lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Sun, 22 Oct 2017 11:17:45 -0400
From:   Jamal Hadi Salim <jhs@...atatu.com>
To:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        Phil Sutter <phil@....cc>,
        Stephen Hemminger <stephen@...workplumber.org>,
        Jiri Pirko <jiri@...nulli.us>
Cc:     Lucas Bates <lucasb@...atatu.com>
Subject: Fwd: bug report: iproute2 policer parsing broken


forgot to cc netdev...

cheers,
jamal

-------- Forwarded Message --------
Subject: bug report: iproute2 policer parsing broken
Date: Sun, 22 Oct 2017 10:59:07 -0400
From: Jamal Hadi Salim <jhs@...atatu.com>
To: Phil Sutter <phil@....cc>, Stephen Hemminger 
<stephen@...workplumber.org>, Jiri Pirko <jiri@...nulli.us>
CC: Lucas Bates <lucasb@...atatu.com>


It seems policer parsing with conform-exceed is broken.
I have verified this with a few actions.
git bisect indicates things were working before refactoring
into tc-utils.c - Unfortunately I dont have time to dig.
There seem to be two issues:

1) Has to do with whether you have space before or after "/"

#doesnt work
sudo $TC actions add action police rate 1kbit burst 90k \
conform-exceed  A /B
#doesnt work
sudo $TC actions add action police rate 1kbit burst 90k \
conform-exceed  A/B
#doesnt work
sudo $TC actions add action police rate 1kbit burst 90k \
conform-exceed  A/ B
#works
sudo $TC actions add action police rate 1kbit burst 90k \
conform-exceed  A / B

I tried a few actions but focussed on the "goto chain" and
"jump" actions.

2) specifying and index with "goto chain" but maybe consistent
across other actions

#works
sudo $TC actions add action police rate 1kbit burst 90k conform-exceed 
pipe / goto chain 111

#doesnt work
sudo $TC actions add action police rate 1kbit burst 90k conform-exceed 
pipe / goto chain 111 index 111

I may be able to get to it around netdev2.2 time if nobody else does.

cheers,
jamal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ