* [PATCH] net : fix adding same ip rule multiple times
@ 2023-03-01 13:50 ismail bouzaiene
2023-03-01 17:42 ` Jakub Kicinski
0 siblings, 1 reply; 3+ messages in thread
From: ismail bouzaiene @ 2023-03-01 13:50 UTC (permalink / raw)
To: netdev, davem, edumazet, kuba, pabeni
[-- Attachment #1: Type: text/plain, Size: 1381 bytes --]
Hello,
In case we try to add the same ip rule multiple times, the kernel will
reject the addition using the call rule_exits().
However there are two use cases where it is still possible to add the
same ip rule multiple times despite the check rule_exists().
First use case :
add two ip rules with the same informations and only the prio / pref
attribute is different
Second use case :
add two ip rules with the same informations without setting the
attribute prio / pref
In this case, the kernel will attribute a pref to this ip rule using
the following mechanism :
Kernel will loop over all already applied ip rules, get the index of
the first ip rule with pref not null
add +1 and use this value to set the pref field in the ip rule to be applied.
The two use cases are possible because the call rule_exists() checks
the prio / pref among others parameters, and in both cases the prio /
pref attribute will be different from any of the already applied ip
rules.
I suggest fixing the mentioned two cases by removing the test on the
pref / prio attribute in the function rule_exits().
This patch implement the suggested solution : patch_solAllcases.patch
In case you think that the First use case is a valid use case and we
need only to handle the Second use case, I provide here also a second
patch that handle only the First use case :
patch_solOnlySecondCase.patch
[-- Attachment #2: patch_solAllcases.patch --]
[-- Type: text/x-patch, Size: 488 bytes --]
diff -uprN net-next-6.2-rc7/net/core/fib_rules.c net-next-6.2-rc7_patch-Sol1/net/core/fib_rules.c
--- net-next-6.2-rc7/net/core/fib_rules.c 2023-02-05 22:13:28.000000000 +0100
+++ net-next-6.2-rc7_patch-Sol1/net/core/fib_rules.c 2023-02-17 10:27:54.992948006 +0100
@@ -695,9 +695,6 @@ static int rule_exists(struct fib_rules_
if (r->table != rule->table)
continue;
- if (r->pref != rule->pref)
- continue;
-
if (memcmp(r->iifname, rule->iifname, IFNAMSIZ))
continue;
[-- Attachment #3: patch_solOnlySecondCase.patch --]
[-- Type: text/x-patch, Size: 1039 bytes --]
diff -uprN net-next-6.2-rc7/net/core/fib_rules.c net-next-6.2-rc7_patch-Sol2/net/core/fib_rules.c
--- net-next-6.2-rc7/net/core/fib_rules.c 2023-02-05 22:13:28.000000000 +0100
+++ net-next-6.2-rc7_patch-Sol2/net/core/fib_rules.c 2023-02-17 10:04:01.111242230 +0100
@@ -684,7 +684,7 @@ errout:
}
static int rule_exists(struct fib_rules_ops *ops, struct fib_rule_hdr *frh,
- struct nlattr **tb, struct fib_rule *rule)
+ struct nlattr **tb, struct fib_rule *rule,bool user_priority)
{
struct fib_rule *r;
@@ -695,7 +695,7 @@ static int rule_exists(struct fib_rules_
if (r->table != rule->table)
continue;
- if (r->pref != rule->pref)
+ if (user_priority && r->pref != rule->pref)
continue;
if (memcmp(r->iifname, rule->iifname, IFNAMSIZ))
@@ -806,7 +806,7 @@ int fib_nl_newrule(struct sk_buff *skb,
goto errout;
if ((nlh->nlmsg_flags & NLM_F_EXCL) &&
- rule_exists(ops, frh, tb, rule)) {
+ rule_exists(ops, frh, tb, rule,user_priority)) {
err = -EEXIST;
goto errout_free;
}
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] net : fix adding same ip rule multiple times
2023-03-01 13:50 [PATCH] net : fix adding same ip rule multiple times ismail bouzaiene
@ 2023-03-01 17:42 ` Jakub Kicinski
2023-03-02 8:17 ` ismail bouzaiene
0 siblings, 1 reply; 3+ messages in thread
From: Jakub Kicinski @ 2023-03-01 17:42 UTC (permalink / raw)
To: ismail bouzaiene; +Cc: netdev, davem, edumazet, pabeni, David Ahern
On Wed, 1 Mar 2023 14:50:15 +0100 ismail bouzaiene wrote:
> Hello,
>
> In case we try to add the same ip rule multiple times, the kernel will
> reject the addition using the call rule_exits().
This is not the correct way of posting a patch, please take a look at
this (second result on Google BTW):
http://nickdesaulniers.github.io/blog/2017/05/16/submitting-your-first-patch-to-the-linux-kernel-and-responding-to-feedback/
Please also read:
https://www.kernel.org/doc/html/latest/process/maintainer-netdev.html
and
https://www.kernel.org/doc/html/latest/process/submitting-patches.html
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] net : fix adding same ip rule multiple times
2023-03-01 17:42 ` Jakub Kicinski
@ 2023-03-02 8:17 ` ismail bouzaiene
0 siblings, 0 replies; 3+ messages in thread
From: ismail bouzaiene @ 2023-03-02 8:17 UTC (permalink / raw)
To: Jakub Kicinski; +Cc: netdev, davem, edumazet, pabeni, David Ahern
Hello,
Thank you for pointing that out , it is my first attempt to suggest a
patch so I was not sure about the how to.
I will check the links you provided and use the correct method.
Best Regards
Le mer. 1 mars 2023 à 18:42, Jakub Kicinski <kuba@kernel.org> a écrit :
>
> On Wed, 1 Mar 2023 14:50:15 +0100 ismail bouzaiene wrote:
> > Hello,
> >
> > In case we try to add the same ip rule multiple times, the kernel will
> > reject the addition using the call rule_exits().
>
> This is not the correct way of posting a patch, please take a look at
> this (second result on Google BTW):
>
> http://nickdesaulniers.github.io/blog/2017/05/16/submitting-your-first-patch-to-the-linux-kernel-and-responding-to-feedback/
>
> Please also read:
>
> https://www.kernel.org/doc/html/latest/process/maintainer-netdev.html
> and
> https://www.kernel.org/doc/html/latest/process/submitting-patches.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-03-02 8:18 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-01 13:50 [PATCH] net : fix adding same ip rule multiple times ismail bouzaiene
2023-03-01 17:42 ` Jakub Kicinski
2023-03-02 8:17 ` ismail bouzaiene
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).