Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields
From: Or GerlitzDate: Thu, 1 Jun 2017 19:08:56 +0300 > On Tue, May 30, 2017 at 7:18 PM, David Miller wrote: > >> The top level merge commit explains everything, and since the patches >> are grouped together logically, even if you just look at the merge >> commit in the GIT tree, it is mentioned. > > Hi Dave, > > Do you want to see a repost here or you are going to process the > series I submitted from patchworks? There needs to be a repost.
Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields
On Tue, May 30, 2017 at 7:18 PM, David Millerwrote: > The top level merge commit explains everything, and since the patches > are grouped together logically, even if you just look at the merge > commit in the GIT tree, it is mentioned. Hi Dave, Do you want to see a repost here or you are going to process the series I submitted from patchworks? Or.
Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields
From: Tom HerbertDate: Tue, 30 May 2017 09:06:11 -0700 > The commit log does not mention cls_flower. There are no test results > given for the impact of the patch. There is no description why tos and > ttl are being added as opposed to id, flags, or IP options for that > matter. The top level merge commit explains everything, and since the patches are grouped together logically, even if you just look at the merge commit in the GIT tree, it is mentioned. This has been going on for so long, it's kinda unreasonable for you to start complaining now. Thanks.
Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields
On Tue, May 30, 2017 at 6:10 AM, Jiri Pirkowrote: > Sat, May 27, 2017 at 07:18:45PM CEST, t...@herbertland.com wrote: >>On Sat, May 27, 2017 at 9:31 AM, Or Gerlitz wrote: >>> On Thu, May 25, 2017 at 7:22 PM, Tom Herbert wrote: On Thu, May 25, 2017 at 6:24 AM, Or Gerlitz wrote: > Add support for dissection of ip tos and ttl and ipv6 traffic-class > and hoplimit. Both are dissected into the same struct. >>> > Uses similar call to ip dissection function as with tcp, arp and others. >>> >>> > +/** > + * struct flow_dissector_key_ip: > + * @tos: tos > + * @ttl: ttl > + */ > +struct flow_dissector_key_ip { > + __u8tos; > + __u8ttl; > +}; > --- a/net/core/flow_dissector.c > +++ b/net/core/flow_dissector.c >>> > +static void > +__skb_flow_dissect_ipv4(const struct sk_buff *skb, > + struct flow_dissector *flow_dissector, > + void *target_container, void *data, const struct > iphdr *iph) > +{ > + struct flow_dissector_key_ip *key_ip; > + > + if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP)) > + return; > + > + key_ip = skb_flow_dissector_target(flow_dissector, > + FLOW_DISSECTOR_KEY_IP, > + target_container); > + key_ip->tos = iph->tos; > + key_ip->ttl = iph->ttl; In an encapsulation this returns the tos and ttl of the encapsulated packet. Is that really useful to the caller? Seems more likely that they need the outer tos and ttl for forwarding. >>> >>> In what we are dealing with, classification is carried after the >>> packet is decapsulated by the shared tunnel device. So even today,e.g >>> for the src/dst IP, the dissection is carried on what were the inner >>> fields before decap. >>> >>Or, >> >>I think the problem is I don't know what you're dealing with. The only >>thing I can derive from the commit log is that tos and ttl are being >>extracted, but I don't know why they are needed. I do know this is >>adding complexity to an already overly complex function, and this >>introduces new conditionals and code into the primary use case of >>flow_dissector which is to create a key for deriving skb->hash. I >>don't see that the cost of this patch has been justified. > > Tom, we have been over this multiple times. The decision DaveM made at > the time I was pushing cls_flower was to have one shared dissection code > (I originally had a separate dissector inside cls_flower). And I > agree with that decision. It was a bit painful to work out the > flow_dissector in a generic way, but it was worth the efford. >is i > So when we need to dissect something new for cls_flower, we put it here. > flow_dissector is now miles away from being just a plain > "creator of the key to derive skb->hash". > Jiri, The commit log does not mention cls_flower. There are no test results given for the impact of the patch. There is no description why tos and ttl are being added as opposed to id, flags, or IP options for that matter. Tom > Jiří
Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields
Sat, May 27, 2017 at 07:18:45PM CEST, t...@herbertland.com wrote: >On Sat, May 27, 2017 at 9:31 AM, Or Gerlitzwrote: >> On Thu, May 25, 2017 at 7:22 PM, Tom Herbert wrote: >>> On Thu, May 25, 2017 at 6:24 AM, Or Gerlitz wrote: Add support for dissection of ip tos and ttl and ipv6 traffic-class and hoplimit. Both are dissected into the same struct. >> Uses similar call to ip dissection function as with tcp, arp and others. >> >> +/** + * struct flow_dissector_key_ip: + * @tos: tos + * @ttl: ttl + */ +struct flow_dissector_key_ip { + __u8tos; + __u8ttl; +}; --- a/net/core/flow_dissector.c +++ b/net/core/flow_dissector.c >> +static void +__skb_flow_dissect_ipv4(const struct sk_buff *skb, + struct flow_dissector *flow_dissector, + void *target_container, void *data, const struct iphdr *iph) +{ + struct flow_dissector_key_ip *key_ip; + + if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP)) + return; + + key_ip = skb_flow_dissector_target(flow_dissector, + FLOW_DISSECTOR_KEY_IP, + target_container); + key_ip->tos = iph->tos; + key_ip->ttl = iph->ttl; >>> >>> In an encapsulation this returns the tos and ttl of the encapsulated >>> packet. Is that really useful to the caller? Seems more likely that >>> they need the outer tos and ttl for forwarding. >> >> In what we are dealing with, classification is carried after the >> packet is decapsulated by the shared tunnel device. So even today,e.g >> for the src/dst IP, the dissection is carried on what were the inner >> fields before decap. >> >Or, > >I think the problem is I don't know what you're dealing with. The only >thing I can derive from the commit log is that tos and ttl are being >extracted, but I don't know why they are needed. I do know this is >adding complexity to an already overly complex function, and this >introduces new conditionals and code into the primary use case of >flow_dissector which is to create a key for deriving skb->hash. I >don't see that the cost of this patch has been justified. Tom, we have been over this multiple times. The decision DaveM made at the time I was pushing cls_flower was to have one shared dissection code (I originally had a separate dissector inside cls_flower). And I agree with that decision. It was a bit painful to work out the flow_dissector in a generic way, but it was worth the efford. So when we need to dissect something new for cls_flower, we put it here. flow_dissector is now miles away from being just a plain "creator of the key to derive skb->hash". Jiří
Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields
On Sat, May 27, 2017 at 8:18 PM, Tom Herbertwrote: > I think the problem is I don't know what you're dealing with. The only > thing I can derive from the commit log is that tos and ttl are being > extracted, but I don't know why they are needed. The current case for matching on TTL I am dealing with is for using TC/flower for offloading OVS in flow based VM traffic routing env (Open-Stack and ODL DVR - Distributed Virtual Routing) -- where packet headers are re-written to set the next hop MACs and the TTL is changed. Fields which are modified are also matched beforhand, and here comes the matching on TTL. > I do know this is > adding complexity to an already overly complex function, and this > introduces new conditionals and code into the primary use case of > flow_dissector which is to create a key for deriving skb->hash. I > don't see that the cost of this patch has been justified. I hear what you're saying, but part of the rules is that everything to be offloaded can also be carried out in the kernel SW data-path, so here comes the touching that area. I have used the minimal foot print I could and set the code to run in a separate helper called from the main dissection function. >> When we did the the flower patches for being able to classify on both >> the inner and outer fields (say outer src/dst ip, tunnel key) for what >> related to the macs/ips/ports/etc -- I don't think we touched the >> existing dissection, I will look on that to see if I am wrong..
Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields
On Sat, May 27, 2017 at 9:31 AM, Or Gerlitzwrote: > On Thu, May 25, 2017 at 7:22 PM, Tom Herbert wrote: >> On Thu, May 25, 2017 at 6:24 AM, Or Gerlitz wrote: >>> Add support for dissection of ip tos and ttl and ipv6 traffic-class >>> and hoplimit. Both are dissected into the same struct. > >>> Uses similar call to ip dissection function as with tcp, arp and others. > > >>> +/** >>> + * struct flow_dissector_key_ip: >>> + * @tos: tos >>> + * @ttl: ttl >>> + */ >>> +struct flow_dissector_key_ip { >>> + __u8tos; >>> + __u8ttl; >>> +}; >>> --- a/net/core/flow_dissector.c >>> +++ b/net/core/flow_dissector.c > >>> +static void >>> +__skb_flow_dissect_ipv4(const struct sk_buff *skb, >>> + struct flow_dissector *flow_dissector, >>> + void *target_container, void *data, const struct >>> iphdr *iph) >>> +{ >>> + struct flow_dissector_key_ip *key_ip; >>> + >>> + if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP)) >>> + return; >>> + >>> + key_ip = skb_flow_dissector_target(flow_dissector, >>> + FLOW_DISSECTOR_KEY_IP, >>> + target_container); >>> + key_ip->tos = iph->tos; >>> + key_ip->ttl = iph->ttl; >> >> In an encapsulation this returns the tos and ttl of the encapsulated >> packet. Is that really useful to the caller? Seems more likely that >> they need the outer tos and ttl for forwarding. > > In what we are dealing with, classification is carried after the > packet is decapsulated by the shared tunnel device. So even today,e.g > for the src/dst IP, the dissection is carried on what were the inner > fields before decap. > Or, I think the problem is I don't know what you're dealing with. The only thing I can derive from the commit log is that tos and ttl are being extracted, but I don't know why they are needed. I do know this is adding complexity to an already overly complex function, and this introduces new conditionals and code into the primary use case of flow_dissector which is to create a key for deriving skb->hash. I don't see that the cost of this patch has been justified. Tom > When we did the the flower patches for being able to classify on both > the inner and outer fields (say outer src/dst ip, tunnel key) for what > related to the macs/ips/ports/etc -- I don't think we touched the > existing dissection, I will look on that to see if I am wrong..
Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields
On Thu, May 25, 2017 at 7:22 PM, Tom Herbertwrote: > On Thu, May 25, 2017 at 6:24 AM, Or Gerlitz wrote: >> Add support for dissection of ip tos and ttl and ipv6 traffic-class >> and hoplimit. Both are dissected into the same struct. >> Uses similar call to ip dissection function as with tcp, arp and others. >> +/** >> + * struct flow_dissector_key_ip: >> + * @tos: tos >> + * @ttl: ttl >> + */ >> +struct flow_dissector_key_ip { >> + __u8tos; >> + __u8ttl; >> +}; >> --- a/net/core/flow_dissector.c >> +++ b/net/core/flow_dissector.c >> +static void >> +__skb_flow_dissect_ipv4(const struct sk_buff *skb, >> + struct flow_dissector *flow_dissector, >> + void *target_container, void *data, const struct >> iphdr *iph) >> +{ >> + struct flow_dissector_key_ip *key_ip; >> + >> + if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP)) >> + return; >> + >> + key_ip = skb_flow_dissector_target(flow_dissector, >> + FLOW_DISSECTOR_KEY_IP, >> + target_container); >> + key_ip->tos = iph->tos; >> + key_ip->ttl = iph->ttl; > > In an encapsulation this returns the tos and ttl of the encapsulated > packet. Is that really useful to the caller? Seems more likely that > they need the outer tos and ttl for forwarding. In what we are dealing with, classification is carried after the packet is decapsulated by the shared tunnel device. So even today,e.g for the src/dst IP, the dissection is carried on what were the inner fields before decap. When we did the the flower patches for being able to classify on both the inner and outer fields (say outer src/dst ip, tunnel key) for what related to the macs/ips/ports/etc -- I don't think we touched the existing dissection, I will look on that to see if I am wrong..
Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields
On Thu, May 25, 2017 at 6:42 PM, Tom Herbertwrote: > On Thu, May 25, 2017 at 6:24 AM, Or Gerlitz wrote: >> Add support for dissection of ip tos and ttl and ipv6 traffic-class >> and hoplimit. Both are dissected into the same struct. >> --- a/include/net/flow_dissector.h >> +++ b/include/net/flow_dissector.h >> +/** >> + * struct flow_dissector_key_ip: >> + * @tos: tos >> + * @ttl: ttl >> + */ >> +struct flow_dissector_key_ip { >> + __u8tos; >> + __u8ttl; >> +}; >> + > Looks like yet more complexity be piled onto flow dissector. Instead > of splitting out individual fields can we just return a pointer to the > IP header and let the caller extract the fields they're interested in? Do you mean that struct flow_dissector_key_ip will only contain (union?) const struct iphdr * and const struct ipv6hdr * ? I wasn't sure how would that further look on the kernel SW classification path (the non offloaded case)
Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields
On Thu, May 25, 2017 at 6:24 AM, Or Gerlitzwrote: > Add support for dissection of ip tos and ttl and ipv6 traffic-class > and hoplimit. Both are dissected into the same struct. > > Uses similar call to ip dissection function as with tcp, arp and others. > > Signed-off-by: Or Gerlitz > Reviewed-by: Jiri Pirko > --- > include/net/flow_dissector.h | 11 +++ > net/core/flow_dissector.c| 40 > 2 files changed, 51 insertions(+) > > diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h > index efe34eec..e2663e9 100644 > --- a/include/net/flow_dissector.h > +++ b/include/net/flow_dissector.h > @@ -165,6 +165,16 @@ struct flow_dissector_key_tcp { > __be16 flags; > }; > > +/** > + * struct flow_dissector_key_ip: > + * @tos: tos > + * @ttl: ttl > + */ > +struct flow_dissector_key_ip { > + __u8tos; > + __u8ttl; > +}; > + > enum flow_dissector_key_id { > FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */ > FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */ > @@ -186,6 +196,7 @@ enum flow_dissector_key_id { > FLOW_DISSECTOR_KEY_ENC_PORTS, /* struct flow_dissector_key_ports */ > FLOW_DISSECTOR_KEY_MPLS, /* struct flow_dissector_key_mpls */ > FLOW_DISSECTOR_KEY_TCP, /* struct flow_dissector_key_tcp */ > + FLOW_DISSECTOR_KEY_IP, /* struct flow_dissector_key_ip */ > > FLOW_DISSECTOR_KEY_MAX, > }; > diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c > index 5a45943..fc5fc45 100644 > --- a/net/core/flow_dissector.c > +++ b/net/core/flow_dissector.c > @@ -367,6 +367,40 @@ __skb_flow_dissect_tcp(const struct sk_buff *skb, > key_tcp->flags = (*(__be16 *) _flag_word(th) & htons(0x0FFF)); > } > > +static void > +__skb_flow_dissect_ipv4(const struct sk_buff *skb, > + struct flow_dissector *flow_dissector, > + void *target_container, void *data, const struct > iphdr *iph) > +{ > + struct flow_dissector_key_ip *key_ip; > + > + if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP)) > + return; > + > + key_ip = skb_flow_dissector_target(flow_dissector, > + FLOW_DISSECTOR_KEY_IP, > + target_container); > + key_ip->tos = iph->tos; > + key_ip->ttl = iph->ttl; In an encapsulation this returns the tos and ttl of the encapsulated packet. Is that really useful to the caller? Seems more likely that they need the outer tos and ttl for forwarding. > +} > + > +static void > +__skb_flow_dissect_ipv6(const struct sk_buff *skb, > + struct flow_dissector *flow_dissector, > + void *target_container, void *data, const struct > ipv6hdr *iph) > +{ > + struct flow_dissector_key_ip *key_ip; > + > + if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP)) > + return; > + > + key_ip = skb_flow_dissector_target(flow_dissector, > + FLOW_DISSECTOR_KEY_IP, > + target_container); > + key_ip->tos = ipv6_get_dsfield(iph); > + key_ip->ttl = iph->hop_limit; > +} > + > /** > * __skb_flow_dissect - extract the flow_keys struct and return it > * @skb: sk_buff to extract the flow from, can be NULL if the rest are > specified > @@ -469,6 +503,9 @@ bool __skb_flow_dissect(const struct sk_buff *skb, > } > } > > + __skb_flow_dissect_ipv4(skb, flow_dissector, > + target_container, data, iph); > + > if (flags & FLOW_DISSECTOR_F_STOP_AT_L3) > goto out_good; > > @@ -514,6 +551,9 @@ bool __skb_flow_dissect(const struct sk_buff *skb, > goto out_good; > } > > + __skb_flow_dissect_ipv6(skb, flow_dissector, > + target_container, data, iph); > + > if (flags & FLOW_DISSECTOR_F_STOP_AT_L3) > goto out_good; > > -- > 2.3.7 >
Re: [PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields
On Thu, May 25, 2017 at 6:24 AM, Or Gerlitzwrote: > Add support for dissection of ip tos and ttl and ipv6 traffic-class > and hoplimit. Both are dissected into the same struct. > > Uses similar call to ip dissection function as with tcp, arp and others. > > Signed-off-by: Or Gerlitz > Reviewed-by: Jiri Pirko > --- > include/net/flow_dissector.h | 11 +++ > net/core/flow_dissector.c| 40 > 2 files changed, 51 insertions(+) > > diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h > index efe34eec..e2663e9 100644 > --- a/include/net/flow_dissector.h > +++ b/include/net/flow_dissector.h > @@ -165,6 +165,16 @@ struct flow_dissector_key_tcp { > __be16 flags; > }; > > +/** > + * struct flow_dissector_key_ip: > + * @tos: tos > + * @ttl: ttl > + */ > +struct flow_dissector_key_ip { > + __u8tos; > + __u8ttl; > +}; > + Looks like yet more complexity be piled onto flow dissector. Instead of splitting out individual fields can we just return a pointer to the IP header and let the caller extract the fields they're interested in? Tom > enum flow_dissector_key_id { > FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */ > FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */ > @@ -186,6 +196,7 @@ enum flow_dissector_key_id { > FLOW_DISSECTOR_KEY_ENC_PORTS, /* struct flow_dissector_key_ports */ > FLOW_DISSECTOR_KEY_MPLS, /* struct flow_dissector_key_mpls */ > FLOW_DISSECTOR_KEY_TCP, /* struct flow_dissector_key_tcp */ > + FLOW_DISSECTOR_KEY_IP, /* struct flow_dissector_key_ip */ > > FLOW_DISSECTOR_KEY_MAX, > }; > diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c > index 5a45943..fc5fc45 100644 > --- a/net/core/flow_dissector.c > +++ b/net/core/flow_dissector.c > @@ -367,6 +367,40 @@ __skb_flow_dissect_tcp(const struct sk_buff *skb, > key_tcp->flags = (*(__be16 *) _flag_word(th) & htons(0x0FFF)); > } > > +static void > +__skb_flow_dissect_ipv4(const struct sk_buff *skb, > + struct flow_dissector *flow_dissector, > + void *target_container, void *data, const struct > iphdr *iph) > +{ > + struct flow_dissector_key_ip *key_ip; > + > + if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP)) > + return; > + > + key_ip = skb_flow_dissector_target(flow_dissector, > + FLOW_DISSECTOR_KEY_IP, > + target_container); > + key_ip->tos = iph->tos; > + key_ip->ttl = iph->ttl; > +} > + > +static void > +__skb_flow_dissect_ipv6(const struct sk_buff *skb, > + struct flow_dissector *flow_dissector, > + void *target_container, void *data, const struct > ipv6hdr *iph) > +{ > + struct flow_dissector_key_ip *key_ip; > + > + if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP)) > + return; > + > + key_ip = skb_flow_dissector_target(flow_dissector, > + FLOW_DISSECTOR_KEY_IP, > + target_container); > + key_ip->tos = ipv6_get_dsfield(iph); > + key_ip->ttl = iph->hop_limit; > +} > + > /** > * __skb_flow_dissect - extract the flow_keys struct and return it > * @skb: sk_buff to extract the flow from, can be NULL if the rest are > specified > @@ -469,6 +503,9 @@ bool __skb_flow_dissect(const struct sk_buff *skb, > } > } > > + __skb_flow_dissect_ipv4(skb, flow_dissector, > + target_container, data, iph); > + > if (flags & FLOW_DISSECTOR_F_STOP_AT_L3) > goto out_good; > > @@ -514,6 +551,9 @@ bool __skb_flow_dissect(const struct sk_buff *skb, > goto out_good; > } > > + __skb_flow_dissect_ipv6(skb, flow_dissector, > + target_container, data, iph); > + > if (flags & FLOW_DISSECTOR_F_STOP_AT_L3) > goto out_good; > > -- > 2.3.7 >
[PATCH net-next 1/4] net/flow_dissector: add support for dissection of misc ip header fields
Add support for dissection of ip tos and ttl and ipv6 traffic-class and hoplimit. Both are dissected into the same struct. Uses similar call to ip dissection function as with tcp, arp and others. Signed-off-by: Or GerlitzReviewed-by: Jiri Pirko --- include/net/flow_dissector.h | 11 +++ net/core/flow_dissector.c| 40 2 files changed, 51 insertions(+) diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h index efe34eec..e2663e9 100644 --- a/include/net/flow_dissector.h +++ b/include/net/flow_dissector.h @@ -165,6 +165,16 @@ struct flow_dissector_key_tcp { __be16 flags; }; +/** + * struct flow_dissector_key_ip: + * @tos: tos + * @ttl: ttl + */ +struct flow_dissector_key_ip { + __u8tos; + __u8ttl; +}; + enum flow_dissector_key_id { FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */ FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */ @@ -186,6 +196,7 @@ enum flow_dissector_key_id { FLOW_DISSECTOR_KEY_ENC_PORTS, /* struct flow_dissector_key_ports */ FLOW_DISSECTOR_KEY_MPLS, /* struct flow_dissector_key_mpls */ FLOW_DISSECTOR_KEY_TCP, /* struct flow_dissector_key_tcp */ + FLOW_DISSECTOR_KEY_IP, /* struct flow_dissector_key_ip */ FLOW_DISSECTOR_KEY_MAX, }; diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c index 5a45943..fc5fc45 100644 --- a/net/core/flow_dissector.c +++ b/net/core/flow_dissector.c @@ -367,6 +367,40 @@ __skb_flow_dissect_tcp(const struct sk_buff *skb, key_tcp->flags = (*(__be16 *) _flag_word(th) & htons(0x0FFF)); } +static void +__skb_flow_dissect_ipv4(const struct sk_buff *skb, + struct flow_dissector *flow_dissector, + void *target_container, void *data, const struct iphdr *iph) +{ + struct flow_dissector_key_ip *key_ip; + + if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP)) + return; + + key_ip = skb_flow_dissector_target(flow_dissector, + FLOW_DISSECTOR_KEY_IP, + target_container); + key_ip->tos = iph->tos; + key_ip->ttl = iph->ttl; +} + +static void +__skb_flow_dissect_ipv6(const struct sk_buff *skb, + struct flow_dissector *flow_dissector, + void *target_container, void *data, const struct ipv6hdr *iph) +{ + struct flow_dissector_key_ip *key_ip; + + if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP)) + return; + + key_ip = skb_flow_dissector_target(flow_dissector, + FLOW_DISSECTOR_KEY_IP, + target_container); + key_ip->tos = ipv6_get_dsfield(iph); + key_ip->ttl = iph->hop_limit; +} + /** * __skb_flow_dissect - extract the flow_keys struct and return it * @skb: sk_buff to extract the flow from, can be NULL if the rest are specified @@ -469,6 +503,9 @@ bool __skb_flow_dissect(const struct sk_buff *skb, } } + __skb_flow_dissect_ipv4(skb, flow_dissector, + target_container, data, iph); + if (flags & FLOW_DISSECTOR_F_STOP_AT_L3) goto out_good; @@ -514,6 +551,9 @@ bool __skb_flow_dissect(const struct sk_buff *skb, goto out_good; } + __skb_flow_dissect_ipv6(skb, flow_dissector, + target_container, data, iph); + if (flags & FLOW_DISSECTOR_F_STOP_AT_L3) goto out_good; -- 2.3.7