lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20210802205111.8220-1-yepeilin.cs@gmail.com>
Date:   Mon,  2 Aug 2021 13:51:11 -0700
From:   Peilin Ye <yepeilin.cs@...il.com>
To:     netdev@...r.kernel.org, David Ahern <dsahern@...il.com>
Cc:     Stephen Hemminger <stephen@...workplumber.org>,
        Jamal Hadi Salim <jhs@...atatu.com>,
        Cong Wang <xiyou.wangcong@...il.com>,
        Jiri Pirko <jiri@...nulli.us>,
        Daniel Borkmann <daniel@...earbox.net>,
        Cong Wang <cong.wang@...edance.com>,
        Peilin Ye <peilin.ye@...edance.com>,
        Peilin Ye <yepeilin.cs@...il.com>
Subject: [PATCH iproute2-next] tc/ingress: Introduce clsact egress mini-Qdisc option

From: Peilin Ye <peilin.ye@...edance.com>

If the ingress Qdisc is in use, currently it is not possible to add
another clsact egress mini-Qdisc to the same device without taking down
the ingress Qdisc, since both sch_ingress and sch_clsact use the same
handle (0xFFFF0000).

To solve this issue, recently we added a new clsact egress mini-Qdisc
option for sch_ingress in the kernel.  Support it in the q_ingress front
end, and update the usage message accordingly.

To turn on the egress mini-Qdisc:

    $ tc qdisc add dev eth0 ingress
    $ tc qdisc change dev eth0 ingress clsact-on

Then users can add filters to the egress mini-Qdisc as usual:

    $ tc filter add dev eth0 egress protocol ip prio 10 \
	    matchall action skbmod swap mac

Deleting the ingress Qdisc removes the egress mini-Qdisc as well.  To
remove egress mini-Qdisc only, use:

    $ tc qdisc change dev eth0 ingress clsact-off

Finally, if the egress mini-Qdisc is enabled, the "show" command will
print out a "clsact" flag to indicate it:

    $ tc qdisc show ingress
    qdisc ingress ffff: dev eth0 parent ffff:fff1 ----------------
    $ tc qdisc change dev eth0 ingress clsact-on
    $ tc qdisc show ingress
    qdisc ingress ffff: dev eth0 parent ffff:fff1 ---------------- clsact

Reviewed-by: Cong Wang <cong.wang@...edance.com>
Signed-off-by: Peilin Ye <peilin.ye@...edance.com>
---
 include/uapi/linux/pkt_sched.h | 12 +++++++++
 tc/q_ingress.c                 | 46 ++++++++++++++++++++++++++++++++--
 2 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/include/uapi/linux/pkt_sched.h b/include/uapi/linux/pkt_sched.h
index 79a699f106b1..cb0eb5dd848a 100644
--- a/include/uapi/linux/pkt_sched.h
+++ b/include/uapi/linux/pkt_sched.h
@@ -586,6 +586,18 @@ enum {
 
 #define TCA_ATM_MAX	(__TCA_ATM_MAX - 1)
 
+/* INGRESS section */
+
+enum {
+	TCA_INGRESS_UNSPEC,
+	TCA_INGRESS_FLAGS,
+#define	TC_INGRESS_CLSACT	   _BITUL(0)	/* enable clsact egress mini-Qdisc */
+#define	TC_INGRESS_SUPPORTED_FLAGS TC_INGRESS_CLSACT
+	__TCA_INGRESS_MAX,
+};
+
+#define	TCA_INGRESS_MAX	(__TCA_INGRESS_MAX - 1)
+
 /* Network emulator */
 
 enum {
diff --git a/tc/q_ingress.c b/tc/q_ingress.c
index 93313c9c2aec..25bf2dce0b56 100644
--- a/tc/q_ingress.c
+++ b/tc/q_ingress.c
@@ -17,21 +17,45 @@
 
 static void explain(void)
 {
-	fprintf(stderr, "Usage: ... ingress\n");
+	fprintf(stderr,
+		"Usage: [ add | replace | link | delete ] ... ingress\n"
+		"       change ... ingress [ clsact-on | clsact-off ]\n"
+		" clsact-on\tenable clsact egress mini-Qdisc\n"
+		" clsact-off\tdelete clsact egress mini-Qdisc\n");
 }
 
 static int ingress_parse_opt(struct qdisc_util *qu, int argc, char **argv,
 			     struct nlmsghdr *n, const char *dev)
 {
+	struct nla_bitfield32 flags = {
+		.selector = TC_INGRESS_SUPPORTED_FLAGS,
+	};
+	bool change = false;
+	struct rtattr *tail;
+
 	while (argc > 0) {
 		if (strcmp(*argv, "handle") == 0) {
 			NEXT_ARG();
-			argc--; argv++;
+		} else if (strcmp(*argv, "clsact-on") == 0) {
+			flags.value |= TC_INGRESS_CLSACT;
+			change = true;
+		} else if (strcmp(*argv, "clsact-off") == 0) {
+			flags.value &= ~TC_INGRESS_CLSACT;
+			change = true;
 		} else {
 			fprintf(stderr, "What is \"%s\"?\n", *argv);
 			explain();
 			return -1;
 		}
+
+		argc--;
+		argv++;
+	}
+
+	if (change) {
+		tail = addattr_nest(n, 1024, TCA_OPTIONS);
+		addattr_l(n, 1024, TCA_INGRESS_FLAGS, &flags, sizeof(flags));
+		addattr_nest_end(n, tail);
 	}
 
 	return 0;
@@ -40,7 +64,25 @@ static int ingress_parse_opt(struct qdisc_util *qu, int argc, char **argv,
 static int ingress_print_opt(struct qdisc_util *qu, FILE *f,
 			     struct rtattr *opt)
 {
+	struct rtattr *tb[TCA_INGRESS_MAX + 1];
+	struct nla_bitfield32 *flags;
+
 	print_string(PRINT_FP, NULL, "---------------- ", NULL);
+
+	if (!opt)
+		return 0;
+
+	parse_rtattr_nested(tb, TCA_INGRESS_MAX, opt);
+
+	if (!tb[TCA_INGRESS_FLAGS])
+		return -1;
+	if (RTA_PAYLOAD(tb[TCA_INGRESS_FLAGS]) < sizeof(*flags))
+		return -1;
+
+	flags = RTA_DATA(tb[TCA_INGRESS_FLAGS]);
+	if (flags->value & TC_INGRESS_CLSACT)
+		print_string(PRINT_FP, NULL, "clsact", NULL);
+
 	return 0;
 }
 
-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ