[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZYAHl3f4+scOdJYc@dcaratti.users.ipa.redhat.com>
Date: Mon, 18 Dec 2023 09:49:27 +0100
From: Davide Caratti <dcaratti@...hat.com>
To: Victor Nogueira <victor@...atatu.com>
Cc: jhs@...atatu.com, davem@...emloft.net, edumazet@...gle.com,
kuba@...nel.org, pabeni@...hat.com, xiyou.wangcong@...il.com,
jiri@...nulli.us, mleitner@...hat.com, pctammela@...atatu.com,
netdev@...r.kernel.org, kernel@...atatu.com
Subject: Re: [PATCH RFC net-next] net: sched: act_mirred: Extend the cpu
mirred nest guard with an explicit loop ttl
hello Victor, thanks for the patch!
On Fri, Dec 15, 2023 at 03:08:27PM -0300, Victor Nogueira wrote:
> As pointed out by Jamal in:
> https://lore.kernel.org/netdev/CAM0EoMn4C-zwrTCGzKzuRYukxoqBa8tyHyFDwUSZYwkMOUJ4Lw@mail.gmail.com/
>
> Mirred is allowing for infinite loops in certain use cases, such as the
> following:
>
> ----
> sudo ip netns add p4node
> sudo ip link add p4port0 address 10:00:00:01:AA:BB type veth peer \
> port0 address 10:00:00:02:AA:BB
>
> sudo ip link set dev port0 netns p4node
> sudo ip a add 10.0.0.1/24 dev p4port0
> sudo ip neigh add 10.0.0.2 dev p4port0 lladdr 10:00:00:02:aa:bb
> sudo ip netns exec p4node ip a add 10.0.0.2/24 dev port0
> sudo ip netns exec p4node ip l set dev port0 up
> sudo ip l set dev p4port0 up
> sudo ip netns exec p4node tc qdisc add dev port0 clsact
> sudo ip netns exec p4node tc filter add dev port0 ingress protocol ip \
> prio 10 matchall action mirred ingress redirect dev port0
>
> ping -I p4port0 10.0.0.2 -c 1
> -----
>
> To solve this, we reintroduced a ttl variable attached to the skb (in
> struct tc_skb_cb) which will prevent infinite loops for use cases such as
> the one described above.
>
> The nest per cpu variable (tcf_mirred_nest_level) is now only used for
> detecting whether we should call netif_rx or netif_receive_skb when
> sending the packet to ingress.
looks good to me. Do you think it's worth setting an initial value (0, AFAIU)
for tc_skb_cb(skb)->ttl inside tc_run() ?
other than this,
Acked-by: Davide Caratti <dcaratti@...hat.com>
Powered by blists - more mailing lists