lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Aug 2021 13:51:11 -0700 From: Peilin Ye <yepeilin.cs@...il.com> To: netdev@...r.kernel.org, David Ahern <dsahern@...il.com> Cc: Stephen Hemminger <stephen@...workplumber.org>, Jamal Hadi Salim <jhs@...atatu.com>, Cong Wang <xiyou.wangcong@...il.com>, Jiri Pirko <jiri@...nulli.us>, Daniel Borkmann <daniel@...earbox.net>, Cong Wang <cong.wang@...edance.com>, Peilin Ye <peilin.ye@...edance.com>, Peilin Ye <yepeilin.cs@...il.com> Subject: [PATCH iproute2-next] tc/ingress: Introduce clsact egress mini-Qdisc option From: Peilin Ye <peilin.ye@...edance.com> If the ingress Qdisc is in use, currently it is not possible to add another clsact egress mini-Qdisc to the same device without taking down the ingress Qdisc, since both sch_ingress and sch_clsact use the same handle (0xFFFF0000). To solve this issue, recently we added a new clsact egress mini-Qdisc option for sch_ingress in the kernel. Support it in the q_ingress front end, and update the usage message accordingly. To turn on the egress mini-Qdisc: $ tc qdisc add dev eth0 ingress $ tc qdisc change dev eth0 ingress clsact-on Then users can add filters to the egress mini-Qdisc as usual: $ tc filter add dev eth0 egress protocol ip prio 10 \ matchall action skbmod swap mac Deleting the ingress Qdisc removes the egress mini-Qdisc as well. To remove egress mini-Qdisc only, use: $ tc qdisc change dev eth0 ingress clsact-off Finally, if the egress mini-Qdisc is enabled, the "show" command will print out a "clsact" flag to indicate it: $ tc qdisc show ingress qdisc ingress ffff: dev eth0 parent ffff:fff1 ---------------- $ tc qdisc change dev eth0 ingress clsact-on $ tc qdisc show ingress qdisc ingress ffff: dev eth0 parent ffff:fff1 ---------------- clsact Reviewed-by: Cong Wang <cong.wang@...edance.com> Signed-off-by: Peilin Ye <peilin.ye@...edance.com> --- include/uapi/linux/pkt_sched.h | 12 +++++++++ tc/q_ingress.c | 46 ++++++++++++++++++++++++++++++++-- 2 files changed, 56 insertions(+), 2 deletions(-) diff --git a/include/uapi/linux/pkt_sched.h b/include/uapi/linux/pkt_sched.h index 79a699f106b1..cb0eb5dd848a 100644 --- a/include/uapi/linux/pkt_sched.h +++ b/include/uapi/linux/pkt_sched.h @@ -586,6 +586,18 @@ enum { #define TCA_ATM_MAX (__TCA_ATM_MAX - 1) +/* INGRESS section */ + +enum { + TCA_INGRESS_UNSPEC, + TCA_INGRESS_FLAGS, +#define TC_INGRESS_CLSACT _BITUL(0) /* enable clsact egress mini-Qdisc */ +#define TC_INGRESS_SUPPORTED_FLAGS TC_INGRESS_CLSACT + __TCA_INGRESS_MAX, +}; + +#define TCA_INGRESS_MAX (__TCA_INGRESS_MAX - 1) + /* Network emulator */ enum { diff --git a/tc/q_ingress.c b/tc/q_ingress.c index 93313c9c2aec..25bf2dce0b56 100644 --- a/tc/q_ingress.c +++ b/tc/q_ingress.c @@ -17,21 +17,45 @@ static void explain(void) { - fprintf(stderr, "Usage: ... ingress\n"); + fprintf(stderr, + "Usage: [ add | replace | link | delete ] ... ingress\n" + " change ... ingress [ clsact-on | clsact-off ]\n" + " clsact-on\tenable clsact egress mini-Qdisc\n" + " clsact-off\tdelete clsact egress mini-Qdisc\n"); } static int ingress_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nlmsghdr *n, const char *dev) { + struct nla_bitfield32 flags = { + .selector = TC_INGRESS_SUPPORTED_FLAGS, + }; + bool change = false; + struct rtattr *tail; + while (argc > 0) { if (strcmp(*argv, "handle") == 0) { NEXT_ARG(); - argc--; argv++; + } else if (strcmp(*argv, "clsact-on") == 0) { + flags.value |= TC_INGRESS_CLSACT; + change = true; + } else if (strcmp(*argv, "clsact-off") == 0) { + flags.value &= ~TC_INGRESS_CLSACT; + change = true; } else { fprintf(stderr, "What is \"%s\"?\n", *argv); explain(); return -1; } + + argc--; + argv++; + } + + if (change) { + tail = addattr_nest(n, 1024, TCA_OPTIONS); + addattr_l(n, 1024, TCA_INGRESS_FLAGS, &flags, sizeof(flags)); + addattr_nest_end(n, tail); } return 0; @@ -40,7 +64,25 @@ static int ingress_parse_opt(struct qdisc_util *qu, int argc, char **argv, static int ingress_print_opt(struct qdisc_util *qu, FILE *f, struct rtattr *opt) { + struct rtattr *tb[TCA_INGRESS_MAX + 1]; + struct nla_bitfield32 *flags; + print_string(PRINT_FP, NULL, "---------------- ", NULL); + + if (!opt) + return 0; + + parse_rtattr_nested(tb, TCA_INGRESS_MAX, opt); + + if (!tb[TCA_INGRESS_FLAGS]) + return -1; + if (RTA_PAYLOAD(tb[TCA_INGRESS_FLAGS]) < sizeof(*flags)) + return -1; + + flags = RTA_DATA(tb[TCA_INGRESS_FLAGS]); + if (flags->value & TC_INGRESS_CLSACT) + print_string(PRINT_FP, NULL, "clsact", NULL); + return 0; } -- 2.20.1
Powered by blists - more mailing lists