Re: [PATCH net] octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation
From: Asbjørn Sloth Tønnesen
Date: Fri Apr 12 2024 - 05:07:19 EST
Hi Suman,
On 4/12/24 5:34 AM, Suman Ghosh wrote:
if (match.mask->flags & FLOW_DIS_IS_FRAGMENT) {
+ val = match.key->flags & FLOW_DIS_IS_FRAGMENT;
if (ntohs(flow_spec->etype) == ETH_P_IP) {
- flow_spec->ip_flag = IPV4_FLAG_MORE;
+ flow_spec->ip_flag = val ? IPV4_FLAG_MORE : 0;
[Suman] Do we need this? If user provide the command "tc filter add .... ip_flags nofrags" then the above if check should not be hit right? If we are inside the check then we always want to set IPV4_FLAG_MORE right?
In iproute2, the "frag"/"nofrag" is parsed in flower_parse_matching_flags(),
it sets TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT in TCA_FLOWER_KEY_FLAGS and
TCA_FLOWER_KEY_FLAGS_MASK.
Back in the kernel, in fl_set_key_flags() (net/sched/cls_flower.c) then,
directly translates TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT into FLOW_DIS_IS_FRAGMENT,
while only setting the key bit, if the mask bit is being set.
There are therefore 3 possible cases:
- `tc flower ...` (no ip_flags frag or nofrag)
(match.key->flags & FLOW_DIS_FIRST_FRAG) is false
(match.mask->flags & FLOW_DIS_FIRST_FRAG) is false
- `tc flower ... ip_flags nofrag`
(match.key->flags & FLOW_DIS_FIRST_FRAG) is false
(match.mask->flags & FLOW_DIS_FIRST_FRAG) is true
- `tc flower ... ip_flags frag`
(match.key->flags & FLOW_DIS_FIRST_FRAG) is true
(match.mask->flags & FLOW_DIS_FIRST_FRAG) is true
The `nofrag` case will still have the mask bit set, and hence pass the entry condition.
>> flow_mask->ip_flag = IPV4_FLAG_MORE;
Yes, you should always set IPV4_FLAG_MORE in flow_mask, but not always in flow_spec.
--
Best regards
Asbjørn Sloth Tønnesen
Network Engineer
Fiberby - AS42541