Add helpers for Linux Traffic Control (TC) filter#209
Open
peilin-ye wants to merge 6 commits intoosandov:mainfrom
Open
Add helpers for Linux Traffic Control (TC) filter#209peilin-ye wants to merge 6 commits intoosandov:mainfrom
peilin-ye wants to merge 6 commits intoosandov:mainfrom
Conversation
Add a helper, for_each_tcf_chain(), to iterate over all TC filter chains
on a block (struct tcf_block *). As an example:
>>> eth0 = netdev_get_by_name(prog, "eth0")
>>> htb = qdisc_lookup(eth0, 0x1)
>>> block = Object(prog, "struct htb_sched *", htb.privdata.address_).block
>>> for chain in for_each_tcf_chain(block):
... print(chain.index)
...
0
1
2
This is only supported since Linux kernel commit 2190d1d0944f ("net:
sched: introduce helpers to work with filter chains") in v4.13.
Signed-off-by: Peilin Ye <peilin.ye@bytedance.com>
Add a helper, get_tcf_chain_by_index(), to get a TC filter chain from a
block given the chain index number. As an example:
>>> eth0 = netdev_get_by_name(prog, "eth0")
>>> htb = qdisc_lookup(eth0, 0x1)
>>> block = Object(prog, "struct htb_sched *", htb.privdata.address_).block
>>> chain = get_tcf_chain_by_index(block, 0)
>>> chain.filter_chain.ops.kind
b'u32'
This is only supported since Linux kernel commit 5bc1701881e3 ("net:
sched: introduce multichain support for filters") in v4.13.
Signed-off-by: Peilin Ye <peilin.ye@bytedance.com>
Add a helper, for_each_tcf_proto(), to iterate over all TC filters
(struct tcf_proto *) on a filter chain. As an example:
>>> eth0 = netdev_get_by_name(prog, "eth0")
>>> htb = qdisc_lookup(eth0, 0x1)
>>> block = Object(prog, "struct htb_sched *", htb.privdata.address_).block
>>> chain = get_tcf_chain_by_index(block, 0)
>>> for filter in for for_each_tcf_proto(chain):
... print(filter.ops.kind)
b'u32'
b'matchall'
b'flower'
This is only supported since Linux kernel commit 2190d1d0944f ("net:
sched: introduce helpers to work with filter chains") in v4.13.
Signed-off-by: Peilin Ye <peilin.ye@bytedance.com>
Add a helper, get_tcf_proto_by_prio(), to get a TC filter (struct
tcf_proto *) from a chain given the priority (preference) number. As an
example:
>>> eth0 = netdev_get_by_name(prog, "eth0")
>>> htb = qdisc_lookup(eth0, 0x1)
>>> block = Object(prog, "struct htb_sched *", htb.privdata.address_).block
>>> chain = get_tcf_chain_by_index(block, 0)
>>> u32 = get_tcf_proto_by_prio(chain, 10)
>>> u32.ops.kind
b'u32'
This is only supported since Linux kernel commit 2190d1d0944f ("net:
sched: introduce helpers to work with filter chains") in v4.13.
Signed-off-by: Peilin Ye <peilin.ye@bytedance.com>
Since we are planning to add more TestTc() tests, factor out common code and shared variables (e.g. drgn Object for network namespace). Signed-off-by: Peilin Ye <peilin.ye@bytedance.com>
Add a TestTc() test, test_tcf_chain_and_tcf_proto(), for the following
helpers:
for_each_tcf_chain()
for_each_tcf_proto()
get_tcf_chain_by_index()
get_tcf_proto_by_prio()
It depends on Linux kernel CONFIG_NET_SCH_HTB and CONFIG_NET_CLS_U32
configs, and is skipped if kernel is older than v4.13 (commit 5bc1701881e3
("net: sched: introduce multichain support for filters")).
It depends on the TCA_CHAIN netlink message attribute, which pyroute2
does not support yet. Use a customized class tcmsg for now.
Signed-off-by: Peilin Ye <peilin.ye@bytedance.com>
peilin-ye
force-pushed
the
helpers_tc_filter
branch
from
2f4d457 to
43c214f
Compare
Contributor
Author
|
Fixed a |
osandov
reviewed
Sep 23, 2022
Owner
osandov
left a comment
osandov
left a comment
There was a problem hiding this comment.
I only gave this a quick look and had some questions about the kernel versions involved. I'll give it a more thorough review once that's cleared up. Thank you!
Comment on lines
+36
to
+45
| # Before Linux kernel commit 5bc1701881e3 ("net: sched: introduce | ||
| # multichain support for filters") (in v4.13), each block contained only | ||
| # one chain. | ||
| try: | ||
| chain_list = block.chain_list.address_of_() | ||
| except AttributeError: | ||
| # Before Linux kernel commit 2190d1d0944f ("net: sched: introduce | ||
| # helpers to work with filter chains") (in v4.13), struct tcf_chain | ||
| # didn't exist. | ||
| return block.chain |
Owner
There was a problem hiding this comment.
It looks like both of these commits went in during v4.13-rc1. I wouldn't bother checking for the intermediate state between those two commits; let's just assume that the kernel is an official tagged release, which I think will simplify this.
| """ | ||
| Iterate over all TC filter chains on a block. | ||
|
|
||
| This is only supported since Linux v4.13. |
Owner
There was a problem hiding this comment.
I'm not familiar with TC at all, but looking at the commits you reference here, it looks like TC filter chains didn't exist at all before 4.13, is that correct? Maybe we can say something like "This is only supported since Linux v4.13, before which TC filter chains didn't exist.".
Comment on lines
+47
to
+48
| for chain in list_for_each_entry("struct tcf_chain", chain_list, "list"): | ||
| yield chain |
Owner
There was a problem hiding this comment.
I think you can simplify this to:
Suggested change
| for chain in list_for_each_entry("struct tcf_chain", chain_list, "list"): | |
| yield chain | |
| return list_for_each_entry("struct tcf_chain", chain_list, "list") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hi all,
These are helpers for Linux TC filter (
struct tcf_proto) and filter chain (struct tcf_chain) that I found useful when debugging TC issues. They are only supported since Linux v4.13 because several related data structures didn't exist before that.The test is skipped if kernel is older than v4.13 commit 5bc1701881e3 ("net: sched: introduce multichain support for filters"), and depends on config
CONFIG_NET_SCH_HTBandCONFIG_NET_CLS_U32. It uses theTCA_CHAINNetlink message attribute, which pyroute2 doesn't fully support yet, which is why the test may look a bit over-complicated. I will addTCA_CHAINsupport to pyroute2 and clean it up.Thanks,
Peilin Ye