lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1a00088f-7d25-082c-422c-b3c16bc15f67@gmail.com>
Date:   Mon, 20 Jul 2020 10:37:48 -0600
From:   David Ahern <dsahern@...il.com>
To:     Petr Machata <petrm@...lanox.com>, netdev@...r.kernel.org
Cc:     Stephen Hemminger <stephen@...workplumber.org>,
        Jiri Pirko <jiri@...lanox.com>
Subject: Re: [PATCH iproute2-next v3 0/2] Support showing a block bound by
 qevent

On 7/16/20 10:47 AM, Petr Machata wrote:
> When a list of filters at a given block is requested, tc first validates
> that the block exists before doing the filter query. Currently the
> validation routine checks ingress and egress blocks. But now that blocks
> can be bound to qevents as well, qevent blocks should be looked for as
> well:
> 
>     # ip link add up type dummy
>     # tc qdisc add dev dummy1 root handle 1: \
>          red min 30000 max 60000 avpkt 1000 qevent early_drop block 100
>     # tc filter add block 100 pref 1234 handle 102 matchall action drop
>     # tc filter show block 100
>     Cannot find block "100"
> 
> This patchset fixes this issue:
> 
>     # tc filter show block 100
>     filter protocol all pref 1234 matchall chain 0 
>     filter protocol all pref 1234 matchall chain 0 handle 0x66 
>       not_in_hw
>             action order 1: gact action drop
>              random type none pass val 0
>              index 2 ref 1 bind 1
> 
> In patch #1, the helpers and necessary infrastructure is introduced,
> including a new qdisc_util callback that implements sniffing out bound
> blocks in a given qdisc.
> 
> In patch #2, RED implements the new callback.
> 
> v3:
> - Patch #1:
>     - Do not pass &ctx->found directly to has_block. Do it through a
>       helper variable, so that the callee does not overwrite the result
>       already stored in ctx->found.
> 
> v2:
> - Patch #1:
>     - In tc_qdisc_block_exists_cb(), do not initialize 'q'.
>     - Propagate upwards errors from q->has_block.
> 
> Petr Machata (2):
>   tc: Look for blocks in qevents
>   tc: q_red: Implement has_block for RED
> 
>  tc/q_red.c     | 17 +++++++++++++++++
>  tc/tc_qdisc.c  | 18 ++++++++++++++++++
>  tc/tc_qevent.c | 15 +++++++++++++++
>  tc/tc_qevent.h |  2 ++
>  tc/tc_util.h   |  2 ++
>  5 files changed, 54 insertions(+)
> 


applied to iproute2-next. Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ