lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date:   Sun, 30 Aug 2020 17:57:46 +0300
From:   Denis Gubin <denis.gubin@...il.com>
To:     netdev@...r.kernel.org
Subject: tc filter create hash table and filter rule

Good day!

I want to understand how tc fitler works.
Could you please give me some advice for it?

I want to add and delete fitler rule by full handle but I can't do it.
I need some article where I can read about tc utility.

For instance I want create one filter rule and then delete it.

The commands as follows:

tc filter add dev eno5 parent ffff: pref 45000 handle 555:0:1 protocol
all u32 match u8 0 0 action mirred egress mirror dev lo

I get an error:
Error: cls_u32: Handle specified hash table address mismatch.

Ok. For started I'll create hash table with number 555
tc filter add dev eno5 parent ffff: pref 45000 protocol ip handle 555:
u32 divisor 1

I don't get an error.

Then I show output
tc -s -d filter show dev eno5 parent ffff:

filter protocol ip pref 45000 u32 chain 0
filter protocol ip pref 45000 u32 chain 0 fh 555: ht divisor 1
filter protocol ip pref 45000 u32 chain 0 fh 827: ht divisor 1


My question:
Why do I see the third string  "filter protocol ip pref 45000 u32
chain 0 fh 827: ht divisor 1" ?

I think I should see only two strings, should I ?

filter protocol ip pref 45000 u32 chain 0
filter protocol ip pref 45000 u32 chain 0 fh 555: ht divisor 1


Ok. Go ahead.

I want to create filter rule with full handle 555:0:1

tc filter add dev eno5 parent ffff: pref 45000 handle 555:0:1 protocol
ip u32 match u8 0 0 action mirred egress mirror dev lo

I get error:

Error: cls_u32: Handle specified hash table address mismatch.
We have an error talking to the kernel, -1

Then I use 827 hash table number:

tc filter add dev eno5 parent ffff: pref 45000 handle 827:0:1 protocol
ip u32 match u8 0 0 action mirred egress mirror dev lo

I don't get an error. I am showing the output below:

filter protocol ip pref 45000 u32 chain 0
filter protocol ip pref 45000 u32 chain 0 fh 555: ht divisor 1
filter protocol ip pref 45000 u32 chain 0 fh 827: ht divisor 1
filter protocol ip pref 45000 u32 chain 0 fh 827::1 order 1 key ht 827
bkt 0 terminal flowid ??? not_in_hw  (rule hit 0 success 0)
  match 00000000/00000000 at 0 (success 0 )
action order 1: mirred (Egress Mirror to device lo) pipe
  index 26 ref 1 bind 1 installed 7 sec used 7 sec
  Action statistics:
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0

My question:
Why can't  I create the filter rule with 555 hash number ?

If I create filter rule with handle ::1 ...

tc filter add dev eno5 parent ffff: pref 33000 handle ::1 protocol ip
u32 match u8 0 0 action mirred egress mirror dev lo

And I show the output
tc -s -d filter show dev eno5 0 parent ffff:

filter protocol ip pref 33000 u32 chain 0
filter protocol ip pref 33000 u32 chain 0 fh 829: ht divisor 1
filter protocol ip pref 33000 u32 chain 0 fh 829::1 order 1 key ht 829
bkt 0 terminal flowid ??? not_in_hw  (rule hit 0 success 0)
  match 00000000/00000000 at 0 (success 0 )
action order 1: mirred (Egress Mirror to device lo) pipe
  index 29 ref 1 bind 1 installed 1 sec used 1 sec
  Action statistics:
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0


... I'll can see that hash table with 829 number with ht divisor 1 has
created yet and rule 829::1 created yet. But I want to control hash
table number by myself.
I don't want tc utility do it by itself.

Can I control creating hash table number by myself ?

Best regards,
Denis Gubin

Powered by blists - more mailing lists