From affb07ceb2078dda6cdd32fbb1655e10faa24204 Mon Sep 17 00:00:00 2001 From: khramshinr Date: Tue, 12 Nov 2024 14:11:05 +0800 Subject: [PATCH] T6796: QoS: match filter by interface(iif) --- python/vyos/ifconfig/interface.py | 15 +++++++++++++++ python/vyos/qos/base.py | 8 +++++++- smoketest/scripts/cli/test_qos.py | 26 +++++++++++++++++++++++++- src/conf_mode/qos.py | 8 +++++++- 4 files changed, 54 insertions(+), 3 deletions(-) diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 002d3da9e8..cd562e1fea 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -98,6 +98,10 @@ class Interface(Control): 'shellcmd': 'ip -json -detail link list dev {ifname}', 'format': lambda j: jmespath.search('[*].ifalias | [0]', json.loads(j)) or '', }, + 'ifindex': { + 'shellcmd': 'ip -json -detail link list dev {ifname}', + 'format': lambda j: jmespath.search('[*].ifindex | [0]', json.loads(j)) or '', + }, 'mac': { 'shellcmd': 'ip -json -detail link list dev {ifname}', 'format': lambda j: jmespath.search('[*].address | [0]', json.loads(j)), @@ -428,6 +432,17 @@ def _add_interface_to_ct_iface_map(self, vrf_table_id: int): nft_command = f'add element inet vrf_zones ct_iface_map {{ "{self.ifname}" : {vrf_table_id} }}' self._nft_check_and_run(nft_command) + def get_ifindex(self): + """ + Get interface index by name + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').get_ifindex() + '2' + """ + return int(self.get_interface('ifindex')) + def get_min_mtu(self): """ Get hardware minimum supported MTU diff --git a/python/vyos/qos/base.py b/python/vyos/qos/base.py index 98e486e42b..b5610739b5 100644 --- a/python/vyos/qos/base.py +++ b/python/vyos/qos/base.py @@ -17,6 +17,7 @@ import jmespath from vyos.base import Warning +from vyos.ifconfig import Interface from vyos.utils.process import cmd from vyos.utils.dict import dict_search from vyos.utils.file import read_file @@ -251,7 +252,7 @@ def update(self, config, direction, priority=None): for index, (match, match_config) in enumerate(cls_config['match'].items(), start=1): filter_cmd = filter_cmd_base if not has_filter: - for key in ['mark', 'vif', 'ip', 'ipv6']: + for key in ['mark', 'vif', 'ip', 'ipv6', 'interface']: if key in match_config: has_filter = True break @@ -261,9 +262,14 @@ def update(self, config, direction, priority=None): if 'mark' in match_config: mark = match_config['mark'] filter_cmd += f' handle {mark} fw' + if 'vif' in match_config: vif = match_config['vif'] filter_cmd += f' basic match "meta(vlan mask 0xfff eq {vif})"' + elif 'interface' in match_config: + iif_name = match_config['interface'] + iif = Interface(iif_name).get_ifindex() + filter_cmd += f' basic match "meta(rt_iif eq {iif})"' for af in ['ip', 'ipv6']: tc_af = af diff --git a/smoketest/scripts/cli/test_qos.py b/smoketest/scripts/cli/test_qos.py index 77d384024b..92b74216bf 100755 --- a/smoketest/scripts/cli/test_qos.py +++ b/smoketest/scripts/cli/test_qos.py @@ -21,7 +21,7 @@ from base_vyostest_shim import VyOSUnitTestSHIM from vyos.configsession import ConfigSessionError -from vyos.ifconfig import Section +from vyos.ifconfig import Section, Interface from vyos.utils.process import cmd base_path = ['qos'] @@ -922,6 +922,30 @@ def test_20_round_robin_policy_default(self): tmp[2]['options'], ) + def test_22_policy_limiter_iif_filter(self): + policy_name = 'smoke_test' + base_policy_path = ['qos', 'policy', 'limiter', policy_name] + + self.cli_set(['qos', 'interface', self._interfaces[0], 'ingress', policy_name]) + self.cli_set(base_policy_path + ['class', '100', 'bandwidth', '20gbit']) + self.cli_set(base_policy_path + ['class', '100', 'burst', '3760k']) + self.cli_set(base_policy_path + ['class', '100', 'match', 'test', 'interface', self._interfaces[0]]) + self.cli_set(base_policy_path + ['class', '100', 'priority', '20']) + self.cli_set(base_policy_path + ['default', 'bandwidth', '1gbit']) + self.cli_set(base_policy_path + ['default', 'burst', '125000000b']) + self.cli_commit() + + iif = Interface(self._interfaces[0]).get_ifindex() + tc_filters = cmd(f'tc filter show dev {self._interfaces[0]} ingress') + + # class 100 + self.assertIn('filter parent ffff: protocol all pref 20 basic chain 0', tc_filters) + self.assertIn(f'meta(rt_iif eq {iif})', tc_filters) + self.assertIn('action order 1: police 0x1 rate 20Gbit burst 3847500b mtu 2Kb action drop overhead 0b', tc_filters) + # default + self.assertIn('filter parent ffff: protocol all pref 255 basic chain 0', tc_filters) + self.assertIn('action order 1: police 0x2 rate 1Gbit burst 125000000b mtu 2Kb action drop overhead 0b', tc_filters) + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/qos.py b/src/conf_mode/qos.py index 7dfad3180e..6538504c01 100755 --- a/src/conf_mode/qos.py +++ b/src/conf_mode/qos.py @@ -198,10 +198,16 @@ def get_config(config=None): def _verify_match(cls_config: dict) -> None: if 'match' in cls_config: for match, match_config in cls_config['match'].items(): - if {'ip', 'ipv6'} <= set(match_config): + filters = set(match_config) + if {'ip', 'ipv6'} <= filters: raise ConfigError( f'Can not use both IPv6 and IPv4 in one match ({match})!') + if {'interface', 'vif'} & filters: + if {'ip', 'ipv6', 'ether'} & filters: + raise ConfigError( + f'Can not combine protocol and interface or vlan tag match ({match})!') + def _verify_match_group_exist(cls_config, qos): if 'match_group' in cls_config: