lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <201601121236.u0CCaAH4030858@d23av02.au.ibm.com>
Date:	Tue, 12 Jan 2016 20:35:57 +0800
From:	"Hong Hui Xiao" <xiaohhui@...ibm.com>
To:	Brian Haley <brian.haley@....com>
Cc:	netdev@...r.kernel.org
Subject: Re: [Question/Bug] Should the priority of ip rule be unique?

Thanks Brian. It really helps.




From:   Brian Haley <brian.haley@....com>
To:     Hong Hui Xiao/China/IBM@...CN, netdev@...r.kernel.org
Date:   01/12/2016 07:03
Subject:        Re: [Question/Bug] Should the priority of ip rule be 
unique?



On 01/08/2016 01:32 AM, Hong Hui Xiao wrote:
> Hi,
>
>  From the man page of ip rule at [1], it says that "Each rule should 
have
> an explicitly set unique priority value." It is reasonable to have 
unique
> priority for ambiguous rules.
> But I have a set of unambiguous ip rules, do I still need to set the
> priority of to be unique? In practice, I can set ip rules with 
duplicated
> priority, and things works as expected. I want to confirm with iproute
> developers if this is a support usecase. If so, the information in man
> page may need updates.
>
> 5000: from all fwmark 0x4000000/0xffff0000 lookup table0
> 5000: from all fwmark 0x4010000/0xffff0000 lookup table1
> 5000: from all fwmark 0x4020000/0xffff0000 lookup table2
> 5000: from all fwmark 0x4030000/0xffff0000 lookup table3
>
>
> [1] http://man7.org/linux/man-pages/man8/ip-rule.8.html (search for
> "unique")

No, you shouldn't need to set the priority in this case as each rule is 
unique. 
  From reading earlier in the man page, and looking at the code, the rules 
are 
ordered and scanned in order of decreasing priority, with a lower priority 
being 
higher.  In the case of rules with the same priority they are ordered 
based on 
the order in which they were added to the kernel.

So I guess the man page could be tweaked a little, given "should" seems to 

follow the liberal IANA meaning of recommended, but not required.

-Brian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ