| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180309100722.21627-1-simon.horman@netronome.com>
Date: Fri, 9 Mar 2018 11:07:22 +0100
From: Simon Horman <simon.horman@...ronome.com>
To: Stephen Hemminger <stephen@...workplumber.org>
Cc: Jiri Pirko <jiri@...nulli.us>, Jamal Hadi Salim <jhs@...atatu.com>,
Cong Wang <xiyou.wangcong@...il.com>, netdev@...r.kernel.org,
oss-drivers@...ronome.com,
Pieter Jansen van Vuuren
<pieter.jansenvanvuuren@...ronome.com>,
Simon Horman <simon.horman@...ronome.com>
Subject: [PATCH iproute2/net-next] tc: f_flower: Add support for matching first frag packets
From: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@...ronome.com>
Add matching support for distinguishing between first and later fragmented
packets.
# tc filter add dev eth0 protocol ip parent ffff: \
flower indev eth0 \
ip_flags firstfrag \
ip_proto udp \
action mirred egress redirect dev eth1
# tc filter add dev eth0 protocol ip parent ffff: \
flower indev eth0 \
ip_flags nofirstfrag \
ip_proto udp \
action mirred egress redirect dev eth1
Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@...ronome.com>
Reviewed-by: Jakub Kicinski <jakub.kicinski@...ronome.com>
Signed-off-by: Simon Horman <simon.horman@...ronome.com>
---
man/man8/tc-flower.8 | 8 ++++++--
tc/f_flower.c | 1 +
2 files changed, 7 insertions(+), 2 deletions(-)
This patch depends on updating pkt_cls.h to add
TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST along side
TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT.
That change is present in the kernel net-next tree as of
459d153d9916 ("net/sched: cls_flower: Add support to handle first frag as match field")
diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
index 768eda3d52bd..a561443b9978 100644
--- a/man/man8/tc-flower.8
+++ b/man/man8/tc-flower.8
@@ -258,8 +258,12 @@ is a 16 bit UDP dst port.
.BI ip_flags " IP_FLAGS"
.I IP_FLAGS
may be either
-.BR frag " or " nofrag
-to match on fragmented packets or not respectively.
+.BR frag ", " nofrag ", " firstfrag " or " nofirstfrag
+where frag and nofrag could be used to match on fragmented packets or not,
+respectively. firstfrag and nofirstfrag can be used to further distinguish
+fragmented packet. firstfrag can be used to indicate the first fragmented
+packet. nofirstfrag can be used to indicates subsequent fragmented packets
+or non-fragmented packets.
.SH NOTES
As stated above where applicable, matches of a certain layer implicitly depend
on the matches of the next lower layer. Precisely, layer one and two matches
diff --git a/tc/f_flower.c b/tc/f_flower.c
index 5a4ec832bc19..9d4bfd2f808b 100644
--- a/tc/f_flower.c
+++ b/tc/f_flower.c
@@ -155,6 +155,7 @@ struct flag_to_string {
static struct flag_to_string flags_str[] = {
{ TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOWER_IP_FLAGS, "frag" },
+ { TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST, FLOWER_IP_FLAGS, "firstfrag" },
};
static int flower_parse_matching_flags(char *str,
--
2.11.0
Powered by blists - more mailing lists