lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 16 Feb 2020 14:22:02 -0800
From:   Pravin Shelar <pshelar@....org>
To:     Matteo Croce <mcroce@...hat.com>
Cc:     Linux Kernel Network Developers <netdev@...r.kernel.org>,
        ovs dev <dev@...nvswitch.org>,
        LKML <linux-kernel@...r.kernel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Bindiya Kurle <bindiyakurle@...il.com>,
        Simon Horman <simon.horman@...ronome.com>,
        Ben Pfaff <blp@....org>,
        Nikolay Aleksandrov <nikolay@...ulusnetworks.com>,
        Nicolas Dichtel <nicolas.dichtel@...nd.com>,
        Jeremy Harris <jgh@...hat.com>
Subject: Re: [PATCH net-next v5] openvswitch: add TTL decrement action

On Sat, Feb 15, 2020 at 5:21 AM Matteo Croce <mcroce@...hat.com> wrote:
>
> New action to decrement TTL instead of setting it to a fixed value.
> This action will decrement the TTL and, in case of expired TTL, drop it
> or execute an action passed via a nested attribute.
> The default TTL expired action is to drop the packet.
>
> Supports both IPv4 and IPv6 via the ttl and hop_limit fields, respectively.
>
> Tested with a corresponding change in the userspace:
>
>     # ovs-dpctl dump-flows
>     in_port(2),eth(),eth_type(0x0800), packets:0, bytes:0, used:never, actions:dec_ttl{ttl<=1 action:(drop)},1
>     in_port(1),eth(),eth_type(0x0800), packets:0, bytes:0, used:never, actions:dec_ttl{ttl<=1 action:(drop)},2
>     in_port(1),eth(),eth_type(0x0806), packets:0, bytes:0, used:never, actions:2
>     in_port(2),eth(),eth_type(0x0806), packets:0, bytes:0, used:never, actions:1
>
>     # ping -c1 192.168.0.2 -t 42
>     IP (tos 0x0, ttl 41, id 61647, offset 0, flags [DF], proto ICMP (1), length 84)
>         192.168.0.1 > 192.168.0.2: ICMP echo request, id 386, seq 1, length 64
>     # ping -c1 192.168.0.2 -t 120
>     IP (tos 0x0, ttl 119, id 62070, offset 0, flags [DF], proto ICMP (1), length 84)
>         192.168.0.1 > 192.168.0.2: ICMP echo request, id 388, seq 1, length 64
>     # ping -c1 192.168.0.2 -t 1
>     #
>
> Co-developed-by: Bindiya Kurle <bindiyakurle@...il.com>
> Signed-off-by: Bindiya Kurle <bindiyakurle@...il.com>
> Signed-off-by: Matteo Croce <mcroce@...hat.com>
> ---

Thanks!

Acked-by: Pravin B Shelar <pshelar@....org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ