Re: [RFC net-next v2 1/1] net: sched: protect against loops in TC filter hooks

John Hurley wrote: > On Thu, Jun 6, 2019 at 8:52 PM Florian Westphal wrote: > > > > David Miller wrote: > > > From: Florian Westphal > > > Date: Thu, 6 Jun 2019 14:58:18 +0200 > > > > > > >> @@ -827,6 +828,7 @@ struct sk_buff { > > > >>__u8tc_at_ingress:1; > > > >>__

Re: [RFC net-next v2 1/1] net: sched: protect against loops in TC filter hooks

On Thu, Jun 6, 2019 at 8:52 PM Florian Westphal wrote: > > David Miller wrote: > > From: Florian Westphal > > Date: Thu, 6 Jun 2019 14:58:18 +0200 > > > > >> @@ -827,6 +828,7 @@ struct sk_buff { > > >>__u8tc_at_ingress:1; > > >>__u8tc_redirected:1;

Re: [RFC net-next v2 1/1] net: sched: protect against loops in TC filter hooks

David Miller wrote: > From: Florian Westphal > Date: Thu, 6 Jun 2019 14:58:18 +0200 > > >> @@ -827,6 +828,7 @@ struct sk_buff { > >>__u8tc_at_ingress:1; > >>__u8tc_redirected:1; > >>__u8tc_from_ingress:1; > >> + __u8

Re: [RFC net-next v2 1/1] net: sched: protect against loops in TC filter hooks

From: Florian Westphal Date: Thu, 6 Jun 2019 14:58:18 +0200 >> @@ -827,6 +828,7 @@ struct sk_buff { >> __u8tc_at_ingress:1; >> __u8tc_redirected:1; >> __u8tc_from_ingress:1; >> +__u8tc_hop_count:2;

Re: [RFC net-next v2 1/1] net: sched: protect against loops in TC filter hooks

John Hurley wrote: > On Thu, Jun 6, 2019 at 1:58 PM Florian Westphal wrote: > > I dislike this, why can't we just use a pcpu counter? > > > > The only problem is with recursion/nesting; whenever we > > hit something that queues the skb for later we're safe. > > > > Hi Florian, > The per cpu coun

Re: [RFC net-next v2 1/1] net: sched: protect against loops in TC filter hooks

On Thu, Jun 6, 2019 at 1:58 PM Florian Westphal wrote: > > John Hurley wrote: > > TC hooks allow the application of filters and actions to packets at both > > ingress and egress of the network stack. It is possible, with poor > > configuration, that this can produce loops whereby an ingress hook

Re: [RFC net-next v2 1/1] net: sched: protect against loops in TC filter hooks

John Hurley wrote: > TC hooks allow the application of filters and actions to packets at both > ingress and egress of the network stack. It is possible, with poor > configuration, that this can produce loops whereby an ingress hook calls > a mirred egress action that has an egress hook that redire

[RFC net-next v2 1/1] net: sched: protect against loops in TC filter hooks

TC hooks allow the application of filters and actions to packets at both ingress and egress of the network stack. It is possible, with poor configuration, that this can produce loops whereby an ingress hook calls a mirred egress action that has an egress hook that redirects back to the first ingres