net/sched: flower: Consider the number of tags for vlan filters

Before this patch the existence of vlan filters was conditional on the vlan
protocol being matched in the tc rule. For example, the following rule:

tc filter add dev eth1 ingress flower vlan_prio 5

was illegal because vlan protocol (e.g. 802.1q) does not appear in the rule.

Remove the above restriction by looking at the num_of_vlans filter to
allow further matching on vlan attributes. The following rule becomes
legal as a result of this commit:

tc filter add dev eth1 ingress flower num_of_vlans 1 vlan_prio 5

because having num_of_vlans==1 implies that the packet is single tagged.

Change is_vlan_key helper to look at the number of vlans in addition to
the vlan ethertype. The outcome of this change is that outer (e.g. vlan_prio)
and inner (e.g. cvlan_prio) tag vlan filters require the number of vlan
tags to be greater then 0 and 1 accordingly.

As a result of is_vlan_key change, the ethertype may be set to 0 when
matching on the number of vlans. Update fl_set_key_vlan to avoid setting
key, mask vlan_tpid for the 0 ethertype.

Signed-off-by: Boris Sukholitko <boris.sukholitko@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index 4ec4d74..dcca701 100644 (file)
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -1030,8 +1030,10 @@ static void fl_set_key_vlan(struct nlattr **tb,
                        VLAN_PRIORITY_MASK;
                key_mask->vlan_priority = VLAN_PRIORITY_MASK;
        }
-       key_val->vlan_tpid = ethertype;
-       key_mask->vlan_tpid = cpu_to_be16(~0);
+       if (ethertype) {
+               key_val->vlan_tpid = ethertype;
+               key_mask->vlan_tpid = cpu_to_be16(~0);
+       }
        if (tb[vlan_next_eth_type_key]) {
                key_val->vlan_eth_type =
                        nla_get_be16(tb[vlan_next_eth_type_key]);
@@ -1582,13 +1584,18 @@ static int fl_set_key_ct(struct nlattr **tb,
 }
 
 static bool is_vlan_key(struct nlattr *tb, __be16 *ethertype,
-                       struct fl_flow_key *key, struct fl_flow_key *mask)
+                       struct fl_flow_key *key, struct fl_flow_key *mask,
+                       int vthresh)
 {
-       if (!tb)
-               return false;
+       const bool good_num_of_vlans = key->num_of_vlans.num_of_vlans > vthresh;
+
+       if (!tb) {
+               *ethertype = 0;
+               return good_num_of_vlans;
+       }
 
        *ethertype = nla_get_be16(tb);
-       if (eth_type_vlan(*ethertype))
+       if (good_num_of_vlans || eth_type_vlan(*ethertype))
                return true;
 
        key->basic.n_proto = *ethertype;
@@ -1623,13 +1630,14 @@ static int fl_set_key(struct net *net, struct nlattr **tb,
                       TCA_FLOWER_UNSPEC,
                       sizeof(key->num_of_vlans));
 
-       if (is_vlan_key(tb[TCA_FLOWER_KEY_ETH_TYPE], &ethertype, key, mask)) {
+       if (is_vlan_key(tb[TCA_FLOWER_KEY_ETH_TYPE], &ethertype, key, mask, 0)) {
                fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
                                TCA_FLOWER_KEY_VLAN_PRIO,
                                TCA_FLOWER_KEY_VLAN_ETH_TYPE,
                                &key->vlan, &mask->vlan);
 
-               if (is_vlan_key(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE], &ethertype, key, mask)) {
+               if (is_vlan_key(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE],
+                               &ethertype, key, mask, 1)) {
                        fl_set_key_vlan(tb, ethertype,
                                        TCA_FLOWER_KEY_CVLAN_ID,
                                        TCA_FLOWER_KEY_CVLAN_PRIO,