On Mon, May 08, 2017 at 07:32:02AM -0400, Jamal Hadi Salim wrote: > On 17-05-05 08:47 AM, Simon Horman wrote: > >Allow control how the tree of qdisc, classes and filters is further > >traversed if an error is encountered when parsing the packet in order to > >match the cls_flower filters at a particular prio. > > > >By default continue to the next filter, the behaviour without this patch. > > > >A use-case for this is to allow configuration of dropping of packets with > >truncated headers. > > > >For example, the following drops IPv4 packets that cannot be parsed by the > >flow dissector up to the end of the UDP ports - e.g. because they are > >truncated, and instantiates a continue action based on the port for packets > >that can be parsed. > > > > # tc qdisc del dev eth0 ingress; tc qdisc add dev eth0 ingress > > # tc filter add dev eth0 protocol ip parent ffff: flower \ > > indev eth0 ip_proto udp dst_port 80 truncated drop action continue > > > >Signed-off-by: Simon Horman <simon.hor...@netronome.com> > >Reviewed-by: Benjamin LaHaise <benjamin.laha...@netronome.com> > > I agree with Cong on this. The default should be "didnt match" (which > is accomplished by returning -1).
The default value for err_action is TC_ACT_UNSPEC (-1). So I think we are in agreement there. > The user could enter an explicit > rule to override this behavior. i.e something like: > > tc filter add dev eth0 protocol ip parent ffff: flower \ > indev eth0 ip_proto udp dst_port 80 truncated action continue This part I am struggling with but I will see what I can do by making truncated part of the flow key .
