net: pkt_filter: Add priority filters to enable quality of service

[ClaCodes]

Quality of Service for Ethernet

To enable quality-of-service (QoS) applications, add net_pkt_filters with result NET_CONTINUE, that allow to change the priority of an incoming packet dynamically. Then the processing of a network packet will happen on the respective traffic-class-queue. This enables a gradual degrading of availabilit of a service based on its priority (user application configurable).

Results (Sample in this PR)

With QoS

c (x) := command service for priority x (high means higher priority)

e (x) := echo service for priority x (high means higher priority)

Without QoS

c (x) := command service for priority x (high means higher priority)

e (x) := echo service for priority x (high means higher priority)

Future Work

• Implement deferring before net_conn_input
• QoS for UDP
• QoS for TCP

[rlubos]

Some initial feedback (on the topmost 2 commits).

[ClaCodes]

@rlubos
I reverted along the lines of discussion.
Note that, if we go with the current approach of the RFC, we would have to add the snippet to multiple places:

+               update_priority_l2(pkt);
+               if (!being_processed_by_correct_thread(pkt)) {
+                       net_queue_rx(net_pkt_iface(pkt), pkt);
+                       return NET_OK;
+               }

For example after extracting the l2-header but before: STRUCT_SECTION_FOREACH(net_l3_register, l3) { such that for example arp packets can be offloaded on to another traffic class queue.
and after ip-header processing etc ...

I believe, that a loop and a if-else-chain or a switch would be more readable. Presumably the added computation cost is negligible?

void process_data(struct net_pkt *pkt)
{
    // switch would only work if raw packet sockets not needed for loop back etc.
    switch (pkt->step) {
    case STEP_1:
        do_step_1();
        return NET_CONTINUE;
    case STEP_2:
        do_step_2();
        return NET_CONTINUE;
    case STEP_3:
        do_step_3();
        return NET_CONTINUE;
        // ...
    }
}

void processing_data(struct net_pkt *pkt)
{
    enum net_verdict verdict = NET_CONTINUE;
    do {
        verdict = process_data(pkt);
        if (verdict != NET_CONTINUE) {
            break;
        }
        update_prio(pkt, pkt->step);
        if (!on_correct_thread(pkt)) {
            net_queue_rx(pkt);
            verdict = NET_OK;
        }
    } while (verdict == NET_CONTINUE);
    // ... unref
}

If we do not do this, it will be very hard to follow at which point the processing can be interrupted and then recontinued later. This may be an easy source of bugs.

[ClaCodes]

• Rebased

Note: contains all commits from #93246 and adds two commit

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
1.6% Duplication on New Code

See analysis details on SonarQube Cloud

[rlubos]

I think packet rescheduling logic turned out pretty straightforward and looks fine, however I think we need to think on how would the priority updating look like in practice.

[tpambor]

@ClaCodes Could you rebase this PR as the prerequisites #93246 and #93050 have been merged

[ClaCodes]

• rebased
• fixed nits and typos
• Added to net filter shell command -> led to net: tc-mapping: Fix SKIP_FOR_HIGH_PRIO #97877 (additional commit)
• Added priority filters to the existing sample in net/pkt_filter. Running net filter on that sample now gives:

Rule  Type        Verdict   Pkt-Prio  Queue  Thread-Prio  Tests
[ 1]  recv        CONTINUE         1      0            1  1    iface[1]
[ 2]  recv        CONTINUE         7      1         SKIP  2    iface[1],eth type[0x88f7]
[ 3]  recv        CONTINUE         2      0            1  2    iface[1],eth type[0x8100]
[ 4]  recv        CONTINUE         1      0            1  2    iface[2],eth vlan type[0x0806]
[ 5]  recv        CONTINUE         1      0            1  2    iface[3],eth vlan type[0x0806]
[ 6]  recv        OK             N/A    N/A          N/A  3    iface[2],eth vlan type[0x0800],size max[200]
[ 7]  recv        OK             N/A    N/A          N/A  3    iface[3],eth vlan type[0x0800],size min[100]
[ 8]  recv        OK             N/A    N/A          N/A  1    iface[1]
[ 9]  recv        OK             N/A    N/A          N/A  2    iface[2],eth vlan type[0x0806]
[10]  recv        OK             N/A    N/A          N/A  2    iface[3],eth vlan type[0x0806]
[11]  recv        DROP           N/A    N/A          N/A  0    

[ClaCodes]

inverted boolean logic and fixed a problem introduced in earlier revision

[jukkar]

typo s/virual/virtual/

[jukkar]

typo s/virutal/virtual/

[jukkar]

ditto

[Copilot]

Pull Request Overview

Enable QoS by introducing priority-only packet filter rules that adjust packet priority (and thus TC queue) without deciding the final verdict, plus supporting infrastructure and a demonstrative Ethernet sample.

• Add NET_CONTINUE handling in packet filters and a new NPF_PRIORITY macro to set packet priority and continue evaluation
• Refactor TC thread priority computation with base/spread configs; add helpers and unify immediate-queue checks
• Introduce a QoS Ethernet sample, enhance shell filter output to show priority, queue, and thread priority

Reviewed Changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 12 comments.

Show a summary per file

File	Description
subsys/net/pkt_filter/base.c	Add NET_CONTINUE path to set packet priority and continue rule evaluation
include/zephyr/net/net_pkt_filter.h	Add priority field to npf_rule and a new NPF_PRIORITY macro
subsys/net/lib/shell/filter.c	Extend shell output to display priority-to-TC mapping and thread priorities
subsys/net/ip/net_tc.c	Replace lookup tables with computed thread priorities using base/spread; add exported helpers
subsys/net/ip/net_private.h	Add helper APIs and inline “immediate” checks for RX/TX
subsys/net/ip/net_if.c	Use new net_tc_tx_is_immediate helper
subsys/net/ip/net_core.c	Use new net_tc_rx_is_immediate helper
subsys/net/ip/Kconfig	Add configurable TX/RX thread priority spread options
samples/net/qos/ethernet/*	New QoS Ethernet sample demonstrating priority-based degradation and echo/command services
samples/net/pkt_filter/src/main.c	Add and order priority rules; comments and rule set updates for VLAN sample
samples/net/pkt_filter/prj.conf	Enable RX TCs and skip-for-high-prio in sample
doc/connectivity/networking/api/net_pkt_filter.rst	Document NET_CONTINUE semantics and NPF_PRIORITY usage with example
samples/net/qos/* (docs/yaml/cmake)	Sample metadata, build, and documentation

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

simulated_work_time is read/written from multiple threads (RX handler and TX send path) without synchronization, which is a data race. Use atomic_t with atomic_set/atomic_get, or protect access with a mutex; for example: replace with static atomic_t simulated_work_time; set with atomic_set(&simulated_work_time, work); and read with posix_cpu_hold((uint32_t)atomic_get(&simulated_work_time)).

[ClaCodes]

Yes, as I noted with the comment. But it is very unlikely, that is written while readers are active, and I would like to avoid them blocking each other.

[Copilot]

net_pkt_ll_proto_type() returns uint16_t, but the format specifier uses %d (signed int). Use %u or PRIu16 to avoid incorrect logging on larger values: LOG_INF("sending service %u, pkt %p", (unsigned)net_pkt_ll_proto_type(pkt), pkt);

Suggested change

	LOG_INF("sending service %d, pkt %p", net_pkt_ll_proto_type(pkt), pkt);
	LOG_INF("sending service %u, pkt %p", net_pkt_ll_proto_type(pkt), pkt);

[Copilot]

Corrected spelling of 'virual' to 'virtual'.

[Copilot]

Corrected spelling of 'virutal' to 'virtual'.

[Copilot]

Corrected spelling of 'virutal' to 'virtual'.

[Copilot]

[nitpick] Use the strong type enum net_priority for the priority field to improve type safety and self-documentation: change to enum net_priority priority; and adjust NPF_PRIORITY macro accordingly.

Suggested change

	uint8_t priority; /**< priority in case of NET_CONTINUE */
	enum net_priority priority; /**< priority in case of NET_CONTINUE */

[Copilot]

Add a runtime range check for tc to prevent out-of-range access in case of future callers: e.g., NET_ASSERT(tc >= 0 && tc < NET_TC_TX_COUNT); before using tc.

[Copilot]

Add a runtime range check for tc to ensure it is within [0, NET_TC_RX_COUNT): e.g., NET_ASSERT(tc >= 0 && tc < NET_TC_RX_COUNT);

[Copilot]

Constrain these integers with a non-zero positive range to avoid invalid configurations (e.g., add range 1 255 or an appropriate upper bound): range 1 255.

[sonarqubecloud]

Quality Gate passed

Issues
4 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[ClaCodes]

• rebased
• fix nits, suggestions and typos

[pdgendt]

In the future, try to avoid force pushing a rebase combined with changes. This makes the "compare" function in Github useless.

[ClaCodes]

In the future, try to avoid force pushing a rebase combined with changes. This makes the "compare" function in Github useless.

Will do. Sorry for causing overhead.