On Fri, Jun 17, 2022 at 03:32:59PM +0200, Davide Caratti wrote:
> commit 4ddc844eb81da59bfb816d8d52089aba4e59e269 upstream.
>
> in current Linux, MTU policing does not take into account that packets at
> the TC ingress have the L2 header pulled. Thus, the same TC police action
> (with the same value of tcfp_mtu) behaves differently for ingress/egress.
> In addition, the full GSO size is compared to tcfp_mtu: as a consequence,
> the policer drops GSO packets even when individual segments have the L2 +
> L3 + L4 + payload length below the configured valued of tcfp_mtu.
>
> Improve the accuracy of MTU policing as follows:
> - account for mac_len for non-GSO packets at TC ingress.
> - compare MTU threshold with the segmented size for GSO packets.
> Also, add a kselftest that verifies the correct behavior.
>
> [dcaratti: fix conflicts due to lack of the following commits:
> - commit 2ffe0395288a ("net/sched: act_police: add support for
> packet-per-second policing")
> - commit 53b61f29367d ("selftests: forwarding: Add tc-police tests for
> packets per second")]
> Link: https://lore.kernel.org/netdev/876d597a0ff55f6ba786f73c5a9fd9eb8d597a03.1644514748.git.dcaratti@xxxxxxxxxx
> Signed-off-by: Davide Caratti <dcaratti@xxxxxxxxxx>
> Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>
> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
> ---
> net/sched/act_police.c | 16 +++++-
> .../selftests/net/forwarding/tc_police.sh | 52 +++++++++++++++++++
> 2 files changed, 67 insertions(+), 1 deletion(-)
Both now queued up, thanks.
greg k-h
