lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <534E77D0.8000307@mojatatu.com>
Date:	Wed, 16 Apr 2014 08:30:08 -0400
From:	Jamal Hadi Salim <jhs@...atatu.com>
To:	Cong Wang <xiyou.wangcong@...il.com>, netdev@...r.kernel.org
CC:	"David S. Miller" <davem@...emloft.net>,
	Cong Wang <cwang@...pensource.com>
Subject: Re: [Patch net] sched, cls: check if we could overwrite actions when
 changing a filter

On 04/15/14 19:46, Cong Wang wrote:
> From: Cong Wang <cwang@...pensource.com>
>
> When actions are attached to a filter, they are a part of the filter
> itself, so when changing a filter we should allow to overwrite the actions
> inside as well.
>
> In my specific case, when I tried to _append_ a new action to an existing
> filter which already has an action, I got EEXIST since kernel refused
> to overwrite the existing one in kernel.
>
> This patch checks if we are changing the filter checking NLM_F_CREATE flag
> (Sigh, filters don't use NLM_F_REPLACE...) and then passes the boolean down
> to actions. This fixes the problem above.


What are you trying to achieve?
These are general netlink rules (which can be streamlined by
the object).
Append means "I dont care if this exists, add it to the end"
In that case, you would specify the an existing filter rule but
in order to resolve ambiguity tc classifiers provide priorities
(i.e just specify a different priority) and the rule will be added
before or after  the conflicting rule.
If you dont do that then you will get back EEXIST to tell you
there is a conflict.
You cant replace an existing filter in particular when it has
a graph of actions attached to it. You can replace the paremetrization
of an existing bound action - but i am not sure that is what you
are trying to do here. For that address the specific action directly.
i.e tc action ....
If otoh you wanted to replace the filter + action graph with a backup
rule, then just add it lower in the priority list and delete the
existing one etc.

cheers,
jamal


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ