From: Stefano Brivio <sbrivio@redhat.com>
To: Nikita Yushchenko <nikita.yushchenko@virtuozzo.com>
Cc: Florian Westphal <fw@strlen.de>, Netdev <netdev@vger.kernel.org>,
netfilter-devel@vger.kernel.org, kernel@openvz.org
Subject: Re: "AVX2-based lookup implementation" has broken ebtables --among-src
Date: Wed, 24 Nov 2021 18:38:13 +0100 [thread overview]
Message-ID: <20211124183813.674dcf6a@elisabeth> (raw)
In-Reply-To: <20211122142933.15e6bffc@elisabeth>
On Mon, 22 Nov 2021 14:29:33 +0100
Stefano Brivio <sbrivio@redhat.com> wrote:
> On Wed, 17 Nov 2021 15:08:54 +0300
> Nikita Yushchenko <nikita.yushchenko@virtuozzo.com> wrote:
>
> > >>> Looks like the AVX2-based lookup does not process this correctly.
> > >>
> > >> Thanks for bisecting and reporting this! I'm looking into it now, I
> > >> might be a bit slow as I'm currently traveling.
> > >
> > > Might be a bug in ebtables....
> >
> > Exactly same ebtables binary (and exactly same rule) works with
> > kernel 4.18 and all kernels up to the mentioned patch applied.
>
> Sorry for the delay, I've been offline the past days, I'll restart
> looking into this now.
I'm still debugging this but, if it helps, I found another workaround
while checking: swapping the order of IP address and MAC address
"fixes" it -- unfortunately I didn't think of this while writing the
selftests, so that's what nft_concat_range.sh checks, a set with type
"net, mac", and not "mac, net". E.g.:
table ip t {
set s {
type ipv4_addr . ether_addr
flags interval
elements = { 192.168.122.1 . 52:54:00:04:9e:00 }
}
chain c {
type filter hook input priority filter; policy accept;
ip saddr . ether saddr @s counter packets 19 bytes 1284
}
}
...of course this is due to an implementation detail (and the bug I'm
chasing), functionally it's expected to be the same.
--
Stefano
next prev parent reply other threads:[~2021-11-24 17:38 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-16 8:51 "AVX2-based lookup implementation" has broken ebtables --among-src Nikita Yushchenko
2021-11-16 16:33 ` Stefano Brivio
2021-11-17 12:06 ` Florian Westphal
2021-11-17 12:08 ` Nikita Yushchenko
2021-11-22 13:29 ` Stefano Brivio
2021-11-24 17:38 ` Stefano Brivio [this message]
2021-11-17 13:12 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211124183813.674dcf6a@elisabeth \
--to=sbrivio@redhat.com \
--cc=fw@strlen.de \
--cc=kernel@openvz.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=nikita.yushchenko@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.