On 6/4/19 7:52 AM, Kevin Darbyshire-Bryant wrote: > ctinfo is a tc action restoring data stored in conntrack marks to > various fields. At present it has two independent modes of operation, > restoration of DSCP into IPv4/v6 diffserv and restoration of conntrack > marks into packet skb marks. > > It understands a number of parameters specific to this action in > additional to the usual action syntax. Each operating mode is > independent of the other so all options are optional, however not > specifying at least one mode is a bit pointless. > > Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE] > [CONTROL] [index <INDEX>] > > DSCP mode > > dscp enables copying of a DSCP stored in the conntrack mark into the > ipv4/v6 diffserv field. The mask is a 32bit field and specifies where > in the conntrack mark the DSCP value is located. It must be 6 > contiguous bits long. eg. 0xfc000000 would restore the DSCP from the > upper 6 bits of the conntrack mark. > > The DSCP copying may be optionally controlled by a statemask. The > statemask is a 32bit field, usually with a single bit set and must not > overlap the dscp mask. The DSCP restore operation will only take place > if the corresponding bit/s in conntrack mark ANDed with the statemask > yield a non zero result. > > eg. dscp 0xfc000000 0x01000000 would retrieve the DSCP from the top 6 > bits, whilst using bit 25 as a flag to do so. Bit 26 is unused in this > example. > > CPMARK mode > > cpmark enables copying of the conntrack mark to the packet skb mark. In > this mode it is completely equivalent to the existing act_connmark > action. Additional functionality is provided by the optional mask > parameter, whereby the stored conntrack mark is logically ANDed with the > cpmark mask before being stored into skb mark. This allows shared usage > of the conntrack mark between applications. > > eg. cpmark 0x00ffffff would restore only the lower 24 bits of the > conntrack mark, thus may be useful in the event that the upper 8 bits > are used by the DSCP function. > > Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE] > [CONTROL] [index <INDEX>] > where : > dscp MASK is the bitmask to restore DSCP > STATEMASK is the bitmask to determine conditional restoring > cpmark MASK mask applied to restored packet mark > ZONE is the conntrack zone > CONTROL := reclassify | pipe | drop | continue | ok | > goto chain <CHAIN_INDEX> > > Signed-off-by: Kevin Darbyshire-Bryant <l...@darbyshire-bryant.me.uk> > Reviewed-by: Toke Høiland-Jørgensen <t...@redhat.com> > --- > v2 - added a man page which has been a learning experience. > took opportunity to fix typos in commit message. > > include/uapi/linux/pkt_cls.h | 1 + > include/uapi/linux/tc_act/tc_ctinfo.h | 34 ++++ > man/man8/tc-ctinfo.8 | 170 ++++++++++++++++ > tc/Makefile | 1 + > tc/m_ctinfo.c | 268 ++++++++++++++++++++++++++ > 5 files changed, 474 insertions(+) > create mode 100644 include/uapi/linux/tc_act/tc_ctinfo.h > create mode 100644 man/man8/tc-ctinfo.8 > create mode 100644 tc/m_ctinfo.c >
Dropped the uapi bits; those are applied separately and fixed a few lines that had spaces at the end. applied to iproute2-next. Thanks
