lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <57541A01.909@mojatatu.com>
Date:	Sun, 5 Jun 2016 08:24:33 -0400
From:	Jamal Hadi Salim <jhs@...atatu.com>
To:	Daniel Borkmann <daniel@...earbox.net>, davem@...emloft.net
Cc:	alexei.starovoitov@...il.com, john.fastabend@...il.com,
	netdev@...r.kernel.org
Subject: Re: [PATCH net-next] net, cls: allow for deleting all filters for
 given parent

On 16-06-04 12:24 PM, Daniel Borkmann wrote:
> Add a possibility where the user can just specify the parent and
> all filters under that parent are then being purged. Currently,
> for example for scripting, one needs to specify pref/prio to have
> a well-defined number for 'tc filter del' command for addressing
> the previously created instance or additionally filter handle in
> case of priorities being the same. Improve usage by allowing the
> option for tc to specify the parent and removing the whole chain
> for that given parent.
>
> Example usage after patch, no tc changes required:
>
>    # tc qdisc replace dev foo clsact
>    # tc filter add dev foo egress bpf da obj ./bpf.o
>    # tc filter add dev foo egress bpf da obj ./bpf.o
>    # tc filter show dev foo egress
>    filter protocol all pref 49151 bpf
>    filter protocol all pref 49151 bpf handle 0x1 bpf.o:[classifier] direct-action
>    filter protocol all pref 49152 bpf
>    filter protocol all pref 49152 bpf handle 0x1 bpf.o:[classifier] direct-action
>    # tc filter del dev foo egress
>    # tc filter show dev foo egress
>    #
>
> Previously, RTM_DELTFILTER requests with invalid prio of 0 were
> rejected, so only netlink requests with RTM_NEWTFILTER and NLM_F_CREATE
> flag were allowed where the kernel would auto-generate a pref/prio.
> We can piggyback on that and use prio of 0 as a wildcard for
> requests of RTM_DELTFILTER.
>
> Signed-off-by: Daniel Borkmann <daniel@...earbox.net>


Looks good to me.
Acked-by: Jamal Hadi Salim <jhs@...atatu.com>

cheers,
jamal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ