lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAM_iQpXg3b-Om7BxsL-WSQGWBN=fqmz4uenW5G9+AyX9BH_zww@mail.gmail.com>
Date:   Fri, 11 Jan 2019 13:55:19 -0800
From:   Cong Wang <xiyou.wangcong@...il.com>
To:     Martin Olsson <martin.olsson+netdev@...torsecurity.com>
Cc:     netdev <netdev@...r.kernel.org>
Subject: Re: tc continue vs reclassify problem + no rule hit stats

On Thu, Jan 10, 2019 at 11:45 AM Martin Olsson
<martin.olsson+netdev@...torsecurity.com> wrote:
>
> Why are the two filters 200 and 201 skipped when using 'continue' but
> working fine with 'reclassify'?
[...]
> In the debug-rule 999 (and on the mirror destination interface) I see
> all 400 000 untagged packets.
> I expected 400000-15568-10468=373 964 as in the previous example.
>
>
> Why do I need to do a full reclassification?

It is probably a bug in kernel. It looks likely that we mess up with
the protocol again. Can you test the attached kernel patch?

The patch is against latest net/master branch, you may need
to adjust it for applying to 4.9.


>
> Another question:
>
> In the 'reclassify' scenario, I want to be able to see that rule 100
> has actually been hit 800 000 times (with only 400 000 successes), and
> rule 999 was hit 373 964 with 373 964 successes.
> But I'm missing the string "(rule hit 800000 success 400000)" in this output:
>
> # tc -s -d filter show dev enp1s0f0 root
> filter parent ffff: protocol 802.1Q pref 100 matchall
> filter parent ffff: protocol 802.1Q pref 100 matchall handle 0x1
> ####no hit stats here####
>         action order 1:  vlan pop reclassify
>          index 1 ref 1 bind 1 installed 245805 sec used 862 sec
>         Action statistics:
>         Sent 218959672 bytes 400000 pkt (dropped 0, overlimits 0 requeues 0)
>         backlog 0b 0p requeues 0
>
> Why don't the sections for rules 100 and 999 show any rule hit statistics?

These stats are specific to u32, matchall doesn't have them.
It should not be hard to add them there though.

Thanks.

Download attachment "cls_api.diff" of type "application/octet-stream" (938 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ