lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 25 Jan 2024 11:17:22 -0700
From: David Ahern <dsahern@...nel.org>
To: Victor Nogueira <victor@...atatu.com>, stephen@...workplumber.org,
 netdev@...r.kernel.org
Cc: kernel@...atatu.com
Subject: Re: [PATCH iproute2-next v2] m_mirred: Allow mirred to block

On 1/23/24 2:38 PM, Victor Nogueira wrote:
> So far the mirred action has dealt with syntax that handles
> mirror/redirection for netdev. A matching packet is redirected or mirrored
> to a target netdev.
> 
> In this patch we enable mirred to mirror to a tc block as well.
> IOW, the new syntax looks as follows:
> ... mirred <ingress | egress> <mirror | redirect> [index INDEX] < <blockid BLOCKID> | <dev <devname>> >
> 
> Examples of mirroring or redirecting to a tc block:
> $ tc filter add block 22 protocol ip pref 25 \
>   flower dst_ip 192.168.0.0/16 action mirred egress mirror blockid 22
> 
> $ tc filter add block 22 protocol ip pref 25 \
>   flower dst_ip 10.10.10.10/32 action mirred egress redirect blockid 22
> 
> Co-developed-by: Jamal Hadi Salim <jhs@...atatu.com>
> Signed-off-by: Jamal Hadi Salim <jhs@...atatu.com>
> Co-developed-by: Pedro Tammela <pctammela@...atatu.com>
> Signed-off-by: Pedro Tammela <pctammela@...atatu.com>
> Signed-off-by: Victor Nogueira <victor@...atatu.com>
> ---
> v1 -> v2:
> 
> - Add required changes to mirred's man page
> - Drop usage of the deprecated matches function in new code
> 
>  man/man8/tc-mirred.8 | 24 +++++++++++++++--
>  tc/m_mirred.c        | 62 +++++++++++++++++++++++++++++++++++---------
>  2 files changed, 72 insertions(+), 14 deletions(-)
> 


> +			} else if ((redir || mirror)) {
> +				if (strcmp(*argv, "blockid") == 0) {
> +					if (strlen(d)) {
> +						fprintf(stderr,
> +							"Mustn't specify blockid and dev simultaneously\n");

I fixed the error messages to avoid use of contractions

applied to iproute2-next

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ