| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Jan 2018 13:23:06 -0200
From: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
To: Jiri Pirko <jiri@...nulli.us>
Cc: netdev@...r.kernel.org, davem@...emloft.net, jhs@...atatu.com,
xiyou.wangcong@...il.com, mlxsw@...lanox.com, andrew@...n.ch,
vivien.didelot@...oirfairelinux.com, f.fainelli@...il.com,
michael.chan@...adcom.com, ganeshgr@...lsio.com,
saeedm@...lanox.com, matanb@...lanox.com, leonro@...lanox.com,
idosch@...lanox.com, jakub.kicinski@...ronome.com,
simon.horman@...ronome.com, pieter.jansenvanvuuren@...ronome.com,
john.hurley@...ronome.com, alexander.h.duyck@...el.com,
ogerlitz@...lanox.com, john.fastabend@...il.com,
daniel@...earbox.net, dsahern@...il.com
Subject: Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share
filter block instances
On Sat, Jan 06, 2018 at 12:09:18AM +0100, Jiri Pirko wrote:
...
> Note we cannot use the qdisc for filter manipulations for shared blocks:
>
> $ tc filter add dev ens8 ingress protocol ip pref 1 flower dst_ip 192.168.100.2 action drop
> Error: Cannot work with shared block, please use block index.
>
>
> We will see the same output if we list filters for ingress qdisc of
> ens7 and ens8, also for the block 22:
>
> $ tc filter show block 22
> filter block 22 protocol ip pref 25 flower chain 0
> filter block 22 protocol ip pref 25 flower chain 0 handle 0x1
> ...
>
> $ tc filter show dev ens7 ingress
> filter block 22 protocol ip pref 25 flower chain 0
> filter block 22 protocol ip pref 25 flower chain 0 handle 0x1
> ...
>
> $ tc filter show dev ens8 ingress
> filter block 22 protocol ip pref 25 flower chain 0
> filter block 22 protocol ip pref 25 flower chain 0 handle 0x1
> ...
If changing a rule on an interface and reflecting it on the other
is considered confusing, what about getting the stats including the
stats from the other interface? AFAICT that's what would happen in the
3 show commands above, they would show the same values.
Seems it can get confusing to the user: to check an interface, see
some hits on it, but they actually happened on the other interface.
Marcelo
Powered by blists - more mailing lists