Merge pull request #583 from LibreQoE/is_is_isnt_isis

Allow IS-IS packets to pass unmolested
2025-02-25 18:55:32 -06:00 · 2024-12-10 12:45:43 -06:00
parent 0e0ee5daf7 78894e7888
commit 1a082bbfd6
3 changed files with 13 additions and 9 deletions
--- a/src/rust/lqos_sys/src/bpf/common/dissector.h
+++ b/src/rust/lqos_sys/src/bpf/common/dissector.h
@@ -159,8 +159,8 @@ static __always_inline bool dissector_find_l3_offset(
        return true;
    }

-    // Fast return for ARP or non-802.3 ether types
-    if (eth_type == ETH_P_ARP || eth_type < ETH_P_802_3_MIN)
+    // Fast return for ARP or non-802.3 ether types (0xFEFE is IS-IS)
+    if (eth_type == ETH_P_ARP || eth_type < ETH_P_802_3_MIN || eth_type == 0xFEFE)
    {
        return false;
    }
--- a/src/rust/lqos_sys/src/bpf/common/dissector_tc.h
+++ b/src/rust/lqos_sys/src/bpf/common/dissector_tc.h
@@ -77,6 +77,13 @@ static __always_inline bool tc_dissector_find_l3_offset(
    __u32 offset = sizeof(struct ethhdr);
    __u16 eth_type = bpf_ntohs(dissector->ethernet_header->h_proto);

+    // Fast return for ARP or non-802.3 ether types/
+    // 0xFEFE is the ethertype used to ISIS
+    if (eth_type == ETH_P_ARP || eth_type < ETH_P_802_3_MIN || eth_type == 0xFEFE)
+    {
+        return false;
+    }
+
    // Fast return for unwrapped IP
    if (eth_type == ETH_P_IP || eth_type == ETH_P_IPV6)
    {
@@ -85,12 +92,6 @@ static __always_inline bool tc_dissector_find_l3_offset(
        return true;
    }

-    // Fast return for ARP or non-802.3 ether types
-    if (eth_type == ETH_P_ARP || eth_type < ETH_P_802_3_MIN)
-    {
-        return false;
-    }
-
    // Walk the headers until we find IP
    __u8 i = 0;
    while (i < 10 && !is_ip(eth_type))
--- a/src/rust/lqos_sys/src/bpf/lqos_kern.c
+++ b/src/rust/lqos_sys/src/bpf/lqos_kern.c
@@ -107,7 +107,7 @@ int xdp_prog(struct xdp_md *ctx)
    bpf_debug("(XDP) Scan VLANs: %u %u", internet_vlan, isp_vlan);
 #endif
    // If the dissector is unable to figure out what's going on, bail
-    // out.
+    // out. This specifically permits non-IP packets to pass unmolested.
    if (!dissector_new(ctx, &dissector)) return XDP_PASS;

    // Note that this step rewrites the VLAN tag if redirection
@@ -308,6 +308,9 @@ int tc_iphash_to_cpu(struct __sk_buff *skb)
    // we probably don't want to drop it - to ensure that IS-IS, ARP, STP
    // and other packet types are still handled by the default queues.
    struct tc_dissector_t dissector = {0};
+    // If the dissector returns false, return TC_ACT_OK to pass the packet
+    // unmolested/unshaped. This is designed to pass STP and similar non-IP
+    // traffic.
    if (!tc_dissector_new(skb, &dissector)) return TC_ACT_OK;
    if (!tc_dissector_find_l3_offset(&dissector)) return TC_ACT_OK;
    if (!tc_dissector_find_ip_header(&dissector)) return TC_ACT_OK;