lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Sep 2016 14:03:13 +0300 From: Hadar Hen Zion <hadarh@....mellanox.co.il> To: Jamal Hadi Salim <jhs@...atatu.com> Cc: Hadar Hen Zion <hadarh@...lanox.com>, "David S. Miller" <davem@...emloft.net>, netdev <netdev@...r.kernel.org>, Jiri Pirko <jiri@...lanox.com>, Jiri Benc <jbenc@...hat.com>, Shmulik Ladkani <shmulik.ladkani@...il.com>, Tom Herbert <tom@...bertland.com>, Eric Dumazet <edumazet@...gle.com>, Cong Wang <xiyou.wangcong@...il.com>, Amir Vadai <amirva@...lanox.com>, Or Gerlitz <ogerlitz@...lanox.com>, Amir Vadai <amir@...ai.me> Subject: Re: [PATCH net-next V5 4/4] net/sched: Introduce act_tunnel_key On Tue, Sep 6, 2016 at 1:49 PM, Jamal Hadi Salim <jhs@...atatu.com> wrote: > On 16-09-04 06:55 AM, Hadar Hen Zion wrote: >> >> From: Amir Vadai <amir@...ai.me> >> >> This action could be used before redirecting packets to a shared tunnel >> device, or when redirecting packets arriving from a such a device. >> >> The action will release the metadata created by the tunnel device >> (decap), or set the metadata with the specified values for encap >> operation. >> >> For example, the following flower filter will forward all ICMP packets >> destined to 11.11.11.2 through the shared vxlan device 'vxlan0'. Before >> redirecting, a metadata for the vxlan tunnel is created using the >> tunnel_key action and it's arguments: >> >> $ filter add dev net0 protocol ip parent ffff: \ >> flower \ >> ip_proto 1 \ >> dst_ip 11.11.11.2 \ >> action tunnel_key set \ >> src_ip 11.11.0.1 \ >> dst_ip 11.11.0.2 \ >> id 11 \ >> action mirred egress redirect dev vxlan0 >> > > > Syntax error above. Regardless: ack, will be fixed. > Please verify by running a test and send a packet or two > and verify that stats are incremented (I know it may sound silly to > ask but it is important). Already tested that tc filter stats are working and incremented as expected :-) . > > >> +static int tunnel_key_act(struct sk_buff *skb, const struct tc_action *a, >> + struct tcf_result *res) >> +{ >> + struct tcf_tunnel_key *t = to_tunnel_key(a); >> + struct tcf_tunnel_key_params *params; >> + int action; >> + >> + rcu_read_lock(); >> + >> + params = rcu_dereference(t->params); >> + >> + tcf_lastuse_update(&t->tcf_tm); >> + bstats_cpu_update(this_cpu_ptr(t->common.cpu_bstats), skb); >> + action = params->action; >> + >> + switch (params->tcft_action) { >> + case TCA_TUNNEL_KEY_ACT_RELEASE: >> + skb_dst_drop(skb); >> + break; >> + case TCA_TUNNEL_KEY_ACT_SET: >> + skb_dst_drop(skb); >> + skb_dst_set(skb, >> dst_clone(¶ms->tcft_enc_metadata->dst)); >> + break; >> + default: >> + WARN_ONCE(1, "Bad tunnel_key action.\n"); >> + break; > > > > slow path (_init()) is already checking for a bad tcft_act so it seems > unnecessary to have the default. > If you have to keep default would be useful to print the value as well. ack. > > Other than that looks good. > Acked-by: Jamal Hadi Salim <jhs@...atatu.com> > > cheers, > jamal
Powered by blists - more mailing lists