From 78894e78885cd27878029f0999354d516f24a8c9 Mon Sep 17 00:00:00 2001 From: Herbert Wolverson Date: Mon, 18 Nov 2024 09:19:43 -0600 Subject: [PATCH] This should allow IS-IS packets to pass. --- src/rust/lqos_sys/src/bpf/common/dissector.h | 4 ++-- src/rust/lqos_sys/src/bpf/common/dissector_tc.h | 13 +++++++------ src/rust/lqos_sys/src/bpf/lqos_kern.c | 5 ++++- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/src/rust/lqos_sys/src/bpf/common/dissector.h b/src/rust/lqos_sys/src/bpf/common/dissector.h index 1e65e651..a827fee4 100644 --- a/src/rust/lqos_sys/src/bpf/common/dissector.h +++ b/src/rust/lqos_sys/src/bpf/common/dissector.h @@ -159,8 +159,8 @@ static __always_inline bool dissector_find_l3_offset( return true; } - // Fast return for ARP or non-802.3 ether types - if (eth_type == ETH_P_ARP || eth_type < ETH_P_802_3_MIN) + // Fast return for ARP or non-802.3 ether types (0xFEFE is IS-IS) + if (eth_type == ETH_P_ARP || eth_type < ETH_P_802_3_MIN || eth_type == 0xFEFE) { return false; } diff --git a/src/rust/lqos_sys/src/bpf/common/dissector_tc.h b/src/rust/lqos_sys/src/bpf/common/dissector_tc.h index 5074085a..a3577014 100644 --- a/src/rust/lqos_sys/src/bpf/common/dissector_tc.h +++ b/src/rust/lqos_sys/src/bpf/common/dissector_tc.h @@ -77,6 +77,13 @@ static __always_inline bool tc_dissector_find_l3_offset( __u32 offset = sizeof(struct ethhdr); __u16 eth_type = bpf_ntohs(dissector->ethernet_header->h_proto); + // Fast return for ARP or non-802.3 ether types/ + // 0xFEFE is the ethertype used to ISIS + if (eth_type == ETH_P_ARP || eth_type < ETH_P_802_3_MIN || eth_type == 0xFEFE) + { + return false; + } + // Fast return for unwrapped IP if (eth_type == ETH_P_IP || eth_type == ETH_P_IPV6) { @@ -85,12 +92,6 @@ static __always_inline bool tc_dissector_find_l3_offset( return true; } - // Fast return for ARP or non-802.3 ether types - if (eth_type == ETH_P_ARP || eth_type < ETH_P_802_3_MIN) - { - return false; - } - // Walk the headers until we find IP __u8 i = 0; while (i < 10 && !is_ip(eth_type)) diff --git a/src/rust/lqos_sys/src/bpf/lqos_kern.c b/src/rust/lqos_sys/src/bpf/lqos_kern.c index 9dca16d7..65174da8 100644 --- a/src/rust/lqos_sys/src/bpf/lqos_kern.c +++ b/src/rust/lqos_sys/src/bpf/lqos_kern.c @@ -107,7 +107,7 @@ int xdp_prog(struct xdp_md *ctx) bpf_debug("(XDP) Scan VLANs: %u %u", internet_vlan, isp_vlan); #endif // If the dissector is unable to figure out what's going on, bail - // out. + // out. This specifically permits non-IP packets to pass unmolested. if (!dissector_new(ctx, &dissector)) return XDP_PASS; // Note that this step rewrites the VLAN tag if redirection @@ -308,6 +308,9 @@ int tc_iphash_to_cpu(struct __sk_buff *skb) // we probably don't want to drop it - to ensure that IS-IS, ARP, STP // and other packet types are still handled by the default queues. struct tc_dissector_t dissector = {0}; + // If the dissector returns false, return TC_ACT_OK to pass the packet + // unmolested/unshaped. This is designed to pass STP and similar non-IP + // traffic. if (!tc_dissector_new(skb, &dissector)) return TC_ACT_OK; if (!tc_dissector_find_l3_offset(&dissector)) return TC_ACT_OK; if (!tc_dissector_find_ip_header(&dissector)) return TC_ACT_OK;