Adding flower rule results in unexpected output in tc -s filter show

[dennisafa]

Hello! I'm adding a flower rule to a qdisc like so:

var dst_port_test = uint16(1)
flower := tc.Flower{ClassID: cid, KeyEncUDPDstPort: &dst_port_test}
...
rtnl.Filter().Add(&obj_flower)

I expect to see a tc flower rule that matches on destination port ID of 1. Instead, I get this:

filter protocol all pref 49152 flower chain 0
filter protocol all pref 49152 flower chain 0 handle 0x1
  enc_dst_port 256
  not_in_hw

The outcome in the flow rules is always dst_port * 256. Perhaps there is a bug in marshalling the data?

[florianl]

Hi @dennisafa
Thanks for reporting this issue!
It was a problem with the endianess for attributes passed to the kernel and got fixed in 648c1f4.

Can you confirm it got fixed?

[dennisafa]

Hi @dennisafa

Thanks for reporting this issue!

It was a problem with the endianess for attributes passed to the kernel and got fixed in 648c1f4.

Can you confirm it got fixed?

Thanks so much for getting to this so quickly! I will test it today.

[dennisafa]

Awesome, I'm getting the correct flow rule output now:

filter protocol all pref 49152 flower chain 0
filter protocol all pref 49152 flower chain 0 handle 0x1
  enc_key_id 2
  enc_dst_port 4789
  not_in_hw

In addition to this - I am trying to add actions that are applied on a match of this rule. My end goal is to have a flow rule that looks like this:

filter protocol all pref 1 flower chain 0
filter protocol all pref 1 flower chain 0 handle 0x1
  enc_key_id 2
  enc_dst_port 4789
  not_in_hw
	action order 1: vlan  push id 3 protocol 802.1Q priority 0 pipe
	 index 1 ref 1 bind 1 installed 1 sec used 1 sec
	Action statistics:
	Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
	backlog 0b 0p requeues 0

	action order 2: vlan  push id 4 protocol 802.1Q priority 0 pipe
	 index 2 ref 1 bind 1 installed 1 sec used 1 sec
	Action statistics:
	Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
	backlog 0b 0p requeues 0

	action order 3: mirred (Egress Redirect to device eth0) stolen
	index 1 ref 1 bind 1 installed 1 sec used 1 sec
	Action statistics:
	Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
	backlog 0b 0p requeues 0

My current code is to construct an actions array and add that to the Matchall object, then add that to the qdisc using Chain().Add(). However, I get an "operation not supported" error. Here is my code:

        var egress_mirror uint32 = 0x2
        vlan_endpoint_action := tc.VLan{PushID: params.vlan_endpoint, PushProtocol: push_protocol, PushPriority: push_pri}
	vlan_link_action := tc.VLan{PushID: params.vlan_link, PushProtocol: push_protocol, PushPriority: push_pri}
	mirred_action := tc.Mirred{Parms: &tc.MirredParam{Index: 0x1, Capab: 0x0, Action: 0x4, RefCnt: 0x1, BindCnt: 0x1, Eaction: egress_mirror, IfIndex: params.iface_ingress_index}}

	/* Create the actions array, which is passed to the Matchall filter in Attribute */
	actions := []*tc.Action{
		{Kind: "vlan", VLan: &vlan_endpoint_action},
		{Kind: "vlan", VLan: &vlan_link_action},
		{Kind: "mirred", Mirred: &mirred_action},
	}
	matchall := tc.Matchall{ClassID: cid, Actions: &actions}

        if err := params.rtnl.Chain().Add(&obj_matchall); err != nil {
		fmt.Fprintf(os.Stderr, "could not add filter matchall: %v\n", err)
	} else {
		fmt.Fprintf(os.Stderr, "added filter matchall\n")
	}

Error: could not add filter matchall: netlink receive: operation not supported
Is there anything that I should be doing differently here? I really appreciate any help! Thanks for your time!

[dennisafa]

Update - I managed to figure out how to add actions to a flower rule. I edited flower.go to use the tcaFlowerAct index, and added marshalling/unmarshalling logic. I'll open a PR for this so that others may use it.