lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Sat, 08 Aug 2009 08:49:41 -0400
From:	jamal <hadi@...erus.ca>
To:	Sergey Popov <popov_sergey@....net>
Cc:	Patrick McHardy <kaber@...sh.net>,
	Stephen Hemminger <stephen.hemminger@...tta.com>,
	netdev@...r.kernel.org
Subject: Re: some bug in iproute2

Sergey,

Hope you dont mind if i cc some other people so we can
resolve this issue because i am looking at the git logs
and seeing tons of activities which affect what you are
trying to do.

On Sat, 2009-08-08 at 08:30 -0400, jamal wrote:
> Hi,
> 
> On Fri, 2009-08-07 at 20:27 +0300, Sergey Popov wrote:
> > В Fri, 07 Aug 2009 10:28:05 -0400


> > Now i want to police the incoming traffic and drop all the packets
> > that exceeds the 1000 kbit and redirect packets
> > to ifb, but next line doesn't work as expected [by me]:
> > 
> 
> What distro are you running?
> 
> > # tc f add dev $INETIF parent ffff: proto ip prio 1 u32 match u32 0 0 \
> > action police rate 1000kbit burst 1k drop \
> > action mirred egress redirect dev $IFBIF
> > 
> > Illegal "action"
> > bad action parsing
> > parse_action: bad value (12:police)!
> > Illegal "action"
> 
> Let me try simple version:
> dogo:~# tc q add dev lo ingress
> dogo:~# tc f add dev lo parent ffff: proto ip prio 1 u32 match u32 0 0
> action police rate 1000kbit burst 1k drop action mirred egress redirect
> dev eth0
> Illegal "action"
> bad action parsing
> parse_action: bad value (12:police)!
> Illegal "action"
> dogo:~# 
> 
> Ok, this seems to be a bug with policer...
> Although your syntax above seems wrong since you didnt specify flowid.
> You must specify flowid always or strange things will happen even if
> the syntax is accepted.

Your usage and syntax is perfectly legal and very useful.
The problem is in the old policer syntax the keyword "action" had some
speacial meaning. Some old scripts used it and broke if new syntax was
used.
The only clean option i see forward (which doesnt break any legacy stuff
or play acrobatics) is to introduce new action "npolice". Patrick,
thoughts?

cheers,
jamal


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ