lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 4 Aug 2017 13:17:41 -0700
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     Jamal Hadi Salim <jhs@...atatu.com>
Cc:     netdev@...r.kernel.org, jiri@...nulli.us, xiyou.wangcong@...il.com,
        eric.dumazet@...il.com, dsahern@...il.com
Subject: Re: [PATCH iproute2 1/2] tc actions: Improved batching and time
 filtered dumping

On Wed,  2 Aug 2017 07:46:26 -0400
Jamal Hadi Salim <jhs@...atatu.com> wrote:

> From: Jamal Hadi Salim <jhs@...atatu.com>
> 
> dump more than TCA_ACT_MAX_PRIO actions per batch when the kernel
> supports it.
> 
> Introduced keyword "since" for time based filtering of actions.
> Some example (we have 400 actions bound to 400 filters); at
> installation time. Using updated when tc setting the time of
> interest to 120 seconds earlier (we see 400 actions):
> prompt$ hackedtc actions ls action gact since 120000| grep index | wc -l
> 400
> 
> go get some coffee and wait for > 120 seconds and try again:
> 
> prompt$ hackedtc actions ls action gact since 120000 | grep index | wc -l
> 0
> 
> Lets see a filter bound to one of these actions:
> ....
> filter pref 10 u32
> filter pref 10 u32 fh 800: ht divisor 1
> filter pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:10  (rule hit 2 success 1)
>   match 7f000002/ffffffff at 12 (success 1 )
>     action order 1: gact action pass
>      random type none pass val 0
>      index 23 ref 2 bind 1 installed 1145 sec used 802 sec
>     Action statistics:
>     Sent 84 bytes 1 pkt (dropped 0, overlimits 0 requeues 0)
>     backlog 0b 0p requeues 0
> ...
> 
> that coffee took long, no? It was good.
> 
> Now lets ping -c 1 127.0.0.2, then run the actions again:
> prompt$ hackedtc actions ls action gact since 120 | grep index | wc -l
> 1
> 
> More details please:
> prompt$ hackedtc -s actions ls action gact since 120000
> 
>     action order 0: gact action pass
>      random type none pass val 0
>      index 23 ref 2 bind 1 installed 1270 sec used 30 sec
>     Action statistics:
>     Sent 168 bytes 2 pkt (dropped 0, overlimits 0 requeues 0)
>     backlog 0b 0p requeues 0
> 
> And the filter?
> filter pref 10 u32
> filter pref 10 u32 fh 800: ht divisor 1
> filter pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:10  (rule hit 4 success 2)
>   match 7f000002/ffffffff at 12 (success 2 )
>     action order 1: gact action pass
>      random type none pass val 0
>      index 23 ref 2 bind 1 installed 1324 sec used 84 sec
>     Action statistics:
>     Sent 168 bytes 2 pkt (dropped 0, overlimits 0 requeues 0)
>     backlog 0b 0p requeues 0
> 
> Signed-off-by: Jamal Hadi Salim <jhs@...atatu.com>

Applied to net-next branch. Thanks Jamal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ