lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Thu, 16 Jun 2011 23:21:45 +0300
From:	Doru Petrescu <pdoru@...x.ro>
To:	Stephen Hemminger <shemminger@...tta.com>
Cc:	ierdnah@...il.com, linux-kernel@...r.kernel.org,
	netdev@...r.kernel.org
Subject: Re: tc match MAC destination - nothing matches on protocol 802_3

On Thu, 2011-06-16 at 08:51 -0700, Stephen Hemminger wrote:
> On Thu, 16 Jun 2011 10:56:52 +0300
> Doru Theodor Petrescu <pdoru.kernel@...x.ro> wrote:
> 
> > 
> > 
> > I updated my scripts to use the 'tc filter ... match ether src/dst'
> > syntax. it really makes reading the script easier. thanks for the tip!
> > 
> > however the problem persists. I changed the rule to match ANY pachet of
> > type 802_3 and redirect it to ifb1. but nothing arrives on ifb1.
> > 
> > I tried to redirect ARP pachets using 'protocol arp' filter and it works
> > perfectly as expected.
> > 
> > so at this point the problem is no longer 'how to match ethernet header'
> > but rather 'how to match a pachet of type 802_3'. My feeling is that
> > there is a bug somewhere in kernel where the 'protocol 802_3' matching
> > happens.
> > 
> > 
> > I attach part of the script I use to generate the filters and classes. I
> > removed everything related to HTB and IP pachets because there is no
> > problem there. in case the formating is lost, you can download it from
> > here: http://evox.ro/kernel_netdev_tc_protocol_802.3/
> > 
> > 
> > Thx for any help,
> > Doru Theodor Petrescu
> > CTO, Evox Solutions SRL
> > http://evox.ro/
> > 
> > 
> > 
> > for DEV in bond0.2199 bond1.2199 bond0.3000 bond1.3001 ; do
> > 
> > 
> >    tc qdisc  del dev $DEV root
> > 
> >    tc qdisc  add dev $DEV root handle 1: htb default 2
> >    tc class  add dev $DEV parent 1: classid 1:1 htb rate 930000kbit ceil
> > 930000kbit quantum 1600
> >    
> >    tc filter add dev $DEV parent 1: prio 5 protocol ip u32
> > # ==> 800:
> > 
> >    tc filter add dev $DEV parent 1: prio 1 protocol 0x0806 u32
> > # ==> 801:      protocol ARP
> >    tc filter add dev $DEV parent 1: prio 1 handle 801:0:7 protocol
> > 0x0806 u32  match u32 0 0 flowid 1:3
> > 
> >    tc filter add dev $DEV parent 1: prio 2 protocol 802_3 u32
> > # ==> 802:
> > 
> >    tc filter add dev $DEV parent 1: prio 6 protocol ip u32
> > # ==> 803:
> > 
> > 
> >    tc filter replace dev $DEV parent 1: prio 2 handle 802:0:3  protocol
> > 802_3 u32 match u16 0 0 at 0 flowid 1:3 action mirred egress mirror dev
> > ifb1
> >    tc filter replace dev $DEV parent 1: prio 2 handle 802:0:9  protocol
> > 802_3 u32 match ether src 01:00:0c:cc:cc:cd flowid 1:3 action mirred
> > egress mirror dev ifb1
> >    tc filter replace dev $DEV parent 1: prio 2 handle 802:0:10 protocol
> > 802_3 u32 match ether dst 01:00:0c:cc:cc:cd flowid 1:3 action mirred
> > egress mirror dev ifb1
> > 
> > done
> > 
> > 
> > # the 802_3 pachet filter:   
> > # 
> > # 802:0:3 should match ANY pachet of type 802_3 and mirror it to ifb1
> > # 802:0:9 and 802:0:10 should match any pachet with src/dst
> > 01:00:0c:cc:cc:cd and mirror it to ifb1
> > #
> > # however NOTHING is going to ifb1    try 'tcpdump -nltve -i ifb1'
> > # at the same time 'tcpdump -nltve -i bond1.2199 ether host
> > 0100.0ccc.cccd' will show about one pachet every second
> > # 
> > 
> > 
> > # at the same time the ARP filter works. you can mirror all ARP trafic
> > to IFB1 like this:
> > # tc filter replace dev $DEV parent 1: prio 1 handle 801:0:7 protocol
> > 0x0806 u32  match u32 0 0 flowid 1:3 action mirred egress mirror dev
> > ifb1
> 
> I think you want 802_2 to match STP frames. 802_3 is a dummy value
> for the old Novell IPX encapsulation




well, this is what TCPDUMP will print:
00:1d:45:d7:19:7a > 01:00:0c:cc:cc:cd, 802.3, length 64: LLC, dsap SNAP
(0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco
(0x00000c), pid Unknown (0x010b): Unnumbered, ui, Flags [Command],
length 50


it thinks it's 802.3 so this is why I used 802_3


I just tried your advice and created a filter with protocol 802_2 and
guess what ... IT WORKS !!!


so, don't use 'protocol 802.3' use 'protocol 802.2' in tc filters!

thanks everybody!
D.




--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists