lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu,  6 Jun 2019 17:32:09 -0400
From:   Roman Mashak <mrv@...atatu.com>
To:     netdev@...r.kernel.org
Cc:     kernel@...atatu.com, jhs@...atatu.com, xiyou.wangcong@...il.com,
        jiri@...nulli.us, Roman Mashak <mrv@...atatu.com>
Subject: [PATCH iproute2 1/1] tc: Fix binding of gact action by index.

The following operation fails:
% sudo tc actions add action pipe index 1
% sudo tc filter add dev lo parent ffff: \
       protocol ip pref 10 u32 match ip src 127.0.0.2 \
       flowid 1:10 action gact index 1

Bad action type index
Usage: ... gact <ACTION> [RAND] [INDEX]
Where:  ACTION := reclassify | drop | continue | pass | pipe |
                  goto chain <CHAIN_INDEX> | jump <JUMP_COUNT>
        RAND := random <RANDTYPE> <ACTION> <VAL>
        RANDTYPE := netrand | determ
        VAL : = value not exceeding 10000
        JUMP_COUNT := Absolute jump from start of action list
        INDEX := index value used

However, passing a control action of gact rule during filter binding works:

% sudo tc filter add dev lo parent ffff: \
       protocol ip pref 10 u32 match ip src 127.0.0.2 \
       flowid 1:10 action gact pipe index 1

Binding by reference, i.e. by index, has to consistently work with
any tc action.

Since tc is sensitive to the order of keywords passed on the command line,
we can teach gact to skip parsing arguments as soon as it sees 'gact'
followed by 'index' keyword. 

Signed-off-by: Roman Mashak <mrv@...atatu.com>
---
 tc/m_gact.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tc/m_gact.c b/tc/m_gact.c
index a0a3c33d23da..5b781e16446d 100644
--- a/tc/m_gact.c
+++ b/tc/m_gact.c
@@ -89,6 +89,9 @@ parse_gact(struct action_util *a, int *argc_p, char ***argv_p,
 
 	if (!matches(*argv, "gact"))
 		NEXT_ARG_FWD();
+	/* we're binding existing gact action to filter by index. */
+	if (!matches(*argv, "index"))
+		goto skip_args;
 	if (parse_action_control(&argc, &argv, &p.action, false))
 		usage();	/* does not return */
 
@@ -133,6 +136,7 @@ parse_gact(struct action_util *a, int *argc_p, char ***argv_p,
 
 	if (argc > 0) {
 		if (matches(*argv, "index") == 0) {
+skip_args:
 			NEXT_ARG();
 			if (get_u32(&p.index, *argv, 10)) {
 				fprintf(stderr, "Illegal \"index\"\n");
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ