| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 31 Dec 2018 23:12:16 +0100
From: Bartek Kois <bartek.kois@...il.com>
To: Jakub Kicinski <jakub.kicinski@...ronome.com>
Cc: netdev@...r.kernel.org
Subject: Re: Problem with queuing vlan tagged packets after migration from
3.16.0 to 4.9.0
Witam
Working setup (driver e1000e):
# ethtool -k eth1 | grep vlan
rx-vlan-offload: on
tx-vlan-offload: on
rx-vlan-filter: on [fixed]
vlan-challenged: off [fixed]
tx-vlan-stag-hw-insert: off [fixed]
rx-vlan-stag-hw-parse: off [fixed]
rx-vlan-stag-filter: off [fixed]
Broken setup (driver e1000e):
# ethtool -k eth1 | grep vlan
rx-vlan-offload: on
tx-vlan-offload: on
rx-vlan-filter: on [fixed]
vlan-challenged: off [fixed]
tx-vlan-stag-hw-insert: off [fixed]
rx-vlan-stag-hw-parse: off [fixed]
rx-vlan-stag-filter: off [fixed]
The same happens in case of ixgbe driver (tested on different
machine).I`ve been using this for several years and all of the sudden it
stops working properly. I`ve tried to use u32 classifier with value and
mask to match ip address on 16 or 20 byte (in case it contains
additional 4 bytes of vlan tag) to check if it will work with no luck.
Browsing the internet I found this notation: "protocol 802.1q", but it
doesn`t work on my system.
Pozdrawiam
Bartek Kois
W dniu 31.12.2018 o 22:47, Jakub Kicinski pisze:
> On Sat, 29 Dec 2018 13:52:23 +0100, Bartek Kois wrote:
>> Hi,
>> I`ve got problem while queuing with HFSC vlan tagged packets after
>> migrating my tc scripts from Debian 8.2 (3.16.0-4-amd64) to Debian 9.5
>> (4.9.0-6-amd64). tc filters added to eth1 do not classify correctly src
>> and dst ip addresses anymore if they are encapsulated with vlan tag
>> which wasn`t a problem previously. It works fine if I run them without
>> vlan tagging oraz if the root device is a vlan (eg. tc filter add dev
>> eth1.20). Could you please help me find out what has changed in kernel
>> between those two versions and what is walkaround for that problem?
> Could this be related to your device driver not stripping VLAN tags by
> default any more? Just a short in the dark.. Try:
>
> $ ethtool -k lo | grep vlan
>
> on working vs broken setup. What is your HW/device driver?
>
>> Example of my classification filters:
>>
>> tc filter add dev eth1 parent 1:0 prio 4 protocol ip u32
>> tc filter add dev eth1 parent 1:0 prio 4 handle ${NETWORK_GROUP_HEX}:
>> protocol ip u32 divisor 256
>> tc filter add dev eth1 protocol ip parent 1:0 prio 4 u32 ht 800:: match
>> ip dst ${NETWORK_ADDRESS}/24 hashkey mask 0x000000ff at 16 link
>> ${NETWORK_GROUP_HEX}:
>> tc filter add dev eth1 parent 1:0 protocol ip prio 4 u32 ht
>> ${NETWORK_GROUP_HEX}:0x${ADDR_Q4_HEX} match ip dst $ADDR classid
>> 1:${MARK_NORMAL}
>>
>>
>> Best regards
>> Bartek Kois
Powered by blists - more mailing lists