network: tc/cake: introduce FirewallMark= setting

man/systemd.network.xml

@@ -3660,6 +3660,15 @@ Token=prefixstable:2002:da8:1::</programlisting></para>
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><varname>FirewallMark=</varname></term>
+        <listitem>
+          <para>Takes an integer in the range 1…4294967295. When specified, firewall-mark-based
+          overriding of CAKE's tin selection is enabled. Defaults to unset, and the kernel's default is
+          used.</para>
+        </listitem>
+      </varlistentry>
+
     </variablelist>
   </refsect1>
 

src/network/networkd-network-gperf.gperf

@@ -393,6 +393,7 @@ CAKE.CompensationMode,                       config_parse_cake_compensation_mode
 CAKE.FlowIsolationMode,                      config_parse_cake_flow_isolation_mode,                    QDISC_KIND_CAKE,               0
 CAKE.NAT,                                    config_parse_cake_tristate,                               QDISC_KIND_CAKE,               0
 CAKE.PriorityQueueingPreset,                 config_parse_cake_priority_queueing_preset,               QDISC_KIND_CAKE,               0
+CAKE.FirewallMark,                           config_parse_cake_fwmark,                                 QDISC_KIND_CAKE,               0
 ControlledDelay.Parent,                      config_parse_qdisc_parent,                                QDISC_KIND_CODEL,              0
 ControlledDelay.Handle,                      config_parse_qdisc_handle,                                QDISC_KIND_CODEL,              0
 ControlledDelay.PacketLimit,                 config_parse_controlled_delay_u32,                        QDISC_KIND_CODEL,              0

src/network/tc/cake.c

@@ -90,6 +90,12 @@ static int cake_fill_message(Link *link, QDisc *qdisc, sd_netlink_message *req)
                         return log_link_error_errno(link, r, "Could not append TCA_CAKE_DIFFSERV_MODE attribute: %m");
         }
 
+        if (c->fwmark > 0) {
+                r = sd_netlink_message_append_u32(req, TCA_CAKE_FWMARK, c->fwmark);
+                if (r < 0)
+                        return log_link_error_errno(link, r, "Could not append TCA_CAKE_FWMARK attribute: %m");
+        }
+
         r = sd_netlink_message_close_container(req);
         if (r < 0)
                 return log_link_error_errno(link, r, "Could not close container TCA_OPTIONS: %m");
@@ -520,6 +526,65 @@ int config_parse_cake_priority_queueing_preset(
         return 0;
 }
 
+int config_parse_cake_fwmark(
+                const char *unit,
+                const char *filename,
+                unsigned line,
+                const char *section,
+                unsigned section_line,
+                const char *lvalue,
+                int ltype,
+                const char *rvalue,
+                void *data,
+                void *userdata) {
+
+        _cleanup_(qdisc_free_or_set_invalidp) QDisc *qdisc = NULL;
+        CommonApplicationsKeptEnhanced *c;
+        Network *network = data;
+        uint32_t fwmark;
+        int r;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+        assert(data);
+
+        r = qdisc_new_static(QDISC_KIND_CAKE, network, filename, section_line, &qdisc);
+        if (r == -ENOMEM)
+                return log_oom();
+        if (r < 0) {
+                log_syntax(unit, LOG_WARNING, filename, line, r,
+                           "More than one kind of queueing discipline, ignoring assignment: %m");
+                return 0;
+        }
+
+        c = CAKE(qdisc);
+
+        if (isempty(rvalue)) {
+                c->fwmark = 0;
+                TAKE_PTR(qdisc);
+                return 0;
+        }
+
+        r = safe_atou32(rvalue, &fwmark);
+        if (r < 0) {
+                log_syntax(unit, LOG_WARNING, filename, line, r,
+                           "Failed to parse '%s=', ignoring assignment: %s",
+                           lvalue, rvalue);
+                return 0;
+        }
+        if (fwmark <= 0) {
+                log_syntax(unit, LOG_WARNING, filename, line, 0,
+                           "Invalid '%s=', ignoring assignment: %s",
+                           lvalue, rvalue);
+                return 0;
+        }
+
+        c->fwmark = fwmark;
+        TAKE_PTR(qdisc);
+        return 0;
+}
+
 const QDiscVTable cake_vtable = {
         .object_size = sizeof(CommonApplicationsKeptEnhanced),
         .tca_kind = "cake",

src/network/tc/cake.h

@@ -57,6 +57,7 @@ typedef struct CommonApplicationsKeptEnhanced {
 
         /* Priority queue parameters */
         CakePriorityQueueingPreset preset;
+        uint32_t fwmark;
 
 } CommonApplicationsKeptEnhanced;
 
@@ -70,3 +71,4 @@ CONFIG_PARSER_PROTOTYPE(config_parse_cake_tristate);
 CONFIG_PARSER_PROTOTYPE(config_parse_cake_compensation_mode);
 CONFIG_PARSER_PROTOTYPE(config_parse_cake_flow_isolation_mode);
 CONFIG_PARSER_PROTOTYPE(config_parse_cake_priority_queueing_preset);
+CONFIG_PARSER_PROTOTYPE(config_parse_cake_fwmark);

test/fuzz/fuzz-network-parser/directives.network

@@ -475,6 +475,7 @@ CompensationMode=
 FlowIsolationMode=
 NAT=
 PriorityQueueingPreset=
+FirewallMark=
 [TrafficControlQueueingDiscipline]
 Parent=
 NetworkEmulatorDelaySec=