lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 2 May 2020 05:19:18 -0400
From:   Jamal Hadi Salim <jhs@...atatu.com>
To:     Cong Wang <xiyou.wangcong@...il.com>, netdev@...r.kernel.org
Cc:     Jiri Pirko <jiri@...nulli.us>
Subject: Re: [Patch net v2] net_sched: fix tcm_parent in tc filter dump

On 2020-05-02 4:48 a.m., Jamal Hadi Salim wrote:
> On 2020-04-30 11:53 p.m., Cong Wang wrote:

[..]
>> Steps to reproduce this:
>>   ip li set dev dummy0 up
>>   tc qd add dev dummy0 ingress
>>   tc filter add dev dummy0 parent ffff: protocol arp basic action pass
>>   tc filter show dev dummy0 root
>>
>> Before this patch:
>>   filter protocol arp pref 49152 basic
>>   filter protocol arp pref 49152 basic handle 0x1
>>     action order 1: gact action pass
>>      random type none pass val 0
>>      index 1 ref 1 bind 1
>>
>> After this patch:
>>   filter parent ffff: protocol arp pref 49152 basic
>>   filter parent ffff: protocol arp pref 49152 basic handle 0x1
>>       action order 1: gact action pass
>>        random type none pass val 0
>>      index 1 ref 1 bind 1
> 
> Note:
> tc filter show dev dummy0 root
> should not show that filter. OTOH,
> tc filter show dev dummy0 parent ffff:
> should.
> 
> root and ffff: are distinct/unique installation hooks.
> 

Suprised no one raised this earlier - since it is so
fundamental (we should add a tdc test for it). I went back
to the oldest kernel i have from early 2018 and it was broken..

Cong, your patch is good for the case where we
want to show _all_ filters regardless of where they
were installed but only if no parent is specified. i.e if i did this:
tc filter show dev dummy0
then i am asking to see all the filters for that device.
I am actually not sure if "tc filter show dev dummy0"
ever worked that way - but it makes sense since
no dump-filtering is specified.


To illustrate, I did this:
tc filter add dev dummy0 root protocol arp prio 49151 basic action pass

And now the output looks like:
-------
#  tc filter show dev dummy0 ingressfilter protocol arp pref 49151 basic 
chain 0
filter protocol arp pref 49151 basic chain 0 handle 0x2
	action order 1: gact action pass
	 random type none pass val 0
	 index 2 ref 1 bind 1

filter protocol arp pref 49151 basic chain 0 handle 0x1
	action order 1: gact action pass
	 random type none pass val 0
	 index 1 ref 1 bind 1

#  tc filter show dev dummy0 root
filter protocol arp pref 49151 basic chain 0
filter protocol arp pref 49151 basic chain 0 handle 0x2
	action order 1: gact action pass
	 random type none pass val 0
	 index 2 ref 1 bind 1

filter protocol arp pref 49151 basic chain 0 handle 0x1
	action order 1: gact action pass
	 random type none pass val 0
	 index 1 ref 1 bind 1
------



If, OTOH, i specified the parent
then only that parents filters should be displayed..

cheers,
jamal

Powered by blists - more mailing lists