| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Apr 2014 08:30:08 -0400 From: Jamal Hadi Salim <jhs@...atatu.com> To: Cong Wang <xiyou.wangcong@...il.com>, netdev@...r.kernel.org CC: "David S. Miller" <davem@...emloft.net>, Cong Wang <cwang@...pensource.com> Subject: Re: [Patch net] sched, cls: check if we could overwrite actions when changing a filter On 04/15/14 19:46, Cong Wang wrote: > From: Cong Wang <cwang@...pensource.com> > > When actions are attached to a filter, they are a part of the filter > itself, so when changing a filter we should allow to overwrite the actions > inside as well. > > In my specific case, when I tried to _append_ a new action to an existing > filter which already has an action, I got EEXIST since kernel refused > to overwrite the existing one in kernel. > > This patch checks if we are changing the filter checking NLM_F_CREATE flag > (Sigh, filters don't use NLM_F_REPLACE...) and then passes the boolean down > to actions. This fixes the problem above. What are you trying to achieve? These are general netlink rules (which can be streamlined by the object). Append means "I dont care if this exists, add it to the end" In that case, you would specify the an existing filter rule but in order to resolve ambiguity tc classifiers provide priorities (i.e just specify a different priority) and the rule will be added before or after the conflicting rule. If you dont do that then you will get back EEXIST to tell you there is a conflict. You cant replace an existing filter in particular when it has a graph of actions attached to it. You can replace the paremetrization of an existing bound action - but i am not sure that is what you are trying to do here. For that address the specific action directly. i.e tc action .... If otoh you wanted to replace the filter + action graph with a backup rule, then just add it lower in the priority list and delete the existing one etc. cheers, jamal -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists