lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 30 Apr 2020 20:06:16 +0200
From:   Andrea Claudi <aclaudi@...hat.com>
To:     Davide Caratti <dcaratti@...hat.com>
Cc:     Stephen Hemminger <stephen@...workplumber.org>,
        linux-netdev <netdev@...r.kernel.org>,
        David Ahern <dsahern@...il.com>,
        Jamal Hadi Salim <jhs@...atatu.com>
Subject: Re: [PATCH iproute2-next v2] tc: full JSON support for 'bpf' filter

On Thu, Apr 30, 2020 at 8:03 PM Davide Caratti <dcaratti@...hat.com> wrote:
>
> example using eBPF:
>
>  # tc filter add dev dummy0 ingress bpf \
>  > direct-action obj ./bpf/filter.o sec tc-ingress
>  # tc  -j filter show dev dummy0 ingress | jq
>  [
>    {
>      "protocol": "all",
>      "pref": 49152,
>      "kind": "bpf",
>      "chain": 0
>    },
>    {
>      "protocol": "all",
>      "pref": 49152,
>      "kind": "bpf",
>      "chain": 0,
>      "options": {
>        "handle": "0x1",
>        "bpf_name": "filter.o:[tc-ingress]",
>        "direct-action": true,
>        "not_in_hw": true,
>        "prog": {
>          "id": 101,
>          "tag": "a04f5eef06a7f555",
>          "jited": 1
>        }
>      }
>    }
>  ]
>
> v2:
>  - use print_nl(), thanks to Andrea Claudi
>  - use print_0xhex() for filter handle, thanks to Stephen Hemminger
>
> Signed-off-by: Davide Caratti <dcaratti@...hat.com>
> ---
>  tc/f_bpf.c | 29 +++++++++++++++--------------
>  1 file changed, 15 insertions(+), 14 deletions(-)
>
> diff --git a/tc/f_bpf.c b/tc/f_bpf.c
> index 135271aa1697..fa3552aefffd 100644
> --- a/tc/f_bpf.c
> +++ b/tc/f_bpf.c
> @@ -203,22 +203,24 @@ static int bpf_print_opt(struct filter_util *qu, FILE *f,
>         parse_rtattr_nested(tb, TCA_BPF_MAX, opt);
>
>         if (handle)
> -               fprintf(f, "handle 0x%x ", handle);
> +               print_0xhex(PRINT_ANY, "handle", "handle %#llx ", handle);
>
>         if (tb[TCA_BPF_CLASSID]) {
>                 SPRINT_BUF(b1);
> -               fprintf(f, "flowid %s ",
> +               print_string(PRINT_ANY, "flowid", "flowid %s ",
>                         sprint_tc_classid(rta_getattr_u32(tb[TCA_BPF_CLASSID]), b1));
>         }
>
>         if (tb[TCA_BPF_NAME])
> -               fprintf(f, "%s ", rta_getattr_str(tb[TCA_BPF_NAME]));
> +               print_string(PRINT_ANY, "bpf_name", "%s ",
> +                            rta_getattr_str(tb[TCA_BPF_NAME]));
>
>         if (tb[TCA_BPF_FLAGS]) {
>                 unsigned int flags = rta_getattr_u32(tb[TCA_BPF_FLAGS]);
>
>                 if (flags & TCA_BPF_FLAG_ACT_DIRECT)
> -                       fprintf(f, "direct-action ");
> +                       print_bool(PRINT_ANY,
> +                                  "direct-action", "direct-action ", true);
>         }
>
>         if (tb[TCA_BPF_FLAGS_GEN]) {
> @@ -226,14 +228,14 @@ static int bpf_print_opt(struct filter_util *qu, FILE *f,
>                         rta_getattr_u32(tb[TCA_BPF_FLAGS_GEN]);
>
>                 if (flags & TCA_CLS_FLAGS_SKIP_HW)
> -                       fprintf(f, "skip_hw ");
> +                       print_bool(PRINT_ANY, "skip_hw", "skip_hw ", true);
>                 if (flags & TCA_CLS_FLAGS_SKIP_SW)
> -                       fprintf(f, "skip_sw ");
> -
> +                       print_bool(PRINT_ANY, "skip_sw", "skip_sw ", true);
>                 if (flags & TCA_CLS_FLAGS_IN_HW)
> -                       fprintf(f, "in_hw ");
> +                       print_bool(PRINT_ANY, "in_hw", "in_hw ", true);
>                 else if (flags & TCA_CLS_FLAGS_NOT_IN_HW)
> -                       fprintf(f, "not_in_hw ");
> +                       print_bool(PRINT_ANY,
> +                                  "not_in_hw", "not_in_hw ", true);
>         }
>
>         if (tb[TCA_BPF_OPS] && tb[TCA_BPF_OPS_LEN])
> @@ -245,14 +247,13 @@ static int bpf_print_opt(struct filter_util *qu, FILE *f,
>         if (!dump_ok && tb[TCA_BPF_TAG]) {
>                 SPRINT_BUF(b);
>
> -               fprintf(f, "tag %s ",
> -                       hexstring_n2a(RTA_DATA(tb[TCA_BPF_TAG]),
> -                                     RTA_PAYLOAD(tb[TCA_BPF_TAG]),
> -                                     b, sizeof(b)));
> +               print_string(PRINT_ANY, "tag", "tag %s ",
> +                            hexstring_n2a(RTA_DATA(tb[TCA_BPF_TAG]),
> +                            RTA_PAYLOAD(tb[TCA_BPF_TAG]), b, sizeof(b)));
>         }
>
>         if (tb[TCA_BPF_POLICE]) {
> -               fprintf(f, "\n");
> +               print_nl();
>                 tc_print_police(f, tb[TCA_BPF_POLICE]);
>         }
>
> --
> 2.26.2
>

LGTM.
Acked-by: Andrea Claudi <aclaudi@...hat.com>

Powered by blists - more mailing lists