police and gact, to let
them return an error when users try to set 'goto chain x' in the fallback
action. Patch 3/4 and 4/4 add TDC selftest coverage to this new behavior.
For the series,
Acked-by: Jamal Hadi Salim
cheers,
jamal
k to something like
"only one goto chain is supported currently"
I didnt follow why you needed to introduce tcfg_caction...
cheers,
jamal
[1]actions should allow multitude return opcodes, not
just two. The proper solution seems to be to just let
the caller (cls_api - who is aware
ore thought. So the issue here is the goto chain failed
the configured chain doesnt exist?
cheers,
jamal
On 2018-10-11 2:44 p.m., David Ahern wrote:
On 10/11/18 12:05 PM, Jamal Hadi Salim wrote:
On 2018-10-11 1:04 p.m., David Ahern wrote:
I meant the general API of users passing filter arguments as attributes
to the dump (or values in the header) -- KIND, MASTER, device index,
etc
r some use case which requires a kernel change ("send me an event only
if you get link down" or "dump all ports with link down").
cheers,
jamal
h classical but
would be reasonably comfortable to do with ebpf.
Note:
That filter will work fine for dumps as well since the semantics
are the same.
the win is: in the future when you just wanna add that one new
filter attribute you dont need a kernel patch in and roll in a
new production kernel.
cheers,
jamal
(as the name
fib_dump_filter suggests)
cheers,
jamal
From: Al Viro
Both hnode ->tp_c and tp_c argument of u32_set_parms()
the latter is redundant, the former - never read...
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 11 ---
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/net/sc
From: Al Viro
* calculate key *once*, not for each hash chain element
* let tc_u_hash() return the pointer to chain head rather than index -
callers are cleaner that way.
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 24 +---
1 file
From: Al Viro
not used anymore
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index ef0f2e6ec422..810c49ac1bbe 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 4
1 file changed, 4 insertions(+)
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index 622f4657da94..3357331a80a2 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -797,6 +797,10 @@ static int u32_set_parms(struct
From: Al Viro
unused
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index 810c49ac1bbe..c378168f4562 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
ring an hnode to be deleted with tp->root won't
catch the case when one tp is used to try deleting the root of another.
Solution is trivial - mark the root hnodes explicitly upon allocation and
check for that.
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 4 +++-
1
From: Al Viro
Now that we have the knode count, we can instantly check if
any hnodes are non-empty. And that kills the check for extra
references to root hnode - those could happen only if there was
a knode to carry such a link.
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net
From: Al Viro
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 13 ++---
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index ce55eea448a0..ef0f2e6ec422 100644
--- a/net/sched/cls_u32.c
+++ b/net
From: Al Viro
the only thing we used ht for was ht->tp_c and callers can get that
without going through ->tp_c at all; start with lifting that into
the callers, next commits will massage those, eventually removing
->tp_c altogether.
Signed-off-by: Al Viro
Signed-off-by: Jamal H
From: Al Viro
Tested by modifying iproute2 to allow sending a divisor > 255
Tested-by: Jamal Hadi Salim
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/sched/cls_u32.c b/net/sc
From: Al Viro
allows to simplify u32_delete() considerably
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index 3d4c360f9b0c..61593bee08db 100644
--- a/net
From: Jamal Hadi Salim
Various improvements from Al.
Changes from version 1: Add missing commit
Al Viro (11):
net: sched: cls_u32: mark root hnode explicitly
net: sched: cls_u32: disallow linking to root hnode
net: sched: cls_u32: make sure that divisor is a power of 2
net: sched
so anything returned by u32_lookup_key(ht, ...)
will have ->ht_up equal to ht.
* any knode returned by u32_get(tp, ...) will have ->ht_up->tp_c
point to tp->data
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 5 ++---
1 file changed, 2 in
On 2018-10-08 4:46 a.m., Sergei Shtylyov wrote:
Hello!
On 07.10.2018 19:38, Jamal Hadi Salim wrote:
From: Al Viro
Tested by modifying iproute2 to to allow
One "to" is enough, no? :-)
Will fix in updated version.
cheers,
jamal
o net. I will submit an updated version.
cheers,
jamal
so anything returned by u32_lookup_key(ht, ...)
will have ->ht_up equal to ht.
* any knode returned by u32_get(tp, ...) will have ->ht_up->tp_c
point to tp->data
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 5 ++---
1 file changed, 2 in
From: Jamal Hadi Salim
Various improvements from Al.
Al Viro (11):
net: sched: cls_u32: disallow linking to root hnode
net: sched: cls_u32: make sure that divisor is a power of 2
net: sched: cls_u32: get rid of unused argument of u32_destroy_key()
net: sched: cls_u32: get rid
From: Al Viro
unused
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index 810c49ac1bbe..c378168f4562 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
From: Al Viro
not used anymore
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index ef0f2e6ec422..810c49ac1bbe 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched
From: Al Viro
Both hnode ->tp_c and tp_c argument of u32_set_parms()
the latter is redundant, the former - never read...
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 11 ---
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/net/sc
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 4
1 file changed, 4 insertions(+)
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index 622f4657da94..3357331a80a2 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -797,6 +797,10 @@ static int u32_set_parms(struct
From: Al Viro
* calculate key *once*, not for each hash chain element
* let tc_u_hash() return the pointer to chain head rather than index -
callers are cleaner that way.
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 24 +---
1 file
From: Al Viro
the only thing we used ht for was ht->tp_c and callers can get that
without going through ->tp_c at all; start with lifting that into
the callers, next commits will massage those, eventually removing
->tp_c altogether.
Signed-off-by: Al Viro
Signed-off-by: Jamal H
From: Al Viro
allows to simplify u32_delete() considerably
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index 3d4c360f9b0c..61593bee08db 100644
--- a/net
From: Al Viro
Tested by modifying iproute2 to to allow
sending a divisor > 255
Tested-by: Jamal Hadi Salim
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/sched/cls_u32.c b/net/sc
From: Al Viro
Now that we have the knode count, we can instantly check if
any hnodes are non-empty. And that kills the check for extra
references to root hnode - those could happen only if there was
a knode to carry such a link.
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net
From: Al Viro
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 13 ++---
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index ce55eea448a0..ef0f2e6ec422 100644
--- a/net/sched/cls_u32.c
+++ b/net
handle 1:0:11 u32 ht 1: link 0: offset at 0 mask 0f00 shift 6 plus 0 \
eat match ip protocol 6 ff
tc filter delete dev eth0 parent : protocol ip prio 100
Signed-off-by: Al Viro
Signed-off-by: Jamal Hadi Salim
---
net/sched/cls_u32.c | 10 +-
1 file changed, 5 insertions(+), 5 deleti
On 2018-09-10 8:25 a.m., Jamal Hadi Salim wrote:
On 2018-09-09 11:48 a.m., Al Viro wrote:
BTW, shouldn't we issue u32_clear_hw_hnode() every time
we destroy an hnode? It's done on u32_delete(), it's
done (for root ht) on u32_destroy(), but it's not done
for any other hnodes when you remove
assumption
that root is always 0x800 but oresence of
+Cc some of the NIC vendor folks..
cheers,
jamal
[1]
Here's a script posted by someone at Intel(Sridhar?) a while back
that adds 2 filters, one with skip-sw and the other with skip-hw
flag.
---
# add ingress qdisc
tc qdisc add dev p4p1
is "set classid x:y" without changing what is
being matched. i.e changing the classid in that example
would work.
cheers,
jamal
match ip src 192.168.8.0/8
$tc filter replace dev eth0 parent : protocol ip prio 102 \
handle 800:0:800 u32 classid 1:2 match ip src 1.1.0.0/24
u32_change() code path should have allowed changing of the
keynode.
cheers,
jamal
Acked-by: Jamal Hadi Salim
cheers,
jamal
On 2018-09-08 9:31 p.m., Al Viro wrote:
From: Al Viro
allows to simplify u32_delete() considerably
Signed-off-by: Al Viro
Acked-by: Jamal Hadi Salim
cheers,
jamal
On 2018-09-08 9:31 p.m., Al Viro wrote:
From: Al Viro
Acked-by: Jamal Hadi Salim
cheers,
jamal
On 2018-09-08 9:31 p.m., Al Viro wrote:
From: Al Viro
Acked-by: Jamal Hadi Salim
cheers,
jamal
ff-by: Al Viro
Acked-by: Jamal Hadi Salim
cheers,
jamal
On 2018-09-08 9:31 p.m., Al Viro wrote:
From: Al Viro
* calculate key *once*, not for each hash chain element
* let tc_u_hash() return the pointer to chain head rather than index -
callers are cleaner that way.
Signed-off-by: Al Viro
Acked-by: Jamal Hadi Salim
cheers,
jamal
On 2018-09-08 9:31 p.m., Al Viro wrote:
From: Al Viro
unused
Signed-off-by: Al Viro
Acked-by: Jamal Hadi Salim
cheers,
jamal
On 2018-09-08 9:31 p.m., Al Viro wrote:
From: Al Viro
not used anymore
Signed-off-by: Al Viro
Acked-by: Jamal Hadi Salim
cheers,
jamal
On 2018-09-08 9:31 p.m., Al Viro wrote:
From: Al Viro
Signed-off-by: Al Viro
Acked-by: Jamal Hadi Salim
cheers,
jamal
On 2018-09-08 9:31 p.m., Al Viro wrote:
From: Al Viro
> Signed-off-by: Al Viro
Test is by hacking user space iproute2 to allow
sending a divisor > 255
Tested-by: Jamal Hadi Salim
Acked-by: Jamal Hadi Salim
cheers,
jamal
On 2018-09-08 9:31 p.m., Al Viro wrote:
From: Al Viro
Acked-by: Jamal Hadi Salim
cheers,
jamal
: Not linking to root node
Signed-off-by: Al Viro
Tested-by: Jamal Hadi Salim
Acked-by: Jamal Hadi Salim
cheers,
jamal
i.e this you posted earlier, otherwise:
Tested-by: Jamal Hadi Salim
Acked-by: Jamal Hadi Salim
Reminder:
--
tc qdisc add dev eth0 ingress
tc filter add dev eth0 parent : protocol ip prio 100 handle 1: u32
divisor 1
tc filter add dev eth0 parent : protocol ip prio 200 handle 2: u32
diviso
$TC filter delete dev $P parent : protocol ip prio 10 \
u32
#8 now it is gone..
$TC filter ls dev $P parent :
your patches show #6 filter as still active.
We want it to look like #8
Hope this helps.
cheers,
jamal
On 2018-09-06 10:35 p.m., Al Viro wrote:
On Thu, Sep 06, 2018 at 06:21:09AM -0400, Jamal Hadi Salim wrote:
[..]
Argh... Unfortunately, there's this: in u32_delete() we have
if (root_ht) {
if (root_ht->refcnt > 1) {
*last =
On 2018-09-06 6:59 a.m., Al Viro wrote:
On Thu, Sep 06, 2018 at 06:34:00AM -0400, Jamal Hadi Salim wrote:
On 2018-09-06 6:28 a.m., Jamal Hadi Salim wrote:
[..]
Point, and that one is IMO enough to give up on using ->flags for
that. How about simply
diff --git a/net/sched/cls_u32.c b/
And a bunch of indentations...
cheers,
jamal
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index 6d45ec4c218c..cb3bee12af78 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -485,7 +485,8 @@ static void u32_clear_hw_hnode(struct tcf_proto *tp, struct tc_u_hnode *h,
struct
On 2018-09-05 3:04 p.m., Al Viro wrote:
From: Al Viro
* calculate key *once*, not for each hash chain element
* let tc_u_hash() return the pointer to chain head rather than index -
callers are cleaner that way.
Signed-off-by: Al Viro
Acked-by: Jamal Hadi Salim
cheers,
jamal
On 2018-09-05 3:04 p.m., Al Viro wrote:
From: Al Viro
unused
Signed-off-by: Al Viro
Acked-by: Jamal Hadi Salim
cheers,
jamal
On 2018-09-05 3:04 p.m., Al Viro wrote:
From: Al Viro
not used anymore
Signed-off-by: Al Viro
Acked-by: Jamal Hadi Salim
cheers,
jamal
On 2018-09-05 3:04 p.m., Al Viro wrote:
From: Al Viro
Signed-off-by: Al Viro
Acked-by: Jamal Hadi Salim
cheers,
jamal
On 2018-09-06 6:28 a.m., Jamal Hadi Salim wrote:
On 2018-09-05 3:04 p.m., Al Viro wrote:
From: Al Viro
... and disallow deleting or linking to such
Signed-off-by: Al Viro
Same comment as other one in regards to subject
Since the flag space is coming from htnode which is
exposed via uapi
On 2018-09-05 3:04 p.m., Al Viro wrote:
From: Al Viro
Signed-off-by: Al Viro
Acked-by: Jamal Hadi Salim
cheers,
jamal
it is for private use; but a comment in
include/uapi/linux/pkt_cls.h that this flag or
maybe a set of bits is reserved for internal use.
Otherwise:
Acked-by: Jamal Hadi Salim
cheers,
jamal
this one:
"[PATCH net 1/7]:net: sched: cls_u32: fix hnode refcounting"
Also useful to have a cover letter summarizing the patchset
in 0/7. Otherwise
Acked-by: Jamal Hadi Salim
cheers,
jamal
?
ENOENT with extack describing whether chain or filter not found.
cheers,
jamal
case tasks deadlock because they take same two locks in
different order. To prevent potential deadlock reported by lockdep, always
disable bh when obtaining ife_mod_lock.
Looks like your recent changes on net-next exposed this.
Acked-by: Jamal Hadi Salim
cheers,
jamal
From: Jamal Hadi Salim
Signed-off-by: Jamal Hadi Salim
---
net/sched/act_gact.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/sched/act_gact.c b/net/sched/act_gact.c
index bfccd34a3968..52a3e474d822 100644
--- a/net/sched/act_gact.c
+++ b/net/sched/act_gact.c
From: Jamal Hadi Salim
Signed-off-by: Jamal Hadi Salim
---
net/sched/act_skbmod.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/sched/act_skbmod.c b/net/sched/act_skbmod.c
index e9c86ade3b40..d6a1af0c4171 100644
--- a/net/sched/act_skbmod.c
+++ b/net/sched
From: Jamal Hadi Salim
Signed-off-by: Jamal Hadi Salim
---
net/sched/act_pedit.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/sched/act_pedit.c b/net/sched/act_pedit.c
index 3f62da72ab6a..8a7a7cb94e83 100644
--- a/net/sched/act_pedit.c
+++ b/net/sched
From: Jamal Hadi Salim
Signed-off-by: Jamal Hadi Salim
---
net/sched/act_skbedit.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/sched/act_skbedit.c b/net/sched/act_skbedit.c
index a6db47ebec11..926d7bc4a89d 100644
--- a/net/sched/act_skbedit.c
+++ b/net/sched
From: Jamal Hadi Salim
Having a structure (example tcf_mirred) and a function with the same name is
not good for readability or grepability.
This long overdue patchset improves it and make sure there is consistency
across all actions
Jamal Hadi Salim (13):
net: sched: act_connmark method
From: Jamal Hadi Salim
Signed-off-by: Jamal Hadi Salim
---
net/sched/act_csum.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/sched/act_csum.c b/net/sched/act_csum.c
index f01c59ba6d12..5596fae4e478 100644
--- a/net/sched/act_csum.c
+++ b/net/sched/act_csum.c
From: Jamal Hadi Salim
Signed-off-by: Jamal Hadi Salim
---
net/sched/act_connmark.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/sched/act_connmark.c b/net/sched/act_connmark.c
index 2f9bc833d046..54c0bf54f2ac 100644
--- a/net/sched/act_connmark.c
+++ b/net
From: Jamal Hadi Salim
Signed-off-by: Jamal Hadi Salim
---
net/sched/act_mirred.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c
index 327be257033d..8ec216001077 100644
--- a/net/sched/act_mirred.c
+++ b/net/sched
From: Jamal Hadi Salim
Signed-off-by: Jamal Hadi Salim
---
net/sched/act_nat.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
index 4dd9188a72fd..822e903bfc25 100644
--- a/net/sched/act_nat.c
+++ b/net/sched/act_nat.c
From: Jamal Hadi Salim
Signed-off-by: Jamal Hadi Salim
---
net/sched/act_vlan.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/sched/act_vlan.c b/net/sched/act_vlan.c
index 5bde17fe3608..d1f5028384c9 100644
--- a/net/sched/act_vlan.c
+++ b/net/sched/act_vlan.c
From: Jamal Hadi Salim
Signed-off-by: Jamal Hadi Salim
---
net/sched/act_simple.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/sched/act_simple.c b/net/sched/act_simple.c
index 18e4452574cd..e616523ba3c1 100644
--- a/net/sched/act_simple.c
+++ b/net/sched
From: Jamal Hadi Salim
Signed-off-by: Jamal Hadi Salim
---
net/sched/act_bpf.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/sched/act_bpf.c b/net/sched/act_bpf.c
index 9e8a33f9fee3..9b30e62805c7 100644
--- a/net/sched/act_bpf.c
+++ b/net/sched/act_bpf.c
From: Jamal Hadi Salim
Signed-off-by: Jamal Hadi Salim
---
net/sched/act_police.c | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/net/sched/act_police.c b/net/sched/act_police.c
index 88c16d80c1cf..06f0742db593 100644
--- a/net/sched/act_police.c
+++ b/net
From: Jamal Hadi Salim
Signed-off-by: Jamal Hadi Salim
---
net/sched/act_ipt.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c
index e149f0e66cb6..51f235bbeb5b 100644
--- a/net/sched/act_ipt.c
+++ b/net/sched/act_ipt.c
ir scripts if they
dont see expected behavior).
cheers,
jamal
o uapi - so user space tc is updated.
You then use the new tc specifying TC_ACT_XXX policy on kernel with your
changes.
If i read correctly because TC_ACT_XXX is out of bounds for current
kernel(which has your changes) you will fix it to be UNSPEC, no?
cheers,
jamal
On 30/07/18 12:41 PM, Paolo Abeni wrote:
On Mon, 2018-07-30 at 10:03 -0400, Jamal Hadi Salim wrote:
On 30/07/18 08:30 AM, Paolo Abeni wrote:
}
+ if (!tcf_action_valid(a->tcfa_action)) {
+ NL_SET_ERR_MSG(extack, "invalid action value, using TC_ACT_UNSPEC
I think it would make a lot more sense to just reject the entry than
changing it underneath the user to a default value. Least element of
suprise.
cheers,
jamal
On 25/07/18 01:09 PM, Marcelo Ricardo Leitner wrote:
On Wed, Jul 25, 2018 at 09:48:16AM -0700, Cong Wang wrote:
On Wed, Jul 25, 2018 at 5:27 AM Jamal Hadi Salim wrote:
Those changes were there from the beginning (above patch did
not introduce them).
IIRC, the reason was to distinguish
On 25/07/18 10:24 AM, Paolo Abeni wrote:
On Wed, 2018-07-25 at 08:27 -0400, Jamal Hadi Salim wrote:
Those changes were there from the beginning (above patch did
not introduce them).
IIRC, the reason was to distinguish between policy intended
drops and drops because of errors.
Double
think it makes sense.
Yep, I chose to increment 'overlimits' to preserve the current mirred
semantic.
AFAICS, that was first introduced with:
commit 8919bc13e8d92c5b082c5c0321567383a071f5bc
Author: Jamal Hadi Salim
Date: Mon Aug 15 05:25:40 2011 +
net_sched: fix port mirror
about introducing this new
code.
Could you not use the result code to carry sufficient
info to indicate the intent?
cheers,
jamal
+
/* Basic packet classifier frontend definitions. */
struct tcf_walker {
diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h
index 056dc1
rit.
cheers,
jamal
ECT) {
+ net_warn_ratelimited("TC_ACT_REDIRECT can't be used directly");
+ a->tcfa_action = TC_ACT_UNSPEC;
+ }
+
Why not just reject the rule instead of changing the code underneath the
user?
cheers,
jamal
ues, like TC_ACT_RECLASSIFY.
Jamal, is there any use case of returning !TC_ACT_STOLEN for
ingress redirections?
I cant think of one off top of my head.
There maybe a future use case where it is not so - maybe just allow
to return the user programmed action? that value will always be
TC_ACT_STOLEN if
appealing.
cheers,
jamal
wer(in s/w) if you only added a template
with say dst ip/mask? I can see it will make sense for u32 which is more
flexible and protocol independent.
cheers,
jamal
Chain are already either explicitly or are implicitly
(case of chain 0) specified.
Assuming that one cant add a new template to a chain if it already
has at least one filter (even if no template has been added).
I like it - it may help making u32 more friendly to humans in some
cases.
cheers,
jamal
ackets with
different priorities as a means to overcome DoS attacks
as described in paper ...
cheers,
jamal
ould have been fine to match the size of
the kernel flags), but other than that LGTM.
Acked-by: Jamal Hadi Salim
cheers,
jamal
etting in the init function
seems to be a redundant given all the TLVs have
d->flags also set by user space.
But thats a different patch.
cheers,
jamal
On 12/06/18 11:42 AM, Fu, Qiaobin wrote:
The new action inheritdsfield copies the field DS of
IPv4 and IPv6 packets into skb->priority. This e
On 31/05/18 08:38 AM, Vlad Buslov wrote:
Hi Jamal,
On current net-next I still have action with single reference after last
step:
~$ sudo $TC -s actions ls action skbedit
total acts 1
action order 0: skbedit mark 1 pipe
is gone in this last step.
Your patches may change behavior so that the action action is still
around. I dont think this is a big deal, but just wanted to be sure
it is not something more unexpected.
cheers,
jamal
On 28/05/18 12:02 PM, Jamal Hadi Salim wrote:
On 27/05/18 03:55 PM, Vlad Buslov wrote:
tc_ctl_tfilter handles three netlink message types: RTM_NEWTFILTER,
RTM_DELTFILTER, RTM_GETTFILTER. However, implementation of this function
involves a lot of branching on specific message type because most
1 - 100 of 2031 matches
Mail list logo
