lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 13 Jan 2019 12:58:05 -0800
From:   Cong Wang <xiyou.wangcong@...il.com>
To:     Jamal Hadi Salim <jhs@...atatu.com>
Cc:     Linux Kernel Network Developers <netdev@...r.kernel.org>,
        Martin Olsson <martin.olsson+netdev@...torsecurity.com>,
        Jiri Pirko <jiri@...nulli.us>,
        Lucas Bates <lucasb@...atatu.com>
Subject: Re: [Patch net] net_sched: refetch skb protocol for each filter

On Sat, Jan 12, 2019 at 4:23 AM Jamal Hadi Salim <jhs@...atatu.com> wrote:
> Cong,
> I am a little worried about the impact of this change. Smells
> more like it has to do with Vlan action or related issues
> than with reclassifying.

You can verify this patch with Martin's test case. I verified it
with the script below, it works as expected.

Not sure if it is feasible to add it to tc-tests as it needs a vlan
device on top of veth.


ip netns add test1
ip netns add test2
ip link add dev veth1 type veth peer name veth2
ip link set dev veth1 netns test1 up
ip link set dev veth2 netns test2 up
ip netns exec test1 ifconfig veth1 192.168.1.1 netmask 255.255.255.0
ip netns exec test2 ifconfig veth2 192.168.1.2 netmask 255.255.255.0
ip netns exec test1 ip link add link veth1 name veth1.100 type vlan id 100
ip netns exec test2 ip link add link veth2 name veth2.100 type vlan id 100
ip netns exec test1 ip link set link dev veth1.100 up
ip netns exec test2 ip link set link dev veth2.100 up
ip netns exec test1 ifconfig veth1.100 192.168.100.1 netmask 255.255.255.0
ip netns exec test2 ifconfig veth2.100 192.168.100.2 netmask 255.255.255.0
ip netns exec test2 ip link set dev veth2 address 00:c0:7b:7d:00:c8
ip netns exec test1 ip neighbor add 192.168.100.2 lladdr
00:c0:7b:7d:00:c8 dev veth1.100 nud permanent

ip netns exec test1 tc qdisc add dev veth1 clsact
ip netns exec test1 tc filter add dev veth1 egress prio 100  protocol
802.1Q  matchall action vlan pop continue #reclassify
ip netns exec test1 tc filter add dev veth1 egress prio 200  protocol
ip      u32 match ip src 192.168.1.0/24  action drop
ip netns exec test1 tc filter add dev veth1 egress prio 201  protocol
ip      u32 match ip dst 192.168.100.0/24  action drop



Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ