lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 29 Aug 2022 17:03:08 +0200 (CEST)
From:   Thorsten Glaser <t.glaser@...ent.de>
To:     Jakub Kicinski <kuba@...nel.org>
cc:     netdev@...r.kernel.org
Subject: Re: inter-qdisc communication?

(note the communication aspect is still open, see near the end)

On Fri, 26 Aug 2022, Jakub Kicinski wrote:

> How do you add latency on ingress? 🤔

I’ve found something that might do it.

https://serverfault.com/a/386791/189656 and
https://wiki.linuxfoundation.org/networking/netem#how_can_i_use_netem_on_incoming_traffic

So, basically:

$ extif=eth0  # or eth1 or wlan0 or…
$ sudo modprobe ifb  # once or via config
$ sudo ip link set dev ifb0 up
$ sudo tc qdisc add dev $extif handle FFFF: ingress
$ sudo tc filter add dev $extif parent FFFF: [… (see below) …]
$ sudo tc qdisc add dev ifb0 root myqdiscname opts…

All references to ifb seem to cargo-cult the following filter…

	protocol ip u32 match u32 0 0 flowid 1:1
	 action mirred egress redirect dev ifb0

… without explaining any of it. (I’ve concerned myself more with
the implementing of the qdisc than with the configuring, which my
coworkers did before, and I found the info quite… not easily
comprehensible.)

I’ve found that mirred means mirror or redirect, so the action
part’s probably fine. I’m very unsure of the protocol/match
part.

I require any and all traffic of all protocols to be redirected.
Not just IPv4, and not just traffic that matches anything. Can I
do that with the filter, and will this “trick” get me the effect
I want to have?

(I could just use netem but there’s still the issue of inter-
qdisc communication which I’d *very* much like to have, not just
for this but also for features that come later… and, perhaps, one
that’s already there — RAN “handover” emulation, i.e. stopping
all traffic for a few dozen ms or so.)

Thanks in advance,
//mirabilos
-- 
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

                        ****************************************************
/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against      Mit dem tarent-Newsletter nichts mehr verpassen:
 ╳  HTML eMail! Also,     https://www.tarent.de/newsletter
╱ ╲ header encryption!
                        ****************************************************

Powered by blists - more mailing lists