There have been several instances where response from kernel
has overrun the stack buffer from the caller. Avoid future problems
by passing a size argument.
Also drop the unused peer and group arguments to rtnl_talk.
This work follows upon commit 6256f8c9e4 ("tc, bpf: finalize eBPF
support for cls and act front-end") and takes up the idea proposed by
Hannes Frederic Sowa to spawn a shell (or any other command) that holds
generated eBPF map file descriptors.
File descriptors, based on their id, are being fetched from the same
unix domain socket as demonstrated in the bpf_agent, the shell spawned
via execvpe(2) and the map fds passed over the environment, and thus
are made available to applications in the fashion of std{in,out,err}
for read/write access, for example in case of iproute2's examples/bpf/:
# env | grep BPF
BPF_NUM_MAPS=3
BPF_MAP1=6 <- BPF_MAP_ID_QUEUE (id 1)
BPF_MAP0=5 <- BPF_MAP_ID_PROTO (id 0)
BPF_MAP2=7 <- BPF_MAP_ID_DROPS (id 2)
# ls -la /proc/self/fd
[...]
lrwx------. 1 root root 64 Apr 14 16:46 0 -> /dev/pts/4
lrwx------. 1 root root 64 Apr 14 16:46 1 -> /dev/pts/4
lrwx------. 1 root root 64 Apr 14 16:46 2 -> /dev/pts/4
[...]
lrwx------. 1 root root 64 Apr 14 16:46 5 -> anon_inode:bpf-map
lrwx------. 1 root root 64 Apr 14 16:46 6 -> anon_inode:bpf-map
lrwx------. 1 root root 64 Apr 14 16:46 7 -> anon_inode:bpf-map
The advantage (as opposed to the direct/native usage) is that now the
shell is map fd owner and applications can terminate and easily reattach
to descriptors w/o any kernel changes. Moreover, multiple applications
can easily read/write eBPF maps simultaneously.
To further allow users for experimenting with that, next step is to add
a small helper that can get along with simple data types, so that also
shell scripts can make use of bpf syscall, f.e to read/write into maps.
Generally, this allows for prepopulating maps, or any runtime altering
which could influence eBPF program behaviour (f.e. different run-time
classifications, skb modifications, ...), dumping of statistics, etc.
Reference: http://thread.gmane.org/gmane.linux.network/357471/focus=357860
Suggested-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Because we use the high 16 bits of tcm_info to pass prio value to
kernel, thus it's range would be [0, 0xffff], without validation
in tc when user pass a lager(>65535) priority, the actual priority
set in kernel would confuse the user.
So, add a validation to ensure prio in the range.
Both rtnl_talk and rtnl_dump had a callback for handling portions
of netlink message that do not match the correct pid or seq.
But this callback was never used by any part of iproute2 so remove
it.
> # tc filter show dev eth1 | grep 4:29:d1
> filter parent 1: protocol ip pref 5 u32 fh 4:29:d1 order 209 key ht 4
> bkt 29 flowid 1:b7aa
>
> # tc filter del dev eth1 parent 1: pref 5 handle 4:29:d1 u32
> RTNETLINK answers: Invalid argument
> We have an error talking to the kernel
>
> after rollback to package"sys-apps/iproute2-2.6.24.20080108" all
> deleted normal...
The current iproute version uses "protocol all" by default
if its not specified. This is actually only useful for creating
new filters, on deletion an unset protocol is treated as wildcard.
makes protocol accessible ..
cheers,
jamal
[PATCH 2/3] [TC/FILTERS] Expose the filter protocol
Expose the filter protocol so it can be used by underlying
classifiers when they need it.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
commit c504ffd627ac211eebf5ed34ef0fbfd7f1dbb347
Author: Patrick McHardy <kaber@trash.net>
Date: Wed Mar 26 07:38:43 2008 +0100
[IPROUTE]: Fix classifier help
The new check whether the user has specified a protocol makes
"ip filter <type> help" fails with "protocol is required".
This could be fixed by moving it further down, but a more user-friendly
way it to simply use ETH_P_ALL as default if nothing is specified.
Signed-off-by: Patrick McHardy <kaber@trash.net>
In order to support these new flags add current
linux/if.h into the directory with the local copies.
This caused troubles with outdated redefinitions from net/if.h
so I've removed the dependency on it.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
* "tc [class|qdisc|filter] get" doesn't exist, remove it from inline help.
* Add "replace" to "tc [class|filter] get" inline help.
* Fix "tc [class|qdisc|filter] help" output:
~$ tc class help
[snip]
Command "help" is unknown, try "tc class help".
~$
with my best wishes,
--
Hasso Tepper
Elion Enterprises Ltd. [AS3249]
Data Communication Network Administrator
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
User runs "tc monitor" (without quotes) and watches events of
addition, deletion and updates from qdiscs, classes, filters and
actions as they happen.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Stephen Hemminger
Daniel Borkmann
Stephen Hemminger
Dan Kenigsberg
Li Wei
Stephen Hemminger
Florian Westphal
Stephen Hemminger
Patrick McHardy
jamal
Thomas Graf
Hasso Tepper
Stephen Hemminger
Jesper Dangaard Brouer
site!shemminger
osdl.net!shemminger
ch[shemminger]!tgraf
net[shemminger]!shemminger
osdl.org!shemminger