lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 23 Jan 2021 11:17:36 -0700
From:   David Ahern <dsahern@...il.com>
To:     wenxu@...oud.cn, marcelo.leitner@...il.com
Cc:     netdev@...r.kernel.org
Subject: Re: [PATCH iproute2-next v2] tc: flower: add tc conntrack inv
 ct_state support

On 1/19/21 7:52 PM, wenxu@...oud.cn wrote:
> From: wenxu <wenxu@...oud.cn>
> 
> Matches on conntrack inv ct_state.
> 
> Signed-off-by: wenxu <wenxu@...oud.cn>
> ---
> v2: change the description
> 
>  include/uapi/linux/pkt_cls.h | 1 +
>  man/man8/tc-flower.8         | 2 ++
>  tc/f_flower.c                | 1 +
>  3 files changed, 4 insertions(+)
> 
> diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h
> index 449a639..e8f2aed 100644
> --- a/include/uapi/linux/pkt_cls.h
> +++ b/include/uapi/linux/pkt_cls.h
> @@ -563,6 +563,7 @@ enum {
>  	TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED = 1 << 1, /* Part of an existing connection. */
>  	TCA_FLOWER_KEY_CT_FLAGS_RELATED = 1 << 2, /* Related to an established connection. */
>  	TCA_FLOWER_KEY_CT_FLAGS_TRACKED = 1 << 3, /* Conntrack has occurred. */
> +	TCA_FLOWER_KEY_CT_FLAGS_INVALID = 1 << 4, /* Conntrack is invalid. */
>  };
>  
>  enum {
> diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
> index eb9eb5f..f90117b 100644
> --- a/man/man8/tc-flower.8
> +++ b/man/man8/tc-flower.8
> @@ -312,6 +312,8 @@ new - New connection.
>  .TP
>  est - Established connection.
>  .TP
> +inv - The state is invalid. The packet couldn't be associated to a connection.
> +.TP
>  Example: +trk+est
>  .RE
>  .TP
> diff --git a/tc/f_flower.c b/tc/f_flower.c
> index 9d59d71..7d2df9d 100644
> --- a/tc/f_flower.c
> +++ b/tc/f_flower.c
> @@ -340,6 +340,7 @@ static struct flower_ct_states {
>  	{ "trk", TCA_FLOWER_KEY_CT_FLAGS_TRACKED },
>  	{ "new", TCA_FLOWER_KEY_CT_FLAGS_NEW },
>  	{ "est", TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED },
> +	{ "inv", TCA_FLOWER_KEY_CT_FLAGS_INVALID},
>  };
>  
>  static int flower_parse_ct_state(char *str, struct nlmsghdr *n)
> 

Fixed the space and applied to iproute2-next.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ