lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <42e1cc6f-ad10-33b7-6722-1416e1b92422@cogentembedded.com>
Date:	Sun, 5 Jun 2016 15:53:52 +0300
From:	Sergei Shtylyov <sergei.shtylyov@...entembedded.com>
To:	Daniel Borkmann <daniel@...earbox.net>, davem@...emloft.net
Cc:	alexei.starovoitov@...il.com, john.fastabend@...il.com,
	jhs@...atatu.com, netdev@...r.kernel.org
Subject: Re: [PATCH net-next] net, cls: allow for deleting all filters for
 given parent

Hello.

On 6/4/2016 7:24 PM, Daniel Borkmann wrote:

> Add a possibility where the user can just specify the parent and
> all filters under that parent are then being purged. Currently,
> for example for scripting, one needs to specify pref/prio to have
> a well-defined number for 'tc filter del' command for addressing
> the previously created instance or additionally filter handle in
> case of priorities being the same. Improve usage by allowing the
> option for tc to specify the parent and removing the whole chain
> for that given parent.
>
> Example usage after patch, no tc changes required:
>
>   # tc qdisc replace dev foo clsact
>   # tc filter add dev foo egress bpf da obj ./bpf.o
>   # tc filter add dev foo egress bpf da obj ./bpf.o
>   # tc filter show dev foo egress
>   filter protocol all pref 49151 bpf
>   filter protocol all pref 49151 bpf handle 0x1 bpf.o:[classifier] direct-action
>   filter protocol all pref 49152 bpf
>   filter protocol all pref 49152 bpf handle 0x1 bpf.o:[classifier] direct-action
>   # tc filter del dev foo egress
>   # tc filter show dev foo egress
>   #
>
> Previously, RTM_DELTFILTER requests with invalid prio of 0 were
> rejected, so only netlink requests with RTM_NEWTFILTER and NLM_F_CREATE
> flag were allowed where the kernel would auto-generate a pref/prio.
> We can piggyback on that and use prio of 0 as a wildcard for
> requests of RTM_DELTFILTER.
>
> Signed-off-by: Daniel Borkmann <daniel@...earbox.net>
> ---
>  net/sched/cls_api.c | 24 ++++++++++++++++++++----
>  1 file changed, 20 insertions(+), 4 deletions(-)
>
> diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
> index a75864d..caa1dd4 100644
> --- a/net/sched/cls_api.c
> +++ b/net/sched/cls_api.c
> @@ -156,11 +156,22 @@ replay:
>  	cl = 0;
>
>  	if (prio == 0) {
> -		/* If no priority is given, user wants we allocated it. */
> -		if (n->nlmsg_type != RTM_NEWTFILTER ||
> -		    !(n->nlmsg_flags & NLM_F_CREATE))
> +		switch (n->nlmsg_type) {
> +		case RTM_DELTFILTER:
> +			if (protocol || t->tcm_handle)
> +				return -ENOENT;
> +			break;
> +		case RTM_NEWTFILTER:
> +			/* If no priority is provided by the user,
> +			 * we allocate one.
> +			 */
> +			if (n->nlmsg_flags & NLM_F_CREATE) {
> +				prio = TC_H_MAKE(0x80000000U, 0U);
> +				break;
> +			}

    Need a comment here, something like /* FALL THRU */.

> +		default:
>  			return -ENOENT;
> -		prio = TC_H_MAKE(0x80000000U, 0U);
> +		}
>  	}
>
>  	/* Find head of filter chain. */
[...]

MBR, Sergei

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ