lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 19 Aug 2015 13:47:37 -0700
From:	Pravin Shelar <pshelar@...ira.com>
To:	Joe Stringer <joestringer@...ira.com>
Cc:	netdev <netdev@...r.kernel.org>,
	LKML <linux-kernel@...r.kernel.org>, pablo <pablo@...filter.org>,
	Florian Westphal <fwestpha@...hat.com>,
	Hannes Sowa <hannes@...hat.com>, Thomas Graf <tgraf@...g.ch>,
	Justin Pettit <jpettit@...ira.com>,
	Jesse Gross <jesse@...ira.com>
Subject: Re: [PATCHv4 net-next 06/10] openvswitch: Allow matching on conntrack mark

On Tue, Aug 18, 2015 at 4:39 PM, Joe Stringer <joestringer@...ira.com> wrote:
> Allow matching and setting the conntrack mark field. As with conntrack
> state and zone, these are populated when the CT action is executed,
> and are made available for matching via RECIRC. To write to this field,
> a value and optional mark can be passed as part of the conntrack action.
>
> E.g.: actions:ct(zone=0),ct(zone=1,mark=1)
>
> This will perform conntrack lookup in zone 0, then lookup in zone 1,
> then modify the mark for the entry in zone 1. The conntrack entry itself
> must be committed using the "commit" flag in the conntrack action flags
> for this change to persist.
>
> Signed-off-by: Justin Pettit <jpettit@...ira.com>
> Signed-off-by: Joe Stringer <joestringer@...ira.com>
> ---
> v1-v3: No change.
> v4: Only allow setting conntrack mark via ct action.
>     Documentation tweaks.
> ---
>  include/uapi/linux/openvswitch.h |  5 ++++
>  net/openvswitch/actions.c        |  1 +
>  net/openvswitch/conntrack.c      | 61 ++++++++++++++++++++++++++++++++++++++--
>  net/openvswitch/conntrack.h      |  1 +
>  net/openvswitch/flow.h           |  1 +
>  net/openvswitch/flow_netlink.c   | 15 +++++++++-
>  6 files changed, 80 insertions(+), 4 deletions(-)
>
> diff --git a/include/uapi/linux/openvswitch.h b/include/uapi/linux/openvswitch.h
> index 55f5997..7a185b5 100644
> --- a/include/uapi/linux/openvswitch.h
> +++ b/include/uapi/linux/openvswitch.h
> @@ -325,6 +325,7 @@ enum ovs_key_attr {
>                                  * the accepted length of the array. */
>         OVS_KEY_ATTR_CT_STATE,  /* u8 bitmask of OVS_CS_F_* */
>         OVS_KEY_ATTR_CT_ZONE,   /* u16 connection tracking zone. */
> +       OVS_KEY_ATTR_CT_MARK,   /* u32 connection tracking mark */
>
>  #ifdef __KERNEL__
>         OVS_KEY_ATTR_TUNNEL_INFO,  /* struct ip_tunnel_info */
> @@ -613,11 +614,15 @@ struct ovs_action_hash {
>   * enum ovs_ct_attr - Attributes for %OVS_ACTION_ATTR_CT action.
>   * @OVS_CT_ATTR_FLAGS: u32 connection tracking flags.
>   * @OVS_CT_ATTR_ZONE: u16 connection tracking zone.
> + * @OVS_CT_ATTR_MARK: u32 value followed by u32 mask. For each bit set in the
> + * mask, the corresponding bit in the value is copied to the connection
> + * tracking mark field in the connection.
>   */
>  enum ovs_ct_attr {
>         OVS_CT_ATTR_UNSPEC,
>         OVS_CT_ATTR_FLAGS,      /* u8 bitmask of OVS_CT_F_*. */
>         OVS_CT_ATTR_ZONE,       /* u16 zone id. */
> +       OVS_CT_ATTR_MARK,       /* mark to associate with this connection. */
>         __OVS_CT_ATTR_MAX
>  };
>
ovs_ct_action_to_attr() is not updated to return complete datapath
action back to userpsace. same issue exist in set label patch.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists