lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 11 Jan 2018 09:46:09 -0500
From:   Jamal Hadi Salim <jhs@...atatu.com>
To:     Jiri Pirko <jiri@...nulli.us>
Cc:     netdev@...r.kernel.org, davem@...emloft.net,
        xiyou.wangcong@...il.com, mlxsw@...lanox.com, andrew@...n.ch,
        vivien.didelot@...oirfairelinux.com, f.fainelli@...il.com,
        michael.chan@...adcom.com, ganeshgr@...lsio.com,
        saeedm@...lanox.com, matanb@...lanox.com, leonro@...lanox.com,
        idosch@...lanox.com, jakub.kicinski@...ronome.com,
        simon.horman@...ronome.com, pieter.jansenvanvuuren@...ronome.com,
        john.hurley@...ronome.com, alexander.h.duyck@...el.com,
        ogerlitz@...lanox.com, john.fastabend@...il.com,
        daniel@...earbox.net, dsahern@...il.com
Subject: Re: [patch net-next v7 09/13] net: sched: allow ingress and clsact
 qdiscs to share filter blocks

On 18-01-11 09:41 AM, Jiri Pirko wrote:
> Thu, Jan 11, 2018 at 03:37:08PM CET, jhs@...atatu.com wrote:
>> On 18-01-11 09:24 AM, Jiri Pirko wrote:
>>> Thu, Jan 11, 2018 at 02:36:01PM CET, jhs@...atatu.com wrote:
>>>> On 18-01-09 09:07 AM, Jiri Pirko wrote:
>>>>> From: Jiri Pirko <jiri@...lanox.com>
>>>>>
>>>>> Benefit from the previously introduced shared filter blocks
>>>>> infrastructure and allow ingress and clsact qdisc instances to share
>>>>> filter blocks. The block index is coming from userspace as qdisc option.
>>>>
>>>> Didnt quiet follow why ingress is special and needs attributes to
>>>> set the block but other qdiscs didnt.
>>>
>>> Jamal, again, other qdiscs does not support block sharing. This patchset
>>> only adds support for sharing of block for ingress and clsact qdiscs.
>>> Later on, other qdiscs could also support block sharing.
>>>
>>
>> Can you stop a config which says:
>> tc qdisc add dev ens9 root block 22 handle 1:0 prio ?
> 
> Please see the iproute2 patches. Parsing of "block" command line option
> is done inside q_ingress.c
> 

I only looked at the kernel code. Good you can stop it at tc
but the API does not stop it (unless you expect the rest of the
world to only use tc).
Really - there is no reason for this API to be only via ingress qdisc
attributes. You can add a check in cls api to reject any parent that is
not either of the clsacts + ingress (depending on tc doesnt sound
right).

cheers,
jamal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ