lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 8 Mar 2009 01:15:41 +0200
From:	Denys Fedoryschenko <denys@...p.net.lb>
To:	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	alexander.h.duyck@...el.com, shemminger@...l.org
Subject: skbedit action chaining with other actions - will fail

If i am chaining skbedit with other action, packets will not come in next (by 
order) action. Here is example:

Command
    echo "filter add dev $2 parent ffff: protocol ip prio 10 u32 \
match u32 0 0 flowid 1:1 \
action skbedit priority 0x${lowid} \
action mirred egress redirect dev ifb0"

and for ipt example
    echo "filter add dev $2 parent ffff: protocol ip prio 10 u32 \
match u32 0 0 flowid 1:1 \
action ipt -j MARK --set-mark ${id} \
action mirred egress redirect dev ifb0"


Here is skbedit (mirred will fail)

filter protocol ip pref 10 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 
1:1  (rule hit 569 success 569)
  match 00000000/00000000 at 0 (success 569 )
        action order 1:  skbedit priority :7 installed 121 sec used 8 sec       
Action statistics:
        Sent 103528 bytes 569 pkt (dropped 0, overlimits 0 requeues 0)
        rate 0bit 0pps backlog 0b 0p requeues 0

        action order 2: mirred (Egress Redirect to device ifb0) stolen
        index 706 ref 1 bind 1 installed 121 sec used 121 sec
        Action statistics:
        Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
        rate 0bit 0pps backlog 0b 0p requeues 0

But for example ipt works fine
filter protocol ip pref 10 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 
1:1  (rule hit 5023 success 5023)
  match 00000000/00000000 at 0 (success 5023 )
        action order 1: tablename: mangle  hook: NF_IP_PRE_ROUTING
        target MARK xset 0x65/0xffffffff
        index 190508 ref 1 bind 1 installed 792 sec used 0 sec
        Action statistics:
        Sent 999442 bytes 5023 pkt (dropped 0, overlimits 0 requeues 0)
        rate 0bit 0pps backlog 0b 0p requeues 0

        action order 2: mirred (Egress Redirect to device ifb0) stolen
        index 190508 ref 1 bind 1 installed 792 sec used 0 sec
        Action statistics:
        Sent 999442 bytes 5023 pkt (dropped 0, overlimits 0 requeues 0)
        rate 0bit 0pps backlog 0b 0p requeues 0




--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ