap policer set and show commands From: Ido Schimmel <idosch@...lanox.com> The trap policer set command allows the user to set the parameters of the packet trap policer, such as rate and burst size. Example: # devlink trap policer set netdevsim/netdevsim10 policer 1 rate 1000 burst 32 The trap policer show command allows the user to get the current parameters of an individual policer or a dump of all policers in case one is not specified. When '-s' is specified the policer's statistics are shown. Example: # devlink -jps trap policer show netdevsim/netdevsim10 policer 1 { "trap_policer": { "netdevsim/netdevsim10": [ { "policer": 1, "rate": 1000, "burst": 32, "stats": { "rx": { "dropped": 53 } } } ] } } Signed-off-by: Ido Schimmel <idosch@...lanox.com> Reviewed-by: Jiri Pirko <jiri@...lanox.com> --- devlink/devlink.c | 174 ++++++++++++++++++++++++++++++++++++- man/man8/devlink-monitor.8 | 2 +- man/man8/devlink-trap.8 | 40 +++++++++ 3 files changed, 213 insertions(+), 3 deletions(-) diff --git a/devlink/devlink.c b/devlink/devlink.c index 67e6e64181f9..9380792ad423 100644 --- a/devlink/devlink.c +++ b/devlink/devlink.c @@ -262,6 +262,9 @@ static void ifname_map_free(struct ifname_map *ifname_map) #define DL_OPT_TRAP_ACTION BIT(31) #define DL_OPT_TRAP_GROUP_NAME BIT(32) #define DL_OPT_NETNS BIT(33) +#define DL_OPT_TRAP_POLICER_ID BIT(34) +#define DL_OPT_TRAP_POLICER_RATE BIT(35) +#define DL_OPT_TRAP_POLICER_BURST BIT(36) struct dl_opts { uint64_t present; /* flags of present items */ @@ -303,6 +306,9 @@ struct dl_opts { enum devlink_trap_action trap_action; bool netns_is_pid; uint32_t netns; + uint32_t trap_policer_id; + uint64_t trap_policer_rate; + uint64_t trap_policer_burst; }; struct dl { @@ -506,12 +512,16 @@ static const enum mnl_attr_data_type devlink_policy[DEVLINK_ATTR_MAX + 1] = { [DEVLINK_ATTR_TRAP_METADATA] = MNL_TYPE_NESTED, [DEVLINK_ATTR_TRAP_GROUP_NAME] = MNL_TYPE_STRING, [DEVLINK_ATTR_RELOAD_FAILED] = MNL_TYPE_U8, + [DEVLINK_ATTR_TRAP_POLICER_ID] = MNL_TYPE_U32, + [DEVLINK_ATTR_TRAP_POLICER_RATE] = MNL_TYPE_U64, + [DEVLINK_ATTR_TRAP_POLICER_BURST] = MNL_TYPE_U64, }; static const enum mnl_attr_data_type devlink_stats_policy[DEVLINK_ATTR_STATS_MAX + 1] = { [DEVLINK_ATTR_STATS_RX_PACKETS] = MNL_TYPE_U64, [DEVLINK_ATTR_STATS_RX_BYTES] = MNL_TYPE_U64, + [DEVLINK_ATTR_STATS_RX_DROPPED] = MNL_TYPE_U64, }; static int attr_cb(const struct nlattr *attr, void *data) @@ -1490,6 +1500,27 @@ static int dl_argv_parse(struct dl *dl, uint64_t o_required, opts->netns_is_pid = true; } o_found |= DL_OPT_NETNS; + } else if (dl_argv_match(dl, "policer") && + (o_all & DL_OPT_TRAP_POLICER_ID)) { + dl_arg_inc(dl); + err = dl_argv_uint32_t(dl, &opts->trap_policer_id); + if (err) + return err; + o_found |= DL_OPT_TRAP_POLICER_ID; + } else if (dl_argv_match(dl, "rate") && + (o_all & DL_OPT_TRAP_POLICER_RATE)) { + dl_arg_inc(dl); + err = dl_argv_uint64_t(dl, &opts->trap_policer_rate); + if (err) + return err; + o_found |= DL_OPT_TRAP_POLICER_RATE; + } else if (dl_argv_match(dl, "burst") && + (o_all & DL_OPT_TRAP_POLICER_BURST)) { + dl_arg_inc(dl); + err = dl_argv_uint64_t(dl, &opts->trap_policer_burst); + if (err) + return err; + o_found |= DL_OPT_TRAP_POLICER_BURST; } else { pr_err("Unknown option \"%s\"\n", dl_argv(dl)); return -EINVAL; @@ -1617,6 +1648,15 @@ static void dl_opts_put(struct nlmsghdr *nlh, struct dl *dl) opts->netns_is_pid ? DEVLINK_ATTR_NETNS_PID : DEVLINK_ATTR_NETNS_FD, opts->netns); + if (opts->present & DL_OPT_TRAP_POLICER_ID) + mnl_attr_put_u32(nlh, DEVLINK_ATTR_TRAP_POLICER_ID, + opts->trap_policer_id); + if (opts->present & DL_OPT_TRAP_POLICER_RATE) + mnl_attr_put_u64(nlh, DEVLINK_ATTR_TRAP_POLICER_RATE, + opts->trap_policer_rate); + if (opts->present & DL_OPT_TRAP_POLICER_BURST) + mnl_attr_put_u64(nlh, DEVLINK_ATTR_TRAP_POLICER_BURST, + opts->trap_policer_burst); } static int dl_argv_parse_put(struct nlmsghdr *nlh, struct dl *dl, @@ -2058,6 +2098,9 @@ static void pr_out_stats(struct dl *dl, struct nlattr *nla_stats) if (tb[DEVLINK_ATTR_STATS_RX_PACKETS]) pr_out_u64(dl, "packets", mnl_attr_get_u64(tb[DEVLINK_ATTR_STATS_RX_PACKETS])); + if (tb[DEVLINK_ATTR_STATS_RX_DROPPED]) + pr_out_u64(dl, "dropped", + mnl_attr_get_u64(tb[DEVLINK_ATTR_STATS_RX_DROPPED])); pr_out_object_end(dl); pr_out_object_end(dl); } @@ -4141,6 +4184,10 @@ static const char *cmd_name(uint8_t cmd) case DEVLINK_CMD_TRAP_GROUP_SET: return "set"; case DEVLINK_CMD_TRAP_GROUP_NEW: return "new"; case DEVLINK_CMD_TRAP_GROUP_DEL: return "del"; + case DEVLINK_CMD_TRAP_POLICER_GET: return "get"; + case DEVLINK_CMD_TRAP_POLICER_SET: return "set"; + case DEVLINK_CMD_TRAP_POLICER_NEW: return "new"; + case DEVLINK_CMD_TRAP_POLICER_DEL: return "del"; default: return "<unknown cmd>"; } } @@ -4185,6 +4232,11 @@ static const char *cmd_obj(uint8_t cmd) case DEVLINK_CMD_TRAP_GROUP_NEW: case DEVLINK_CMD_TRAP_GROUP_DEL: return "trap-group"; + case DEVLINK_CMD_TRAP_POLICER_GET: + case DEVLINK_CMD_TRAP_POLICER_SET: + case DEVLINK_CMD_TRAP_POLICER_NEW: + case DEVLINK_CMD_TRAP_POLICER_DEL: + return "trap-policer"; default: return "<unknown obj>"; } } @@ -4239,6 +4291,7 @@ static void pr_out_region(struct dl *dl, struct nlattr **tb); static void pr_out_health(struct dl *dl, struct nlattr **tb_health); static void pr_out_trap(struct dl *dl, struct nlattr **tb, bool array); static void pr_out_trap_group(struct dl *dl, struct nlattr **tb, bool array); +static void pr_out_trap_policer(struct dl *dl, struct nlattr **tb, bool array); static int cmd_mon_show_cb(const struct nlmsghdr *nlh, void *data) { @@ -4339,6 +4392,19 @@ static int cmd_mon_show_cb(const struct nlmsghdr *nlh, void *data) pr_out_mon_header(genl->cmd); pr_out_trap_group(dl, tb, false); break; + case DEVLINK_CMD_TRAP_POLICER_GET: /* fall through */ + case DEVLINK_CMD_TRAP_POLICER_SET: /* fall through */ + case DEVLINK_CMD_TRAP_POLICER_NEW: /* fall through */ + case DEVLINK_CMD_TRAP_POLICER_DEL: /* fall through */ + mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb); + if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] || + !tb[DEVLINK_ATTR_TRAP_POLICER_ID] || + !tb[DEVLINK_ATTR_TRAP_POLICER_RATE] || + !tb[DEVLINK_ATTR_TRAP_POLICER_BURST]) + return MNL_CB_ERROR; + pr_out_mon_header(genl->cmd); + pr_out_trap_policer(dl, tb, false); + break; } return MNL_CB_OK; } @@ -4355,7 +4421,8 @@ static int cmd_mon_show(struct dl *dl) strcmp(cur_obj, "port") != 0 && strcmp(cur_obj, "health") != 0 && strcmp(cur_obj, "trap") != 0 && - strcmp(cur_obj, "trap-group") != 0) { + strcmp(cur_obj, "trap-group") != 0 && + strcmp(cur_obj, "trap-policer") != 0) { pr_err("Unknown object \"%s\"\n", cur_obj); return -EINVAL; } @@ -4372,7 +4439,7 @@ static int cmd_mon_show(struct dl *dl) static void cmd_mon_help(void) { pr_err("Usage: devlink monitor [ all | OBJECT-LIST ]\n" - "where OBJECT-LIST := { dev | port | health | trap | trap-group }\n"); + "where OBJECT-LIST := { dev | port | health | trap | trap-group | trap-policer }\n"); } static int cmd_mon(struct dl *dl) @@ -7002,6 +7069,8 @@ static void cmd_trap_help(void) pr_err(" devlink trap show [ DEV trap TRAP ]\n"); pr_err(" devlink trap group set DEV group GROUP [ action { trap | drop } ]\n"); pr_err(" devlink trap group show [ DEV group GROUP ]\n"); + pr_err(" devlink trap policer set DEV policer POLICER [ rate RATE ] [ burst BURST ]\n"); + pr_err(" devlink trap policer show DEV policer POLICER\n"); } static int cmd_trap_show(struct dl *dl) @@ -7136,6 +7205,104 @@ static int cmd_trap_group(struct dl *dl) return -ENOENT; } +static void pr_out_trap_policer(struct dl *dl, struct nlattr **tb, bool array) +{ + if (array) + pr_out_handle_start_arr(dl, tb); + else + __pr_out_handle_start(dl, tb, true, false); + + check_indent_newline(dl); + print_uint(PRINT_ANY, "policer", "policer %u", + mnl_attr_get_u32(tb[DEVLINK_ATTR_TRAP_POLICER_ID])); + print_u64(PRINT_ANY, "rate", " rate %llu", + mnl_attr_get_u64(tb[DEVLINK_ATTR_TRAP_POLICER_RATE])); + print_u64(PRINT_ANY, "burst", " burst %llu", + mnl_attr_get_u64(tb[DEVLINK_ATTR_TRAP_POLICER_BURST])); + if (tb[DEVLINK_ATTR_STATS]) + pr_out_stats(dl, tb[DEVLINK_ATTR_STATS]); + pr_out_handle_end(dl); +} + +static int cmd_trap_policer_show_cb(const struct nlmsghdr *nlh, void *data) +{ + struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh); + struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {}; + struct dl *dl = data; + + mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb); + if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] || + !tb[DEVLINK_ATTR_TRAP_POLICER_ID] || + !tb[DEVLINK_ATTR_TRAP_POLICER_RATE] || + !tb[DEVLINK_ATTR_TRAP_POLICER_BURST]) + return MNL_CB_ERROR; + + pr_out_trap_policer(dl, tb, true); + + return MNL_CB_OK; +} + +static int cmd_trap_policer_show(struct dl *dl) +{ + uint16_t flags = NLM_F_REQUEST | NLM_F_ACK; + struct nlmsghdr *nlh; + int err; + + if (dl_argc(dl) == 0) + flags |= NLM_F_DUMP; + + nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_TRAP_POLICER_GET, flags); + + if (dl_argc(dl) > 0) { + err = dl_argv_parse_put(nlh, dl, + DL_OPT_HANDLE | DL_OPT_TRAP_POLICER_ID, + 0); + if (err) + return err; + } + + pr_out_section_start(dl, "trap_policer"); + err = _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_trap_policer_show_cb, dl); + pr_out_section_end(dl); + + return err; +} + +static int cmd_trap_policer_set(struct dl *dl) +{ + struct nlmsghdr *nlh; + int err; + + nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_TRAP_POLICER_SET, + NLM_F_REQUEST | NLM_F_ACK); + + err = dl_argv_parse_put(nlh, dl, + DL_OPT_HANDLE | DL_OPT_TRAP_POLICER_ID, + DL_OPT_TRAP_POLICER_RATE | + DL_OPT_TRAP_POLICER_BURST); + if (err) + return err; + + return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL); +} + +static int cmd_trap_policer(struct dl *dl) +{ + if (dl_argv_match(dl, "help")) { + cmd_trap_help(); + return 0; + } else if (dl_argv_match(dl, "show") || + dl_argv_match(dl, "list") || dl_no_arg(dl)) { + dl_arg_inc(dl); + return cmd_trap_policer_show(dl); + } else if (dl_argv_match(dl, "set")) { + dl_arg_inc(dl); + return cmd_trap_policer_set(dl); + } + pr_err("Command \"%s\" not found\n", dl_argv(dl)); + return -ENOENT; +} + static int cmd_trap(struct dl *dl) { if (dl_argv_match(dl, "help")) { @@ -7151,6 +7318,9 @@ static int cmd_trap(struct dl *dl) } else if (dl_argv_match(dl, "group")) { dl_arg_inc(dl); return cmd_trap_group(dl); + } else if (dl_argv_match(dl, "policer")) { + dl_arg_inc(dl); + return cmd_trap_policer(dl); } pr_err("Command \"%s\" not found\n", dl_argv(dl)); return -ENOENT; diff --git a/man/man8/devlink-monitor.8 b/man/man8/devlink-monitor.8 index a96d350f4241..de351f32a1e5 100644 --- a/man/man8/devlink-monitor.8 +++ b/man/man8/devlink-monitor.8 @@ -21,7 +21,7 @@ command is the first in the command line and then the object list. .I OBJECT-LIST is the list of object types that we want to monitor. It may contain -.BR dev ", " port ", " health ", " trap ", " trap-group . +.BR dev ", " port ", " health ", " trap ", " trap-group ", " trap-policer . .B devlink opens Devlink Netlink socket, listens on it and dumps state changes. diff --git a/man/man8/devlink-trap.8 b/man/man8/devlink-trap.8 index db19fe4c7452..113eda4ac790 100644 --- a/man/man8/devlink-trap.8 +++ b/man/man8/devlink-trap.8 @@ -38,6 +38,13 @@ devlink-trap \- devlink trap configuration .BI "devlink trap group set " DEV " group " GROUP .RB "[ " action " { " trap " | " drop " } ]" +.ti -8 +.BI "devlink trap policer set " DEV " policer " POLICER +.RB "[ " rate +.IR "RATE " ] +.RB "[ " burst +.IR "BURST " ] + .ti -8 .B devlink trap help @@ -102,6 +109,24 @@ packet trap action. The action is set for all the packet traps member in the trap group. The actions of non-drop traps cannot be changed and are thus skipped. +.SS devlink trap policer set - set attributes of packet trap policer + +.PP +.I "DEV" +- specifies the devlink device the packet trap policer belongs to. + +.PP +.BI "policer " POLICER +- specifies the packet trap policer. + +.PP +.BI rate " RATE " +- packet trap policer rate in packets per second. + +.PP +.BI burst " BURST " +- packet trap policer burst size in packets. + .SH "EXAMPLES" .PP devlink trap show @@ -128,6 +153,21 @@ devlink trap set pci/0000:01:00.0 trap source_mac_is_multicast action trap .RS 4 Set the action of a specific packet trap to 'trap'. .RE +.PP +devlink trap policer show +.RS 4 +List available packet trap policers. +.RE +.PP +devlink -s trap policer show pci/0000:01:00.0 policer 1 +.RS 4 +Show attributes and statistics of a specific packet trap policer. +.RE +.PP +devlink trap policer set pci/0000:01:00.0 policer 1 rate 1000 burst 128 +.RS 4 +Set the rate and burst size of a specific packet trap policer. +.RE .SH SEE ALSO .BR devlink (8), -- 2.24.1
Powered by blists - more mailing lists