| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Aug 2021 13:51:11 -0700
From: Peilin Ye <yepeilin.cs@...il.com>
To: netdev@...r.kernel.org, David Ahern <dsahern@...il.com>
Cc: Stephen Hemminger <stephen@...workplumber.org>,
Jamal Hadi Salim <jhs@...atatu.com>,
Cong Wang <xiyou.wangcong@...il.com>,
Jiri Pirko <jiri@...nulli.us>,
Daniel Borkmann <daniel@...earbox.net>,
Cong Wang <cong.wang@...edance.com>,
Peilin Ye <peilin.ye@...edance.com>,
Peilin Ye <yepeilin.cs@...il.com>
Subject: [PATCH iproute2-next] tc/ingress: Introduce clsact egress mini-Qdisc option
From: Peilin Ye <peilin.ye@...edance.com>
If the ingress Qdisc is in use, currently it is not possible to add
another clsact egress mini-Qdisc to the same device without taking down
the ingress Qdisc, since both sch_ingress and sch_clsact use the same
handle (0xFFFF0000).
To solve this issue, recently we added a new clsact egress mini-Qdisc
option for sch_ingress in the kernel. Support it in the q_ingress front
end, and update the usage message accordingly.
To turn on the egress mini-Qdisc:
$ tc qdisc add dev eth0 ingress
$ tc qdisc change dev eth0 ingress clsact-on
Then users can add filters to the egress mini-Qdisc as usual:
$ tc filter add dev eth0 egress protocol ip prio 10 \
matchall action skbmod swap mac
Deleting the ingress Qdisc removes the egress mini-Qdisc as well. To
remove egress mini-Qdisc only, use:
$ tc qdisc change dev eth0 ingress clsact-off
Finally, if the egress mini-Qdisc is enabled, the "show" command will
print out a "clsact" flag to indicate it:
$ tc qdisc show ingress
qdisc ingress ffff: dev eth0 parent ffff:fff1 ----------------
$ tc qdisc change dev eth0 ingress clsact-on
$ tc qdisc show ingress
qdisc ingress ffff: dev eth0 parent ffff:fff1 ---------------- clsact
Reviewed-by: Cong Wang <cong.wang@...edance.com>
Signed-off-by: Peilin Ye <peilin.ye@...edance.com>
---
include/uapi/linux/pkt_sched.h | 12 +++++++++
tc/q_ingress.c | 46 ++++++++++++++++++++++++++++++++--
2 files changed, 56 insertions(+), 2 deletions(-)
diff --git a/include/uapi/linux/pkt_sched.h b/include/uapi/linux/pkt_sched.h
index 79a699f106b1..cb0eb5dd848a 100644
--- a/include/uapi/linux/pkt_sched.h
+++ b/include/uapi/linux/pkt_sched.h
@@ -586,6 +586,18 @@ enum {
#define TCA_ATM_MAX (__TCA_ATM_MAX - 1)
+/* INGRESS section */
+
+enum {
+ TCA_INGRESS_UNSPEC,
+ TCA_INGRESS_FLAGS,
+#define TC_INGRESS_CLSACT _BITUL(0) /* enable clsact egress mini-Qdisc */
+#define TC_INGRESS_SUPPORTED_FLAGS TC_INGRESS_CLSACT
+ __TCA_INGRESS_MAX,
+};
+
+#define TCA_INGRESS_MAX (__TCA_INGRESS_MAX - 1)
+
/* Network emulator */
enum {
diff --git a/tc/q_ingress.c b/tc/q_ingress.c
index 93313c9c2aec..25bf2dce0b56 100644
--- a/tc/q_ingress.c
+++ b/tc/q_ingress.c
@@ -17,21 +17,45 @@
static void explain(void)
{
- fprintf(stderr, "Usage: ... ingress\n");
+ fprintf(stderr,
+ "Usage: [ add | replace | link | delete ] ... ingress\n"
+ " change ... ingress [ clsact-on | clsact-off ]\n"
+ " clsact-on\tenable clsact egress mini-Qdisc\n"
+ " clsact-off\tdelete clsact egress mini-Qdisc\n");
}
static int ingress_parse_opt(struct qdisc_util *qu, int argc, char **argv,
struct nlmsghdr *n, const char *dev)
{
+ struct nla_bitfield32 flags = {
+ .selector = TC_INGRESS_SUPPORTED_FLAGS,
+ };
+ bool change = false;
+ struct rtattr *tail;
+
while (argc > 0) {
if (strcmp(*argv, "handle") == 0) {
NEXT_ARG();
- argc--; argv++;
+ } else if (strcmp(*argv, "clsact-on") == 0) {
+ flags.value |= TC_INGRESS_CLSACT;
+ change = true;
+ } else if (strcmp(*argv, "clsact-off") == 0) {
+ flags.value &= ~TC_INGRESS_CLSACT;
+ change = true;
} else {
fprintf(stderr, "What is \"%s\"?\n", *argv);
explain();
return -1;
}
+
+ argc--;
+ argv++;
+ }
+
+ if (change) {
+ tail = addattr_nest(n, 1024, TCA_OPTIONS);
+ addattr_l(n, 1024, TCA_INGRESS_FLAGS, &flags, sizeof(flags));
+ addattr_nest_end(n, tail);
}
return 0;
@@ -40,7 +64,25 @@ static int ingress_parse_opt(struct qdisc_util *qu, int argc, char **argv,
static int ingress_print_opt(struct qdisc_util *qu, FILE *f,
struct rtattr *opt)
{
+ struct rtattr *tb[TCA_INGRESS_MAX + 1];
+ struct nla_bitfield32 *flags;
+
print_string(PRINT_FP, NULL, "---------------- ", NULL);
+
+ if (!opt)
+ return 0;
+
+ parse_rtattr_nested(tb, TCA_INGRESS_MAX, opt);
+
+ if (!tb[TCA_INGRESS_FLAGS])
+ return -1;
+ if (RTA_PAYLOAD(tb[TCA_INGRESS_FLAGS]) < sizeof(*flags))
+ return -1;
+
+ flags = RTA_DATA(tb[TCA_INGRESS_FLAGS]);
+ if (flags->value & TC_INGRESS_CLSACT)
+ print_string(PRINT_FP, NULL, "clsact", NULL);
+
return 0;
}
--
2.20.1
Powered by blists - more mailing lists