net: ipv4: Control SKB reprioritization after forwarding

After IPv4 packets are forwarded, the priority of the corresponding SKB
is updated according to the TOS field of IPv4 header. This overrides any
prioritization done earlier by e.g. an skbedit action or ingress-qos-map
defined at a vlan device.

Such overriding may not always be desirable. Even if the packet ends up
being routed, which implies this is an L3 network node, an administrator
may wish to preserve whatever prioritization was done earlier on in the
pipeline.

Therefore introduce a sysctl that controls this behavior. Keep the
default value at 1 to maintain backward-compatible behavior.

Signed-off-by: Petr Machata <petrm@mellanox.com>
Reviewed-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index 77c37fb0b6a676ee72261e923a8cc785b78adebf..e74515ecaa9c4b8f66e2fe1a59b584f340ffa718 100644 (file)
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -81,6 +81,15 @@ fib_multipath_hash_policy - INTEGER
        0 - Layer 3
        1 - Layer 4
 
+ip_forward_update_priority - INTEGER
+       Whether to update SKB priority from "TOS" field in IPv4 header after it
+       is forwarded. The new SKB priority is mapped from TOS field value
+       according to an rt_tos2priority table (see e.g. man tc-prio).
+       Default: 1 (Update priority.)
+       Possible values:
+       0 - Do not update priority.
+       1 - Update priority.
+
 route/max_size - INTEGER
        Maximum number of routes allowed in the kernel.  Increase
        this when using large numbers of interfaces and/or routes.

diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
index 661348f23ea5a3a9320b2cafcd17e23960214771..e47503b4e4d178e1ef334f4eb11378a9432bfbf8 100644 (file)
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h
@@ -98,6 +98,7 @@ struct netns_ipv4 {
        int sysctl_ip_default_ttl;
        int sysctl_ip_no_pmtu_disc;
        int sysctl_ip_fwd_use_pmtu;
+       int sysctl_ip_fwd_update_priority;
        int sysctl_ip_nonlocal_bind;
        /* Shall we try to damage output packets if routing dev changes? */
        int sysctl_ip_dynaddr;

diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index ee707b91d1a733e56b448f6e2f60eb2eef36d185..20fda8fb8ffda40a9ec61dead5ebacdbc4c1bc4a 100644 (file)
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1801,6 +1801,7 @@ static __net_init int inet_init_net(struct net *net)
         * We set them here, in case sysctl is not compiled.
         */
        net->ipv4.sysctl_ip_default_ttl = IPDEFTTL;
+       net->ipv4.sysctl_ip_fwd_update_priority = 1;
        net->ipv4.sysctl_ip_dynaddr = 0;
        net->ipv4.sysctl_ip_early_demux = 1;
        net->ipv4.sysctl_udp_early_demux = 1;

diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index b54b948b059608fc3157fedf40e61519321c6912..32662e9e5d218868341169bba1dc3ab430952c58 100644 (file)
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -143,7 +143,8 @@ int ip_forward(struct sk_buff *skb)
            !skb_sec_path(skb))
                ip_rt_send_redirect(skb);
 
-       skb->priority = rt_tos2priority(iph->tos);
+       if (net->ipv4.sysctl_ip_fwd_update_priority)
+               skb->priority = rt_tos2priority(iph->tos);
 
        return NF_HOOK(NFPROTO_IPV4, NF_INET_FORWARD,
                       net, NULL, skb, skb->dev, rt->dst.dev,

diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index 5fa335fd385254def583b9a5100fbe7b9ce94cd6..e21dda01551347b40334f743d55add153b413e3a 100644 (file)
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -663,6 +663,15 @@ static struct ctl_table ipv4_net_table[] = {
                .mode           = 0644,
                .proc_handler   = proc_dointvec,
        },
+       {
+               .procname       = "ip_forward_update_priority",
+               .data           = &init_net.ipv4.sysctl_ip_fwd_update_priority,
+               .maxlen         = sizeof(int),
+               .mode           = 0644,
+               .proc_handler   = proc_dointvec_minmax,
+               .extra1         = &zero,
+               .extra2         = &one,
+       },
        {
                .procname       = "ip_nonlocal_bind",
                .data           = &init_net.ipv4.sysctl_ip_nonlocal_bind,