lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 23 Jul 2014 10:15:50 -0700
From:	Cong Wang <cwang@...pensource.com>
To:	Antonio Quartulli <antonio@...hcoding.com>
Cc:	David Miller <davem@...emloft.net>,
	netdev <netdev@...r.kernel.org>,
	sergei.shtylyov@...entembedded.com,
	Eric Dumazet <eric.dumazet@...il.com>,
	Antonio Quartulli <antonio@...n-mesh.com>,
	Jamal Hadi Salim <jhs@...atatu.com>
Subject: Re: [PATCHv2] skbedit: allow the user to specify bitmask for mark

On Wed, Jul 23, 2014 at 1:03 AM, Antonio Quartulli
<antonio@...hcoding.com> wrote:
> From: Antonio Quartulli <antonio@...n-mesh.com>
>
> The user may want to use only some bits of the skb mark in
> his skbedit rules because the remaining part might be used by
> something else.
>
> Introduce the "mask" parameter to the skbedit actor in order
> to implement such functionality.
>
> When the mask is specified, only those bits selected by the
> latter are altered really changed by the actor, while the
> rest is left untouched.
>
> Cc: Jamal Hadi Salim <jhs@...atatu.com>
> Signed-off-by: Antonio Quartulli <antonio@...n-mesh.com>
> ---
>
> Jamal, I'm not adding your Signed-off because the patches has new part with
> respect to v1.
>
>
> Changes from v1:
> - use '&=' tcf_skbedit() to clean the mark
> - extend tcf_skbedit_dump() in order to send the mask as well
>
>
>
>
>
>  include/net/tc_act/tc_skbedit.h        |  1 +
>  include/uapi/linux/tc_act/tc_skbedit.h |  2 ++
>  net/sched/act_skbedit.c                | 24 +++++++++++++++++++++---
>  3 files changed, 24 insertions(+), 3 deletions(-)
>
> diff --git a/include/net/tc_act/tc_skbedit.h b/include/net/tc_act/tc_skbedit.h
> index 0df9a0d..a385c68 100644
> --- a/include/net/tc_act/tc_skbedit.h
> +++ b/include/net/tc_act/tc_skbedit.h
> @@ -26,6 +26,7 @@ struct tcf_skbedit {
>         u32                     flags;
>         u32                     priority;
>         u32                     mark;
> +       u32                     mask;
>         u16                     queue_mapping;
>         /* XXX: 16-bit pad here? */
>  };
> diff --git a/include/uapi/linux/tc_act/tc_skbedit.h b/include/uapi/linux/tc_act/tc_skbedit.h
> index 7a2e910..c7c8c5f 100644
> --- a/include/uapi/linux/tc_act/tc_skbedit.h
> +++ b/include/uapi/linux/tc_act/tc_skbedit.h
> @@ -27,6 +27,7 @@
>  #define SKBEDIT_F_PRIORITY             0x1
>  #define SKBEDIT_F_QUEUE_MAPPING                0x2
>  #define SKBEDIT_F_MARK                 0x4
> +#define SKBEDIT_F_MASK                 0x8
>
>  struct tc_skbedit {
>         tc_gen;
> @@ -39,6 +40,7 @@ enum {
>         TCA_SKBEDIT_PRIORITY,
>         TCA_SKBEDIT_QUEUE_MAPPING,
>         TCA_SKBEDIT_MARK,
> +       TCA_SKBEDIT_MASK,
>         __TCA_SKBEDIT_MAX
>  };
>  #define TCA_SKBEDIT_MAX (__TCA_SKBEDIT_MAX - 1)
> diff --git a/net/sched/act_skbedit.c b/net/sched/act_skbedit.c
> index fcfeeaf..6111b06 100644
> --- a/net/sched/act_skbedit.c
> +++ b/net/sched/act_skbedit.c
> @@ -43,8 +43,12 @@ static int tcf_skbedit(struct sk_buff *skb, const struct tc_action *a,
>         if (d->flags & SKBEDIT_F_QUEUE_MAPPING &&
>             skb->dev->real_num_tx_queues > d->queue_mapping)
>                 skb_set_queue_mapping(skb, d->queue_mapping);
> -       if (d->flags & SKBEDIT_F_MARK)
> -               skb->mark = d->mark;
> +       if (d->flags & SKBEDIT_F_MARK) {
> +               /* unset all the bits in the mask */
> +               skb->mark &= ~d->mask;
> +               /* assign the mark value for the masked bit only */
> +               skb->mark |= d->mark & d->mask;
> +       }
>
>         spin_unlock(&d->tcf_lock);
>         return d->tcf_action;
> @@ -55,6 +59,7 @@ static const struct nla_policy skbedit_policy[TCA_SKBEDIT_MAX + 1] = {
>         [TCA_SKBEDIT_PRIORITY]          = { .len = sizeof(u32) },
>         [TCA_SKBEDIT_QUEUE_MAPPING]     = { .len = sizeof(u16) },
>         [TCA_SKBEDIT_MARK]              = { .len = sizeof(u32) },
> +       [TCA_SKBEDIT_MASK]              = { .len = sizeof(u32) },
>  };
>
>  static int tcf_skbedit_init(struct net *net, struct nlattr *nla,
> @@ -64,7 +69,7 @@ static int tcf_skbedit_init(struct net *net, struct nlattr *nla,
>         struct nlattr *tb[TCA_SKBEDIT_MAX + 1];
>         struct tc_skbedit *parm;
>         struct tcf_skbedit *d;
> -       u32 flags = 0, *priority = NULL, *mark = NULL;
> +       u32 flags = 0, *priority = NULL, *mark = NULL, *mask = NULL;
>         u16 *queue_mapping = NULL;
>         int ret = 0, err;
>
> @@ -93,6 +98,11 @@ static int tcf_skbedit_init(struct net *net, struct nlattr *nla,
>                 mark = nla_data(tb[TCA_SKBEDIT_MARK]);
>         }
>
> +       if (tb[TCA_SKBEDIT_MASK] != NULL) {
> +               flags |= SKBEDIT_F_MASK;
> +               mask = nla_data(tb[TCA_SKBEDIT_MASK]);
> +       }
> +
>         if (!flags)
>                 return -EINVAL;
>
> @@ -123,6 +133,10 @@ static int tcf_skbedit_init(struct net *net, struct nlattr *nla,
>                 d->queue_mapping = *queue_mapping;
>         if (flags & SKBEDIT_F_MARK)
>                 d->mark = *mark;
> +       /* default behaviour is to use all the bits */
> +       d->mask = 0xffffffff;
> +       if (flags & SKBEDIT_F_MASK)
> +               d->mask = *mask;
>
>         d->tcf_action = parm->action;
>
> @@ -160,6 +174,10 @@ static int tcf_skbedit_dump(struct sk_buff *skb, struct tc_action *a,
>             nla_put(skb, TCA_SKBEDIT_MARK, sizeof(d->mark),
>                     &d->mark))
>                 goto nla_put_failure;
> +       if ((d->flags & SKBEDIT_F_MASK) &&
> +           nla_put(skb, TCA_SKBEDIT_MASK, sizeof(d->mask),
> +                   &d->mark))
> +               goto nla_put_failure;
>         t.install = jiffies_to_clock_t(jiffies - d->tcf_tm.install);
>         t.lastuse = jiffies_to_clock_t(jiffies - d->tcf_tm.lastuse);
>         t.expires = jiffies_to_clock_t(d->tcf_tm.expires);
> --
> 1.8.5.5
>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists