lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 28 May 2018 05:54:34 +0000
From:   "Fu, Qiaobin" <qiaobinf@...edu>
To:     "davem@...emloft.net" <davem@...emloft.net>
CC:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "jhs@...atatu.com" <jhs@...atatu.com>,
        Michel Machado <michel@...irati.com.br>,
        Marcelo Ricardo Leitner <marcelo.leitner@...il.com>,
        "xiyou.wangcong@...il.com" <xiyou.wangcong@...il.com>
Subject: [PATCH iproute2] net:sched: add action inheritdsfield to skbedit

The new action inheritdsfield copies the field DS of
IPv4 and IPv6 packets into skb->priority. This enables
later classification of packets based on the DS field.

Original idea by Jamal Hadi Salim <jhs@...atatu.com>

Signed-off-by: Qiaobin Fu <qiaobinf@...edu>
Reviewed-by: Michel Machado <michel@...irati.com.br>
---

Note that the motivation for this patch is found in the following discussion:
https://www.spinics.net/lists/netdev/msg501061.html
---

diff --git a/include/uapi/linux/tc_act/tc_skbedit.h b/include/uapi/linux/tc_act/tc_skbedit.h
index fbcfe27..432ad2f 100644
--- a/include/uapi/linux/tc_act/tc_skbedit.h
+++ b/include/uapi/linux/tc_act/tc_skbedit.h
@@ -30,9 +30,11 @@
 #define SKBEDIT_F_MARK			0x4
 #define SKBEDIT_F_PTYPE			0x8
 #define SKBEDIT_F_MASK			0x10
+#define SKBEDIT_F_INHERITDSFIELD	0x20
 
 struct tc_skbedit {
 	tc_gen;
+	__u64 flags;
 };
 
 enum {
diff --git a/tc/m_skbedit.c b/tc/m_skbedit.c
index db5c64c..7553a40 100644
--- a/tc/m_skbedit.c
+++ b/tc/m_skbedit.c
@@ -30,16 +30,18 @@
 
 static void explain(void)
 {
-	fprintf(stderr, "Usage: ... skbedit <[QM] [PM] [MM] [PT]>\n"
+	fprintf(stderr, "Usage: ... skbedit <[QM] [PM] [MM] [PT] [IF]>\n"
 		"QM = queue_mapping QUEUE_MAPPING\n"
 		"PM = priority PRIORITY\n"
 		"MM = mark MARK\n"
 		"PT = ptype PACKETYPE\n"
+		"IF = inheritdsfield\n"
 		"PACKETYPE = is one of:\n"
 		"  host, otherhost, broadcast, multicast\n"
 		"QUEUE_MAPPING = device transmit queue to use\n"
 		"PRIORITY = classID to assign to priority field\n"
-		"MARK = firewall mark to set\n");
+		"MARK = firewall mark to set\n"
+		"note: inheritdsfield maps DS field to skb->priority\n");
 }
 
 static void
@@ -59,7 +61,7 @@ parse_skbedit(struct action_util *a, int *argc_p, char ***argv_p, int tca_id,
 	struct rtattr *tail;
 	unsigned int tmp;
 	__u16 queue_mapping, ptype;
-	__u32 flags = 0, priority, mark;
+	__u32 priority, mark;
 	struct tc_skbedit sel = { 0 };
 
 	if (matches(*argv, "skbedit") != 0)
@@ -69,7 +71,7 @@ parse_skbedit(struct action_util *a, int *argc_p, char ***argv_p, int tca_id,
 
 	while (argc > 0) {
 		if (matches(*argv, "queue_mapping") == 0) {
-			flags |= SKBEDIT_F_QUEUE_MAPPING;
+			sel.flags |= SKBEDIT_F_QUEUE_MAPPING;
 			NEXT_ARG();
 			if (get_unsigned(&tmp, *argv, 10) || tmp > 65535) {
 				fprintf(stderr, "Illegal queue_mapping\n");
@@ -78,7 +80,7 @@ parse_skbedit(struct action_util *a, int *argc_p, char ***argv_p, int tca_id,
 			queue_mapping = tmp;
 			ok++;
 		} else if (matches(*argv, "priority") == 0) {
-			flags |= SKBEDIT_F_PRIORITY;
+			sel.flags |= SKBEDIT_F_PRIORITY;
 			NEXT_ARG();
 			if (get_tc_classid(&priority, *argv)) {
 				fprintf(stderr, "Illegal priority\n");
@@ -86,7 +88,7 @@ parse_skbedit(struct action_util *a, int *argc_p, char ***argv_p, int tca_id,
 			}
 			ok++;
 		} else if (matches(*argv, "mark") == 0) {
-			flags |= SKBEDIT_F_MARK;
+			sel.flags |= SKBEDIT_F_MARK;
 			NEXT_ARG();
 			if (get_u32(&mark, *argv, 0)) {
 				fprintf(stderr, "Illegal mark\n");
@@ -109,7 +111,10 @@ parse_skbedit(struct action_util *a, int *argc_p, char ***argv_p, int tca_id,
 					*argv);
 				return -1;
 			}
-			flags |= SKBEDIT_F_PTYPE;
+			sel.flags |= SKBEDIT_F_PTYPE;
+			ok++;
+		} else if (matches(*argv, "inheritdsfield") == 0) {
+			sel.flags |= SKBEDIT_F_INHERITDSFIELD;
 			ok++;
 		} else if (matches(*argv, "help") == 0) {
 			usage();
@@ -144,16 +149,16 @@ parse_skbedit(struct action_util *a, int *argc_p, char ***argv_p, int tca_id,
 
 	tail = addattr_nest(n, MAX_MSG, tca_id);
 	addattr_l(n, MAX_MSG, TCA_SKBEDIT_PARMS, &sel, sizeof(sel));
-	if (flags & SKBEDIT_F_QUEUE_MAPPING)
+	if (sel.flags & SKBEDIT_F_QUEUE_MAPPING)
 		addattr_l(n, MAX_MSG, TCA_SKBEDIT_QUEUE_MAPPING,
 			  &queue_mapping, sizeof(queue_mapping));
-	if (flags & SKBEDIT_F_PRIORITY)
+	if (sel.flags & SKBEDIT_F_PRIORITY)
 		addattr_l(n, MAX_MSG, TCA_SKBEDIT_PRIORITY,
 			  &priority, sizeof(priority));
-	if (flags & SKBEDIT_F_MARK)
+	if (sel.flags & SKBEDIT_F_MARK)
 		addattr_l(n, MAX_MSG, TCA_SKBEDIT_MARK,
 			  &mark, sizeof(mark));
-	if (flags & SKBEDIT_F_PTYPE)
+	if (sel.flags & SKBEDIT_F_PTYPE)
 		addattr_l(n, MAX_MSG, TCA_SKBEDIT_PTYPE,
 			  &ptype, sizeof(ptype));
 	addattr_nest_end(n, tail);
@@ -211,6 +216,8 @@ static int print_skbedit(struct action_util *au, FILE *f, struct rtattr *arg)
 		else
 			fprintf(f, " ptype %d", *ptype);
 	}
+	if (p->flags & SKBEDIT_F_INHERITDSFIELD)
+		fprintf(f, "inherit DS field ");
 
 	print_action_control(f, " ", p->action, "");

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ