lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 2 Aug 2021 23:10:56 +0200
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Peilin Ye <yepeilin.cs@...il.com>,
        Jamal Hadi Salim <jhs@...atatu.com>,
        Cong Wang <xiyou.wangcong@...il.com>,
        Jiri Pirko <jiri@...nulli.us>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, Cong Wang <cong.wang@...edance.com>,
        Peilin Ye <peilin.ye@...edance.com>, ast@...nel.org,
        john.fastabend@...il.com
Subject: Re: [PATCH net-next 1/2] net/sched: sch_ingress: Support clsact
 egress mini-Qdisc option

On 8/2/21 10:49 PM, Peilin Ye wrote:
> From: Peilin Ye <peilin.ye@...edance.com>
> 
> If the ingress Qdisc is in use, currently it is not possible to add
> another clsact egress mini-Qdisc to the same device without taking down
> the ingress Qdisc, since both sch_ingress and sch_clsact use the same
> handle (0xFFFF0000).
> 
> Add a "change" option for sch_ingress, so that users can enable or disable
> a clsact egress mini-Qdisc, without suffering from downtime:
> 
>      $ tc qdisc add dev eth0 ingress
>      $ tc qdisc change dev eth0 ingress clsact-on
> 
> Then users can add filters to the egress mini-Qdisc as usual:
> 
>      $ tc filter add dev eth0 egress protocol ip prio 10 \
> 	    matchall action skbmod swap mac
> 
> Deleting the ingress Qdisc removes the egress mini-Qdisc as well.  To
> remove egress mini-Qdisc only, use:
> 
>      $ tc qdisc change dev eth0 ingress clsact-off
> 
> Finally, if the egress mini-Qdisc is enabled, the "show" command will
> print out a "clsact" flag to indicate it:
> 
>      $ tc qdisc show ingress
>      qdisc ingress ffff: dev eth0 parent ffff:fff1 ----------------
>      $ tc qdisc change dev eth0 ingress clsact-on
>      $ tc qdisc show ingress
>      qdisc ingress ffff: dev eth0 parent ffff:fff1 ---------------- clsact
> 
> Reviewed-by: Cong Wang <cong.wang@...edance.com>
> Signed-off-by: Peilin Ye <peilin.ye@...edance.com>

NAK, just use clsact qdisc in the first place which has both ingress and egress
support instead of adding such hack. You already need to change your scripts for
clsact-on, so just swap 'tc qdisc add dev eth0 ingress' to 'tc qdisc add dev eth0
clsact' w/o needing to change kernel.

Thanks,
Daniel

Powered by blists - more mailing lists