git.proxmox.com Git - mirror

author	Tonghao Zhang <xiangxia.m.yue@gmail.com>
	Tue, 2 Jun 2020 13:50:25 +0000 (21:50 +0800)
committer	Simon Horman <simon.horman@netronome.com>
	Wed, 3 Jun 2020 07:57:16 +0000 (09:57 +0200)
commit	3f82ac1fe36d6d8ad9b21750e7d878394f031147
tree	f73aa4fb3f63e3bdac65d2e2d9f9778b04ca8f78	tree
parent	5f568d049130fb481e41fdf9a290b6d1e3a7f23a	commit \| diff

netdev-offload-tc: Expand tunnel source IPs masked match

To support more use case, for example, DDOS, which
packets should be dropped in hardware, this patch
allows users to match only the tunnel source IPs with
masked value.

$ ovs-appctl dpctl/add-flow "tunnel(src=2.2.2.0/255.255.255.0,tp_dst=4789,ttl=64),\
  recirc_id(2),in_port(3),eth(),eth_type(0x0800),ipv4()" ""

$ ovs-appctl dpctl/dump-flows
  tunnel(src=2.2.2.0/255.255.255.0,ttl=64,tp_dst=4789) ... actions:drop
$ tc filter show dev vxlan_sys_4789 ingress
  ...
  eth_type ipv4
  enc_src_ip 2.2.2.0/24
  enc_dst_port 4789
  enc_ttl 64
  in_hw in_hw_count 2
    action order 1: gact action drop
    ...

Signed-off-by: Tonghao Zhang <xiangxia.m.yue@gmail.com>
Acked-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: Simon Horman <simon.horman@netronome.com>

lib/netdev-offload-tc.c		diff \| blob \| blame \| history
lib/odp-util.c		diff \| blob \| blame \| history
lib/packets.h		diff \| blob \| blame \| history