Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields

[David Miller]

From: Or Gerlitz 
Date: Thu, 1 Jun 2017 19:08:56 +0300

> On Tue, May 30, 2017 at 7:18 PM, David Miller  wrote:
> 
>> The top level merge commit explains everything, and since the patches
>> are grouped together logically, even if you just look at the merge
>> commit in the GIT tree, it is mentioned.
> 
> Hi Dave,
> 
> Do you want to see a repost here or you are going to process the
> series I submitted from patchworks?

There needs to be a repost.

Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields

[Or Gerlitz]

On Tue, May 30, 2017 at 7:18 PM, David Miller  wrote:

> The top level merge commit explains everything, and since the patches
> are grouped together logically, even if you just look at the merge
> commit in the GIT tree, it is mentioned.

Hi Dave,

Do you want to see a repost here or you are going to process the
series I submitted from patchworks?

Or.

Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields

[David Miller]

From: Tom Herbert 
Date: Tue, 30 May 2017 09:06:11 -0700

> The commit log does not mention cls_flower. There are no test results
> given for the impact of the patch. There is no description why tos and
> ttl are being added as opposed to id, flags, or IP options for that
> matter.

The top level merge commit explains everything, and since the patches
are grouped together logically, even if you just look at the merge
commit in the GIT tree, it is mentioned.

This has been going on for so long, it's kinda unreasonable for you to
start complaining now.

Thanks.

Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields

[Tom Herbert]

On Tue, May 30, 2017 at 6:10 AM, Jiri Pirko  wrote:
> Sat, May 27, 2017 at 07:18:45PM CEST, t...@herbertland.com wrote:
>>On Sat, May 27, 2017 at 9:31 AM, Or Gerlitz  wrote:
>>> On Thu, May 25, 2017 at 7:22 PM, Tom Herbert  wrote:
 On Thu, May 25, 2017 at 6:24 AM, Or Gerlitz  wrote:
> Add support for dissection of ip tos and ttl and ipv6 traffic-class
> and hoplimit. Both are dissected into the same struct.
>>>
> Uses similar call to ip dissection function as with tcp, arp and others.
>>>
>>>
> +/**
> + * struct flow_dissector_key_ip:
> + * @tos: tos
> + * @ttl: ttl
> + */
> +struct flow_dissector_key_ip {
> +   __u8tos;
> +   __u8ttl;
> +};
> --- a/net/core/flow_dissector.c
> +++ b/net/core/flow_dissector.c
>>>
> +static void
> +__skb_flow_dissect_ipv4(const struct sk_buff *skb,
> +   struct flow_dissector *flow_dissector,
> +   void *target_container, void *data, const struct 
> iphdr *iph)
> +{
> +   struct flow_dissector_key_ip *key_ip;
> +
> +   if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP))
> +   return;
> +
> +   key_ip = skb_flow_dissector_target(flow_dissector,
> +  FLOW_DISSECTOR_KEY_IP,
> +  target_container);
> +   key_ip->tos = iph->tos;
> +   key_ip->ttl = iph->ttl;

 In an encapsulation this returns the tos and ttl of the encapsulated
 packet. Is that really useful to the caller? Seems more likely that
 they need the outer tos and ttl for forwarding.
>>>
>>> In what we are dealing with, classification is carried after the
>>> packet is decapsulated by the shared tunnel device. So even today,e.g
>>> for the src/dst IP, the dissection is carried on what were the inner
>>> fields before decap.
>>>
>>Or,
>>
>>I think the problem is I don't know what you're dealing with. The only
>>thing I can derive from the commit log is that tos and ttl are being
>>extracted, but I don't know why they are needed. I do know this is
>>adding complexity to an already overly complex function, and this
>>introduces new conditionals and code into the primary use case of
>>flow_dissector which is to create a key for deriving skb->hash. I
>>don't see that the cost of this patch has been justified.
>
> Tom, we have been over this multiple times. The decision DaveM made at
> the time I was pushing cls_flower was to have one shared dissection code
> (I originally had a separate dissector inside cls_flower). And I
> agree with that decision. It was a bit painful to work out the
> flow_dissector in a generic way, but it was worth the efford.
>is i
> So when we need to dissect something new for cls_flower, we put it here.
> flow_dissector is now miles away from being just a plain
> "creator of the key to derive skb->hash".
>
Jiri,

The commit log does not mention cls_flower. There are no test results
given for the impact of the patch. There is no description why tos and
ttl are being added as opposed to id, flags, or IP options for that
matter.

Tom

> Jiří

Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields

[Jiri Pirko]

Sat, May 27, 2017 at 07:18:45PM CEST, t...@herbertland.com wrote:
>On Sat, May 27, 2017 at 9:31 AM, Or Gerlitz  wrote:
>> On Thu, May 25, 2017 at 7:22 PM, Tom Herbert  wrote:
>>> On Thu, May 25, 2017 at 6:24 AM, Or Gerlitz  wrote:
 Add support for dissection of ip tos and ttl and ipv6 traffic-class
 and hoplimit. Both are dissected into the same struct.
>>
 Uses similar call to ip dissection function as with tcp, arp and others.
>>
>>
 +/**
 + * struct flow_dissector_key_ip:
 + * @tos: tos
 + * @ttl: ttl
 + */
 +struct flow_dissector_key_ip {
 +   __u8tos;
 +   __u8ttl;
 +};
 --- a/net/core/flow_dissector.c
 +++ b/net/core/flow_dissector.c
>>
 +static void
 +__skb_flow_dissect_ipv4(const struct sk_buff *skb,
 +   struct flow_dissector *flow_dissector,
 +   void *target_container, void *data, const struct 
 iphdr *iph)
 +{
 +   struct flow_dissector_key_ip *key_ip;
 +
 +   if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP))
 +   return;
 +
 +   key_ip = skb_flow_dissector_target(flow_dissector,
 +  FLOW_DISSECTOR_KEY_IP,
 +  target_container);
 +   key_ip->tos = iph->tos;
 +   key_ip->ttl = iph->ttl;
>>>
>>> In an encapsulation this returns the tos and ttl of the encapsulated
>>> packet. Is that really useful to the caller? Seems more likely that
>>> they need the outer tos and ttl for forwarding.
>>
>> In what we are dealing with, classification is carried after the
>> packet is decapsulated by the shared tunnel device. So even today,e.g
>> for the src/dst IP, the dissection is carried on what were the inner
>> fields before decap.
>>
>Or,
>
>I think the problem is I don't know what you're dealing with. The only
>thing I can derive from the commit log is that tos and ttl are being
>extracted, but I don't know why they are needed. I do know this is
>adding complexity to an already overly complex function, and this
>introduces new conditionals and code into the primary use case of
>flow_dissector which is to create a key for deriving skb->hash. I
>don't see that the cost of this patch has been justified.

Tom, we have been over this multiple times. The decision DaveM made at
the time I was pushing cls_flower was to have one shared dissection code
(I originally had a separate dissector inside cls_flower). And I
agree with that decision. It was a bit painful to work out the
flow_dissector in a generic way, but it was worth the efford.

So when we need to dissect something new for cls_flower, we put it here.
flow_dissector is now miles away from being just a plain
"creator of the key to derive skb->hash".

Jiří

Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields

[Or Gerlitz]

On Sat, May 27, 2017 at 8:18 PM, Tom Herbert  wrote:

> I think the problem is I don't know what you're dealing with. The only
> thing I can derive from the commit log is that tos and ttl are being
> extracted, but I don't know why they are needed.

The current case for matching on TTL I am dealing with is for using
TC/flower for offloading OVS in flow based VM traffic routing env
(Open-Stack and ODL
DVR - Distributed Virtual Routing) -- where packet headers are
re-written to set the next hop MACs and the TTL is changed. Fields
which are modified are also matched beforhand, and here comes the
matching on TTL.

> I do know this is
> adding complexity to an already overly complex function, and this
> introduces new conditionals and code into the primary use case of
> flow_dissector which is to create a key for deriving skb->hash. I
> don't see that the cost of this patch has been justified.

I hear what you're saying, but part of the rules is that everything to
be offloaded can also be carried out in the kernel SW data-path, so
here comes the touching that area. I have used the minimal foot print
I could and set the code to run in a separate helper called from the
main dissection function.


>> When we did the the flower patches for being able to classify on both
>> the inner and outer fields (say outer src/dst ip, tunnel key) for what
>> related to the  macs/ips/ports/etc -- I don't think we touched the
>> existing dissection, I will look on that to see if I am wrong..

Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields

[Tom Herbert]

On Sat, May 27, 2017 at 9:31 AM, Or Gerlitz  wrote:
> On Thu, May 25, 2017 at 7:22 PM, Tom Herbert  wrote:
>> On Thu, May 25, 2017 at 6:24 AM, Or Gerlitz  wrote:
>>> Add support for dissection of ip tos and ttl and ipv6 traffic-class
>>> and hoplimit. Both are dissected into the same struct.
>
>>> Uses similar call to ip dissection function as with tcp, arp and others.
>
>
>>> +/**
>>> + * struct flow_dissector_key_ip:
>>> + * @tos: tos
>>> + * @ttl: ttl
>>> + */
>>> +struct flow_dissector_key_ip {
>>> +   __u8tos;
>>> +   __u8ttl;
>>> +};
>>> --- a/net/core/flow_dissector.c
>>> +++ b/net/core/flow_dissector.c
>
>>> +static void
>>> +__skb_flow_dissect_ipv4(const struct sk_buff *skb,
>>> +   struct flow_dissector *flow_dissector,
>>> +   void *target_container, void *data, const struct 
>>> iphdr *iph)
>>> +{
>>> +   struct flow_dissector_key_ip *key_ip;
>>> +
>>> +   if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP))
>>> +   return;
>>> +
>>> +   key_ip = skb_flow_dissector_target(flow_dissector,
>>> +  FLOW_DISSECTOR_KEY_IP,
>>> +  target_container);
>>> +   key_ip->tos = iph->tos;
>>> +   key_ip->ttl = iph->ttl;
>>
>> In an encapsulation this returns the tos and ttl of the encapsulated
>> packet. Is that really useful to the caller? Seems more likely that
>> they need the outer tos and ttl for forwarding.
>
> In what we are dealing with, classification is carried after the
> packet is decapsulated by the shared tunnel device. So even today,e.g
> for the src/dst IP, the dissection is carried on what were the inner
> fields before decap.
>
Or,

I think the problem is I don't know what you're dealing with. The only
thing I can derive from the commit log is that tos and ttl are being
extracted, but I don't know why they are needed. I do know this is
adding complexity to an already overly complex function, and this
introduces new conditionals and code into the primary use case of
flow_dissector which is to create a key for deriving skb->hash. I
don't see that the cost of this patch has been justified.

Tom

> When we did the the flower patches for being able to classify on both
> the inner and outer fields (say outer src/dst ip, tunnel key) for what
> related to the  macs/ips/ports/etc -- I don't think we touched the
> existing dissection, I will look on that to see if I am wrong..

Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields

[Or Gerlitz]

On Thu, May 25, 2017 at 7:22 PM, Tom Herbert  wrote:
> On Thu, May 25, 2017 at 6:24 AM, Or Gerlitz  wrote:
>> Add support for dissection of ip tos and ttl and ipv6 traffic-class
>> and hoplimit. Both are dissected into the same struct.

>> Uses similar call to ip dissection function as with tcp, arp and others.


>> +/**
>> + * struct flow_dissector_key_ip:
>> + * @tos: tos
>> + * @ttl: ttl
>> + */
>> +struct flow_dissector_key_ip {
>> +   __u8tos;
>> +   __u8ttl;
>> +};
>> --- a/net/core/flow_dissector.c
>> +++ b/net/core/flow_dissector.c

>> +static void
>> +__skb_flow_dissect_ipv4(const struct sk_buff *skb,
>> +   struct flow_dissector *flow_dissector,
>> +   void *target_container, void *data, const struct 
>> iphdr *iph)
>> +{
>> +   struct flow_dissector_key_ip *key_ip;
>> +
>> +   if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP))
>> +   return;
>> +
>> +   key_ip = skb_flow_dissector_target(flow_dissector,
>> +  FLOW_DISSECTOR_KEY_IP,
>> +  target_container);
>> +   key_ip->tos = iph->tos;
>> +   key_ip->ttl = iph->ttl;
>
> In an encapsulation this returns the tos and ttl of the encapsulated
> packet. Is that really useful to the caller? Seems more likely that
> they need the outer tos and ttl for forwarding.

In what we are dealing with, classification is carried after the
packet is decapsulated by the shared tunnel device. So even today,e.g
for the src/dst IP, the dissection is carried on what were the inner
fields before decap.

When we did the the flower patches for being able to classify on both
the inner and outer fields (say outer src/dst ip, tunnel key) for what
related to the  macs/ips/ports/etc -- I don't think we touched the
existing dissection, I will look on that to see if I am wrong..

Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields

[Or Gerlitz]

On Thu, May 25, 2017 at 6:42 PM, Tom Herbert  wrote:
> On Thu, May 25, 2017 at 6:24 AM, Or Gerlitz  wrote:
>> Add support for dissection of ip tos and ttl and ipv6 traffic-class
>> and hoplimit. Both are dissected into the same struct.

>> --- a/include/net/flow_dissector.h
>> +++ b/include/net/flow_dissector.h

>> +/**
>> + * struct flow_dissector_key_ip:
>> + * @tos: tos
>> + * @ttl: ttl
>> + */
>> +struct flow_dissector_key_ip {
>> +   __u8tos;
>> +   __u8ttl;
>> +};
>> +

> Looks like yet more complexity be piled onto flow dissector. Instead
> of splitting out individual fields can we just return a pointer to the
> IP header and let the caller extract the fields they're interested in?

Do you mean that struct flow_dissector_key_ip  will only contain
(union?) const struct iphdr * and const struct ipv6hdr * ? I wasn't
sure how would that further look on the kernel SW classification path
(the non offloaded case)

Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields

[Tom Herbert]

On Thu, May 25, 2017 at 6:24 AM, Or Gerlitz  wrote:
> Add support for dissection of ip tos and ttl and ipv6 traffic-class
> and hoplimit. Both are dissected into the same struct.
>
> Uses similar call to ip dissection function as with tcp, arp and others.
>
> Signed-off-by: Or Gerlitz 
> Reviewed-by: Jiri Pirko 
> ---
>  include/net/flow_dissector.h | 11 +++
>  net/core/flow_dissector.c| 40 
>  2 files changed, 51 insertions(+)
>
> diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
> index efe34eec..e2663e9 100644
> --- a/include/net/flow_dissector.h
> +++ b/include/net/flow_dissector.h
> @@ -165,6 +165,16 @@ struct flow_dissector_key_tcp {
> __be16 flags;
>  };
>
> +/**
> + * struct flow_dissector_key_ip:
> + * @tos: tos
> + * @ttl: ttl
> + */
> +struct flow_dissector_key_ip {
> +   __u8tos;
> +   __u8ttl;
> +};
> +
>  enum flow_dissector_key_id {
> FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */
> FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */
> @@ -186,6 +196,7 @@ enum flow_dissector_key_id {
> FLOW_DISSECTOR_KEY_ENC_PORTS, /* struct flow_dissector_key_ports */
> FLOW_DISSECTOR_KEY_MPLS, /* struct flow_dissector_key_mpls */
> FLOW_DISSECTOR_KEY_TCP, /* struct flow_dissector_key_tcp */
> +   FLOW_DISSECTOR_KEY_IP, /* struct flow_dissector_key_ip */
>
> FLOW_DISSECTOR_KEY_MAX,
>  };
> diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
> index 5a45943..fc5fc45 100644
> --- a/net/core/flow_dissector.c
> +++ b/net/core/flow_dissector.c
> @@ -367,6 +367,40 @@ __skb_flow_dissect_tcp(const struct sk_buff *skb,
> key_tcp->flags = (*(__be16 *) _flag_word(th) & htons(0x0FFF));
>  }
>
> +static void
> +__skb_flow_dissect_ipv4(const struct sk_buff *skb,
> +   struct flow_dissector *flow_dissector,
> +   void *target_container, void *data, const struct 
> iphdr *iph)
> +{
> +   struct flow_dissector_key_ip *key_ip;
> +
> +   if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP))
> +   return;
> +
> +   key_ip = skb_flow_dissector_target(flow_dissector,
> +  FLOW_DISSECTOR_KEY_IP,
> +  target_container);
> +   key_ip->tos = iph->tos;
> +   key_ip->ttl = iph->ttl;

In an encapsulation this returns the tos and ttl of the encapsulated
packet. Is that really useful to the caller? Seems more likely that
they need the outer tos and ttl for forwarding.

> +}
> +
> +static void
> +__skb_flow_dissect_ipv6(const struct sk_buff *skb,
> +   struct flow_dissector *flow_dissector,
> +   void *target_container, void *data, const struct 
> ipv6hdr *iph)
> +{
> +   struct flow_dissector_key_ip *key_ip;
> +
> +   if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP))
> +   return;
> +
> +   key_ip = skb_flow_dissector_target(flow_dissector,
> +  FLOW_DISSECTOR_KEY_IP,
> +  target_container);
> +   key_ip->tos = ipv6_get_dsfield(iph);
> +   key_ip->ttl = iph->hop_limit;
> +}
> +
>  /**
>   * __skb_flow_dissect - extract the flow_keys struct and return it
>   * @skb: sk_buff to extract the flow from, can be NULL if the rest are 
> specified
> @@ -469,6 +503,9 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
> }
> }
>
> +   __skb_flow_dissect_ipv4(skb, flow_dissector,
> +   target_container, data, iph);
> +
> if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
> goto out_good;
>
> @@ -514,6 +551,9 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
> goto out_good;
> }
>
> +   __skb_flow_dissect_ipv6(skb, flow_dissector,
> +   target_container, data, iph);
> +
> if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
> goto out_good;
>
> --
> 2.3.7
>

Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields

[Tom Herbert]

On Thu, May 25, 2017 at 6:24 AM, Or Gerlitz  wrote:
> Add support for dissection of ip tos and ttl and ipv6 traffic-class
> and hoplimit. Both are dissected into the same struct.
>
> Uses similar call to ip dissection function as with tcp, arp and others.
>
> Signed-off-by: Or Gerlitz 
> Reviewed-by: Jiri Pirko 
> ---
>  include/net/flow_dissector.h | 11 +++
>  net/core/flow_dissector.c| 40 
>  2 files changed, 51 insertions(+)
>
> diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
> index efe34eec..e2663e9 100644
> --- a/include/net/flow_dissector.h
> +++ b/include/net/flow_dissector.h
> @@ -165,6 +165,16 @@ struct flow_dissector_key_tcp {
> __be16 flags;
>  };
>
> +/**
> + * struct flow_dissector_key_ip:
> + * @tos: tos
> + * @ttl: ttl
> + */
> +struct flow_dissector_key_ip {
> +   __u8tos;
> +   __u8ttl;
> +};
> +

Looks like yet more complexity be piled onto flow dissector. Instead
of splitting out individual fields can we just return a pointer to the
IP header and let the caller extract the fields they're interested in?

Tom

>  enum flow_dissector_key_id {
> FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */
> FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */
> @@ -186,6 +196,7 @@ enum flow_dissector_key_id {
> FLOW_DISSECTOR_KEY_ENC_PORTS, /* struct flow_dissector_key_ports */
> FLOW_DISSECTOR_KEY_MPLS, /* struct flow_dissector_key_mpls */
> FLOW_DISSECTOR_KEY_TCP, /* struct flow_dissector_key_tcp */
> +   FLOW_DISSECTOR_KEY_IP, /* struct flow_dissector_key_ip */
>
> FLOW_DISSECTOR_KEY_MAX,
>  };
> diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
> index 5a45943..fc5fc45 100644
> --- a/net/core/flow_dissector.c
> +++ b/net/core/flow_dissector.c
> @@ -367,6 +367,40 @@ __skb_flow_dissect_tcp(const struct sk_buff *skb,
> key_tcp->flags = (*(__be16 *) _flag_word(th) & htons(0x0FFF));
>  }
>
> +static void
> +__skb_flow_dissect_ipv4(const struct sk_buff *skb,
> +   struct flow_dissector *flow_dissector,
> +   void *target_container, void *data, const struct 
> iphdr *iph)
> +{
> +   struct flow_dissector_key_ip *key_ip;
> +
> +   if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP))
> +   return;
> +
> +   key_ip = skb_flow_dissector_target(flow_dissector,
> +  FLOW_DISSECTOR_KEY_IP,
> +  target_container);
> +   key_ip->tos = iph->tos;
> +   key_ip->ttl = iph->ttl;
> +}
> +
> +static void
> +__skb_flow_dissect_ipv6(const struct sk_buff *skb,
> +   struct flow_dissector *flow_dissector,
> +   void *target_container, void *data, const struct 
> ipv6hdr *iph)
> +{
> +   struct flow_dissector_key_ip *key_ip;
> +
> +   if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP))
> +   return;
> +
> +   key_ip = skb_flow_dissector_target(flow_dissector,
> +  FLOW_DISSECTOR_KEY_IP,
> +  target_container);
> +   key_ip->tos = ipv6_get_dsfield(iph);
> +   key_ip->ttl = iph->hop_limit;
> +}
> +
>  /**
>   * __skb_flow_dissect - extract the flow_keys struct and return it
>   * @skb: sk_buff to extract the flow from, can be NULL if the rest are 
> specified
> @@ -469,6 +503,9 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
> }
> }
>
> +   __skb_flow_dissect_ipv4(skb, flow_dissector,
> +   target_container, data, iph);
> +
> if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
> goto out_good;
>
> @@ -514,6 +551,9 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
> goto out_good;
> }
>
> +   __skb_flow_dissect_ipv6(skb, flow_dissector,
> +   target_container, data, iph);
> +
> if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
> goto out_good;
>
> --
> 2.3.7
>

[PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields

[Or Gerlitz]

Add support for dissection of ip tos and ttl and ipv6 traffic-class
and hoplimit. Both are dissected into the same struct.

Uses similar call to ip dissection function as with tcp, arp and others.

Signed-off-by: Or Gerlitz 
Reviewed-by: Jiri Pirko 
---
 include/net/flow_dissector.h | 11 +++
 net/core/flow_dissector.c| 40 
 2 files changed, 51 insertions(+)

diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
index efe34eec..e2663e9 100644
--- a/include/net/flow_dissector.h
+++ b/include/net/flow_dissector.h
@@ -165,6 +165,16 @@ struct flow_dissector_key_tcp {
__be16 flags;
 };
 
+/**
+ * struct flow_dissector_key_ip:
+ * @tos: tos
+ * @ttl: ttl
+ */
+struct flow_dissector_key_ip {
+   __u8tos;
+   __u8ttl;
+};
+
 enum flow_dissector_key_id {
FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */
FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */
@@ -186,6 +196,7 @@ enum flow_dissector_key_id {
FLOW_DISSECTOR_KEY_ENC_PORTS, /* struct flow_dissector_key_ports */
FLOW_DISSECTOR_KEY_MPLS, /* struct flow_dissector_key_mpls */
FLOW_DISSECTOR_KEY_TCP, /* struct flow_dissector_key_tcp */
+   FLOW_DISSECTOR_KEY_IP, /* struct flow_dissector_key_ip */
 
FLOW_DISSECTOR_KEY_MAX,
 };
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 5a45943..fc5fc45 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -367,6 +367,40 @@ __skb_flow_dissect_tcp(const struct sk_buff *skb,
key_tcp->flags = (*(__be16 *) _flag_word(th) & htons(0x0FFF));
 }
 
+static void
+__skb_flow_dissect_ipv4(const struct sk_buff *skb,
+   struct flow_dissector *flow_dissector,
+   void *target_container, void *data, const struct iphdr 
*iph)
+{
+   struct flow_dissector_key_ip *key_ip;
+
+   if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP))
+   return;
+
+   key_ip = skb_flow_dissector_target(flow_dissector,
+  FLOW_DISSECTOR_KEY_IP,
+  target_container);
+   key_ip->tos = iph->tos;
+   key_ip->ttl = iph->ttl;
+}
+
+static void
+__skb_flow_dissect_ipv6(const struct sk_buff *skb,
+   struct flow_dissector *flow_dissector,
+   void *target_container, void *data, const struct 
ipv6hdr *iph)
+{
+   struct flow_dissector_key_ip *key_ip;
+
+   if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP))
+   return;
+
+   key_ip = skb_flow_dissector_target(flow_dissector,
+  FLOW_DISSECTOR_KEY_IP,
+  target_container);
+   key_ip->tos = ipv6_get_dsfield(iph);
+   key_ip->ttl = iph->hop_limit;
+}
+
 /**
  * __skb_flow_dissect - extract the flow_keys struct and return it
  * @skb: sk_buff to extract the flow from, can be NULL if the rest are 
specified
@@ -469,6 +503,9 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
}
}
 
+   __skb_flow_dissect_ipv4(skb, flow_dissector,
+   target_container, data, iph);
+
if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
goto out_good;
 
@@ -514,6 +551,9 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
goto out_good;
}
 
+   __skb_flow_dissect_ipv6(skb, flow_dissector,
+   target_container, data, iph);
+
if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
goto out_good;
 
-- 
2.3.7