lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 12 May 2010 13:20:42 -0700
From:	Stephen Hemminger <shemminger@...tta.com>
To:	hadi@...erus.ca
Cc:	David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [PATCH] net sched: cleanup and rate limit warning

On Wed, 12 May 2010 15:13:48 -0400
jamal <hadi@...erus.ca> wrote:

> Thanks for the info Stephen.
> 
> On Wed, 2010-05-12 at 11:17 -0700, Stephen Hemminger wrote:
> 
> > The Vyatta syntax is:
> > 
> >  traffic-limiter test-traffic-limit {
> >      class 2048 {
> >          bandwidth 1mbit
> >          burst 500kbit
> >          match onebox {
> >              ip {
> >                  destination {
> >                      address 192.168.100.99/32
> >                  }
> >              }
> >          }
> >      }
> >  }
> > 
> 
> ;-> I guess kids these days prefer juniperism over ciscoism?
> Why dont they just learn linuxism?;->
> 
> > Which generates these TC commands.
> > 
> > root@VC6:~# tc qdisc show dev eth0
> > qdisc pfifo_fast 0: root bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
> > qdisc ingress ffff: parent ffff:fff1 ---------------- 
> > 
> > root@VC6:~# tc filter show dev eth0 parent ffff:
> > filter protocol all pref 20 u32 
> > filter protocol all pref 20 u32 fh 800: ht divisor 1 
> > filter protocol all pref 20 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid ffff:800 
> >   match c0a86463/ffffffff at 16
> >  police 0x3 rate 1000Kbit burst 63999b mtu 2Kb action reclassify overhead 0b 
> > ref 1 bind 1
> > 
> > 
> > I think the bad part is the huge burst size.
> 
> That may be - but it seems your tool is the culprit.
> It is generating wrong tc commands if i read the intent correctly.
> Basically what the tc command is saying is "if you exceed the 1Mbit upto
> a burst of 500kbit then reclassify".
> "Reclassify" means literally that: to reuse the same classification rule
> again, which will find that  we have exceeded 1M which will ask
> reclassify .... loop.... I am glad that code is there ;->

The tool isn't generating an action (just tc filter ... police ..)
so it is getting the unfortunate default of reclassify.


-- 
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ