| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200711212848.20914-2-lariel@mellanox.com>
Date: Sun, 12 Jul 2020 00:28:45 +0300
From: Ariel Levkovich <lariel@...lanox.com>
To: netdev@...r.kernel.org
Cc: jiri@...nulli.us, kuba@...nel.org, jhs@...atatu.com,
xiyou.wangcong@...il.com, ast@...nel.org, daniel@...earbox.net,
Ariel Levkovich <lariel@...lanox.com>,
Jiri Pirko <jiri@...lanox.com>
Subject: [PATCH net-next v3 1/4] net/sched: Add skb->hash field editing via act_skbedit
Extend act_skbedit api to allow writing into skb->hash
field.
To modify skb->hash user selects the hash algorithm
to use for the hash computation and can provide a
hash basis value to be used in the calculation.
The hash value will be calculated on the packet in the
datapath and will be set into skb->hash field.
Current implementation supports only the asymmetric l4 hash
algorithm that first checks whether the skb->hash was already
set with l4 hash value (possibly by the device driver) and uses
the existing value. If hash value wasn't set, it computes the
hash value in place using the kernel implementation of the
Jenkins hash algorithm.
Usage example:
$ tc filter add dev ens1f0_0 ingress \
prio 1 chain 0 proto ip \
flower ip_proto tcp \
action skbedit hash asym_l4 basis 5 \
action goto chain 2
Signed-off-by: Ariel Levkovich <lariel@...lanox.com>
Reviewed-by: Jiri Pirko <jiri@...lanox.com>
---
include/net/tc_act/tc_skbedit.h | 2 ++
include/uapi/linux/tc_act/tc_skbedit.h | 7 +++++
net/sched/act_skbedit.c | 38 ++++++++++++++++++++++++++
3 files changed, 47 insertions(+)
diff --git a/include/net/tc_act/tc_skbedit.h b/include/net/tc_act/tc_skbedit.h
index 00bfee70609e..44a8a4625556 100644
--- a/include/net/tc_act/tc_skbedit.h
+++ b/include/net/tc_act/tc_skbedit.h
@@ -18,6 +18,8 @@ struct tcf_skbedit_params {
u32 mask;
u16 queue_mapping;
u16 ptype;
+ u32 hash_alg;
+ u32 hash_basis;
struct rcu_head rcu;
};
diff --git a/include/uapi/linux/tc_act/tc_skbedit.h b/include/uapi/linux/tc_act/tc_skbedit.h
index 800e93377218..5877811b093b 100644
--- a/include/uapi/linux/tc_act/tc_skbedit.h
+++ b/include/uapi/linux/tc_act/tc_skbedit.h
@@ -29,6 +29,11 @@
#define SKBEDIT_F_PTYPE 0x8
#define SKBEDIT_F_MASK 0x10
#define SKBEDIT_F_INHERITDSFIELD 0x20
+#define SKBEDIT_F_HASH 0x40
+
+enum {
+ TCA_SKBEDIT_HASH_ALG_ASYM_L4,
+};
struct tc_skbedit {
tc_gen;
@@ -45,6 +50,8 @@ enum {
TCA_SKBEDIT_PTYPE,
TCA_SKBEDIT_MASK,
TCA_SKBEDIT_FLAGS,
+ TCA_SKBEDIT_HASH,
+ TCA_SKBEDIT_HASH_BASIS,
__TCA_SKBEDIT_MAX
};
#define TCA_SKBEDIT_MAX (__TCA_SKBEDIT_MAX - 1)
diff --git a/net/sched/act_skbedit.c b/net/sched/act_skbedit.c
index b125b2be4467..2cc66c798afb 100644
--- a/net/sched/act_skbedit.c
+++ b/net/sched/act_skbedit.c
@@ -66,6 +66,20 @@ static int tcf_skbedit_act(struct sk_buff *skb, const struct tc_action *a,
}
if (params->flags & SKBEDIT_F_PTYPE)
skb->pkt_type = params->ptype;
+
+ if (params->flags & SKBEDIT_F_HASH) {
+ u32 hash;
+
+ hash = skb_get_hash(skb);
+ /* If a hash basis was provided, add it into
+ * hash calculation here and re-set skb->hash
+ * to the new result with sw_hash indication
+ * and keeping the l4 hash indication.
+ */
+ hash = jhash_1word(hash, params->hash_basis);
+ __skb_set_sw_hash(skb, hash, skb->l4_hash);
+ }
+
return action;
err:
@@ -91,6 +105,8 @@ static const struct nla_policy skbedit_policy[TCA_SKBEDIT_MAX + 1] = {
[TCA_SKBEDIT_PTYPE] = { .len = sizeof(u16) },
[TCA_SKBEDIT_MASK] = { .len = sizeof(u32) },
[TCA_SKBEDIT_FLAGS] = { .len = sizeof(u64) },
+ [TCA_SKBEDIT_HASH] = { .len = sizeof(u32) },
+ [TCA_SKBEDIT_HASH_BASIS] = { .len = sizeof(u32) },
};
static int tcf_skbedit_init(struct net *net, struct nlattr *nla,
@@ -107,6 +123,7 @@ static int tcf_skbedit_init(struct net *net, struct nlattr *nla,
struct tcf_skbedit *d;
u32 flags = 0, *priority = NULL, *mark = NULL, *mask = NULL;
u16 *queue_mapping = NULL, *ptype = NULL;
+ u32 hash_alg, hash_basis = 0;
bool exists = false;
int ret = 0, err;
u32 index;
@@ -156,6 +173,17 @@ static int tcf_skbedit_init(struct net *net, struct nlattr *nla,
flags |= SKBEDIT_F_INHERITDSFIELD;
}
+ if (tb[TCA_SKBEDIT_HASH] != NULL) {
+ hash_alg = nla_get_u32(tb[TCA_SKBEDIT_HASH]);
+ if (hash_alg > TCA_SKBEDIT_HASH_ALG_ASYM_L4)
+ return -EINVAL;
+
+ flags |= SKBEDIT_F_HASH;
+
+ if (tb[TCA_SKBEDIT_HASH_BASIS])
+ hash_basis = nla_get_u32(tb[TCA_SKBEDIT_HASH_BASIS]);
+ }
+
parm = nla_data(tb[TCA_SKBEDIT_PARMS]);
index = parm->index;
err = tcf_idr_check_alloc(tn, &index, a, bind);
@@ -213,6 +241,10 @@ static int tcf_skbedit_init(struct net *net, struct nlattr *nla,
params_new->mask = 0xffffffff;
if (flags & SKBEDIT_F_MASK)
params_new->mask = *mask;
+ if (flags & SKBEDIT_F_HASH) {
+ params_new->hash_alg = hash_alg;
+ params_new->hash_basis = hash_basis;
+ }
spin_lock_bh(&d->tcf_lock);
goto_ch = tcf_action_set_ctrlact(*a, parm->action, goto_ch);
@@ -276,6 +308,12 @@ static int tcf_skbedit_dump(struct sk_buff *skb, struct tc_action *a,
if (pure_flags != 0 &&
nla_put(skb, TCA_SKBEDIT_FLAGS, sizeof(pure_flags), &pure_flags))
goto nla_put_failure;
+ if (params->flags & SKBEDIT_F_HASH) {
+ if (nla_put_u32(skb, TCA_SKBEDIT_HASH, params->hash_alg))
+ goto nla_put_failure;
+ if (nla_put_u32(skb, TCA_SKBEDIT_HASH_BASIS, params->hash_basis))
+ goto nla_put_failure;
+ }
tcf_tm_dump(&t, &d->tcf_tm);
if (nla_put_64bit(skb, TCA_SKBEDIT_TM, sizeof(t), &t, TCA_SKBEDIT_PAD))
--
2.25.2
Powered by blists - more mailing lists