* Re: [Bugme-new] [Bug 15379] New: u32 classifier port range calculation error [not found] <bug-15379-10286@http.bugzilla.kernel.org/> @ 2010-02-24 22:52 ` Andrew Morton 2010-02-25 3:24 ` jamal 0 siblings, 1 reply; 6+ messages in thread From: Andrew Morton @ 2010-02-24 22:52 UTC (permalink / raw) To: netdev; +Cc: bugzilla-daemon, bugme-daemon, reinaldoc (switched to email. Please respond via emailed reply-to-all, not via the bugzilla web interface). On Tue, 23 Feb 2010 20:56:09 GMT bugzilla-daemon@bugzilla.kernel.org wrote: > http://bugzilla.kernel.org/show_bug.cgi?id=15379 > > Summary: u32 classifier port range calculation error > Product: Networking > Version: 2.5 > Kernel Version: All (2.6.32 tested) > Platform: All > OS/Version: Linux > Tree: Mainline > Status: NEW > Severity: normal > Priority: P1 > Component: Other > AssignedTo: acme@ghostprotocols.net > ReportedBy: reinaldoc@gmail.com > Regression: No > > > U32 classifier have a problem on mask calculation of IP port range value. > > To reproduce the problem: > > ##### MASK CALCULATION FOR PORT RANGE 6880->6911 > > echo "obase=16;(2^13)-32" | bc > 1FE0 > > Example: > > ###### TC SAMPLE RULES > tc qdisc del dev eth0 root >/dev/null 2>&1 > > tc qdisc add dev eth0 root handle 1: htb default 1100 > tc class add dev eth0 root classid 1:1000 htb rate 1000Mbit ceil 1000Mbit > tc class add dev eth0 classid 1:1100 parent 1:1000 htb prio 0 rate 999Mbit > ceil 999Mbit > tc class add dev eth0 classid 1:1200 parent 1:1000 htb prio 0 rate 1Mbit > ceil 1Mbit > > tc filter add dev eth0 protocol ip prio 1 parent 1: u32 flowid 1:1200 match ip > dport 6880 0x1FE0 > > ###### STATS CLEAN ** success 0 > tc -s filter show dev eth0 > filter parent 1: protocol ip pref 1 u32 > filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 > filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 > flowid 1:1200 (rule hit 116 success 0) > match 00001ae0/00001fe0 at 20 (success 0 ) > > ###### SENDING PACKETS I > # nmap example.ufpa.br -p 1-10000 > > ###### STATS I ** success 32 (OK) > # tc -s filter show dev eth0 > filter parent 1: protocol ip pref 1 u32 > filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 > filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 > flowid 1:1200 (rule hit 12676 success 32) > match 00001ae0/00001fe0 at 20 (success 32 ) > > ###### SENDING PACKETS II > # nmap example.ufpa.br -p 10000-20000 > > ###### STATS II ** success 64 (ERROR) - should not match > > # tc -s filter show dev eth0 > filter parent 1: protocol ip pref 1 u32 > filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 > filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 > flowid 1:1200 (rule hit 25172 success 64) > match 00001ae0/00001fe0 at 20 (success 64 ) > > ###### SENDING PACKETS III > # nmap example.ufpa.br -p 20000-30000 > > ###### STATS III ** success 96 (ERROR) - should not match > > # tc -s filter show dev eth0 > filter parent 1: protocol ip pref 1 u32 > filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 > filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 > flowid 1:1200 (rule hit 43131 success 96) > match 00001ae0/00001fe0 at 20 (success 96 ) > > ### End ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bugme-new] [Bug 15379] New: u32 classifier port range calculation error 2010-02-24 22:52 ` [Bugme-new] [Bug 15379] New: u32 classifier port range calculation error Andrew Morton @ 2010-02-25 3:24 ` jamal 2010-02-25 11:25 ` Reinaldo de Carvalho 0 siblings, 1 reply; 6+ messages in thread From: jamal @ 2010-02-25 3:24 UTC (permalink / raw) To: Andrew Morton; +Cc: netdev, bugzilla-daemon, bugme-daemon, reinaldoc This is expected. An incoming packet is masked with 0x1FE0 at offset 20 and the value is compared to 6880. If they match, success. So between 1-10000, you essentially have some starting at 6880. And then at a large number prolly around port 15000, you have a few more. and the pattern repeats etc. cheers, jamal On Wed, 2010-02-24 at 14:52 -0800, Andrew Morton wrote: > (switched to email. Please respond via emailed reply-to-all, not via the > bugzilla web interface). > > On Tue, 23 Feb 2010 20:56:09 GMT bugzilla-daemon@bugzilla.kernel.org wrote: > > > http://bugzilla.kernel.org/show_bug.cgi?id=15379 > > > > Summary: u32 classifier port range calculation error > > Product: Networking > > Version: 2.5 > > Kernel Version: All (2.6.32 tested) > > Platform: All > > OS/Version: Linux > > Tree: Mainline > > Status: NEW > > Severity: normal > > Priority: P1 > > Component: Other > > AssignedTo: acme@ghostprotocols.net > > ReportedBy: reinaldoc@gmail.com > > Regression: No > > > > > > U32 classifier have a problem on mask calculation of IP port range value. > > > > To reproduce the problem: > > > > ##### MASK CALCULATION FOR PORT RANGE 6880->6911 > > > > echo "obase=16;(2^13)-32" | bc > > 1FE0 > > > > Example: > > > > ###### TC SAMPLE RULES > > tc qdisc del dev eth0 root >/dev/null 2>&1 > > > > tc qdisc add dev eth0 root handle 1: htb default 1100 > > tc class add dev eth0 root classid 1:1000 htb rate 1000Mbit ceil 1000Mbit > > tc class add dev eth0 classid 1:1100 parent 1:1000 htb prio 0 rate 999Mbit > > ceil 999Mbit > > tc class add dev eth0 classid 1:1200 parent 1:1000 htb prio 0 rate 1Mbit > > ceil 1Mbit > > > > tc filter add dev eth0 protocol ip prio 1 parent 1: u32 flowid 1:1200 match ip > > dport 6880 0x1FE0 > > > > ###### STATS CLEAN ** success 0 > > tc -s filter show dev eth0 > > filter parent 1: protocol ip pref 1 u32 > > filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 > > filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 > > flowid 1:1200 (rule hit 116 success 0) > > match 00001ae0/00001fe0 at 20 (success 0 ) > > > > ###### SENDING PACKETS I > > # nmap example.ufpa.br -p 1-10000 > > > > ###### STATS I ** success 32 (OK) > > # tc -s filter show dev eth0 > > filter parent 1: protocol ip pref 1 u32 > > filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 > > filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 > > flowid 1:1200 (rule hit 12676 success 32) > > match 00001ae0/00001fe0 at 20 (success 32 ) > > > > ###### SENDING PACKETS II > > # nmap example.ufpa.br -p 10000-20000 > > > > ###### STATS II ** success 64 (ERROR) - should not match > > > > # tc -s filter show dev eth0 > > filter parent 1: protocol ip pref 1 u32 > > filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 > > filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 > > flowid 1:1200 (rule hit 25172 success 64) > > match 00001ae0/00001fe0 at 20 (success 64 ) > > > > ###### SENDING PACKETS III > > # nmap example.ufpa.br -p 20000-30000 > > > > ###### STATS III ** success 96 (ERROR) - should not match > > > > # tc -s filter show dev eth0 > > filter parent 1: protocol ip pref 1 u32 > > filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 > > filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 > > flowid 1:1200 (rule hit 43131 success 96) > > match 00001ae0/00001fe0 at 20 (success 96 ) > > > > ### End > > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bugme-new] [Bug 15379] New: u32 classifier port range calculation error 2010-02-25 3:24 ` jamal @ 2010-02-25 11:25 ` Reinaldo de Carvalho 2010-02-25 13:24 ` jamal 0 siblings, 1 reply; 6+ messages in thread From: Reinaldo de Carvalho @ 2010-02-25 11:25 UTC (permalink / raw) To: hadi; +Cc: Andrew Morton, netdev, bugzilla-daemon, bugme-daemon Then u32 mask is useless. Or exist a correct mask to match with especific range? -- Reinaldo de Carvalho On Thu, Feb 25, 2010 at 12:24 AM, jamal <hadi@cyberus.ca> wrote: > > This is expected. > An incoming packet is masked with 0x1FE0 at offset 20 and the > value is compared to 6880. If they match, success. > So between 1-10000, you essentially have some starting at 6880. > And then at a large number prolly around port 15000, you have > a few more. and the pattern repeats etc. > > cheers, > jamal > > On Wed, 2010-02-24 at 14:52 -0800, Andrew Morton wrote: >> (switched to email. Please respond via emailed reply-to-all, not via the >> bugzilla web interface). >> >> On Tue, 23 Feb 2010 20:56:09 GMT bugzilla-daemon@bugzilla.kernel.org wrote: >> >> > http://bugzilla.kernel.org/show_bug.cgi?id=15379 >> > >> > Summary: u32 classifier port range calculation error >> > Product: Networking >> > Version: 2.5 >> > Kernel Version: All (2.6.32 tested) >> > Platform: All >> > OS/Version: Linux >> > Tree: Mainline >> > Status: NEW >> > Severity: normal >> > Priority: P1 >> > Component: Other >> > AssignedTo: acme@ghostprotocols.net >> > ReportedBy: reinaldoc@gmail.com >> > Regression: No >> > >> > >> > U32 classifier have a problem on mask calculation of IP port range value. >> > >> > To reproduce the problem: >> > >> > ##### MASK CALCULATION FOR PORT RANGE 6880->6911 >> > >> > echo "obase=16;(2^13)-32" | bc >> > 1FE0 >> > >> > Example: >> > >> > ###### TC SAMPLE RULES >> > tc qdisc del dev eth0 root >/dev/null 2>&1 >> > >> > tc qdisc add dev eth0 root handle 1: htb default 1100 >> > tc class add dev eth0 root classid 1:1000 htb rate 1000Mbit ceil 1000Mbit >> > tc class add dev eth0 classid 1:1100 parent 1:1000 htb prio 0 rate 999Mbit >> > ceil 999Mbit >> > tc class add dev eth0 classid 1:1200 parent 1:1000 htb prio 0 rate 1Mbit >> > ceil 1Mbit >> > >> > tc filter add dev eth0 protocol ip prio 1 parent 1: u32 flowid 1:1200 match ip >> > dport 6880 0x1FE0 >> > >> > ###### STATS CLEAN ** success 0 >> > tc -s filter show dev eth0 >> > filter parent 1: protocol ip pref 1 u32 >> > filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 >> > filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 >> > flowid 1:1200 (rule hit 116 success 0) >> > match 00001ae0/00001fe0 at 20 (success 0 ) >> > >> > ###### SENDING PACKETS I >> > # nmap example.ufpa.br -p 1-10000 >> > >> > ###### STATS I ** success 32 (OK) >> > # tc -s filter show dev eth0 >> > filter parent 1: protocol ip pref 1 u32 >> > filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 >> > filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 >> > flowid 1:1200 (rule hit 12676 success 32) >> > match 00001ae0/00001fe0 at 20 (success 32 ) >> > >> > ###### SENDING PACKETS II >> > # nmap example.ufpa.br -p 10000-20000 >> > >> > ###### STATS II ** success 64 (ERROR) - should not match >> > >> > # tc -s filter show dev eth0 >> > filter parent 1: protocol ip pref 1 u32 >> > filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 >> > filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 >> > flowid 1:1200 (rule hit 25172 success 64) >> > match 00001ae0/00001fe0 at 20 (success 64 ) >> > >> > ###### SENDING PACKETS III >> > # nmap example.ufpa.br -p 20000-30000 >> > >> > ###### STATS III ** success 96 (ERROR) - should not match >> > >> > # tc -s filter show dev eth0 >> > filter parent 1: protocol ip pref 1 u32 >> > filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 >> > filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 >> > flowid 1:1200 (rule hit 43131 success 96) >> > match 00001ae0/00001fe0 at 20 (success 96 ) >> > >> > ### End >> >> -- >> To unsubscribe from this list: send the line "unsubscribe netdev" in >> the body of a message to majordomo@vger.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html > > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bugme-new] [Bug 15379] New: u32 classifier port range calculation error 2010-02-25 11:25 ` Reinaldo de Carvalho @ 2010-02-25 13:24 ` jamal 2010-02-25 19:11 ` Reinaldo de Carvalho 0 siblings, 1 reply; 6+ messages in thread From: jamal @ 2010-02-25 13:24 UTC (permalink / raw) To: Reinaldo de Carvalho; +Cc: Andrew Morton, netdev, bugzilla-daemon, bugme-daemon On Thu, 2010-02-25 at 08:25 -0300, Reinaldo de Carvalho wrote: > Then u32 mask is useless. Or exist a correct mask to match with especific range? Ranges and masks typically dont mix well generally - this has nothing to do with u32; try doing subnet ranges for example. It is hard to describe port range 10->20 using masks.. If i read your email correctly: you are trying to get the first 32 ports after 6880. It would seem to me the mask should be 0xFFE0, no? i.e your bc calculation should be: echo "obase=16;(2^16)-32" | bc cheers, jamal ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bugme-new] [Bug 15379] New: u32 classifier port range calculation error 2010-02-25 13:24 ` jamal @ 2010-02-25 19:11 ` Reinaldo de Carvalho 2010-02-25 21:47 ` jamal 0 siblings, 1 reply; 6+ messages in thread From: Reinaldo de Carvalho @ 2010-02-25 19:11 UTC (permalink / raw) To: hadi; +Cc: Andrew Morton, netdev, bugzilla-daemon, bugme-daemon On Thu, Feb 25, 2010 at 10:24 AM, jamal <hadi@cyberus.ca> wrote: > On Thu, 2010-02-25 at 08:25 -0300, Reinaldo de Carvalho wrote: >> Then u32 mask is useless. Or exist a correct mask to match with especific range? > > Ranges and masks typically dont mix well generally - this has nothing to > do with u32; try doing subnet ranges for example. It is hard to describe > port range 10->20 using masks.. > > If i read your email correctly: you are trying to get the first 32 ports > after 6880. It would seem to me the mask should be 0xFFE0, no? i.e your > bc calculation should be: > echo "obase=16;(2^16)-32" | bc > No. Testing with mask 0xFFE0... (1 port match) # Stats... # tc -s filter show dev eth0 filter parent 1: protocol ip pref 1 u32 filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1200 (rule hit 13 success 0) match 00001ae0/0000ffe0 at 20 (success 0 ) # Sending packets... # nmap example.ufpa.br -p 1-65535 # Stats... # tc -s filter show dev eth0 filter parent 1: protocol ip pref 1 u32 filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1200 (rule hit 65459 success 1) match 00001ae0/0000ffe0 at 20 (success 1 ) -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net "Don't try to adapt the software to the way you work, but rather yourself to the way the software works" (myself) ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bugme-new] [Bug 15379] New: u32 classifier port range calculation error 2010-02-25 19:11 ` Reinaldo de Carvalho @ 2010-02-25 21:47 ` jamal 0 siblings, 0 replies; 6+ messages in thread From: jamal @ 2010-02-25 21:47 UTC (permalink / raw) To: Reinaldo de Carvalho; +Cc: Andrew Morton, netdev, bugzilla-daemon, bugme-daemon On Thu, 2010-02-25 at 16:11 -0300, Reinaldo de Carvalho wrote: > Testing with mask 0xFFE0... (1 port match) > > # Stats... > # tc -s filter show dev eth0 > filter parent 1: protocol ip pref 1 u32 > filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 > filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht > 800 bkt 0 flowid 1:1200 (rule hit 13 success 0) > match 00001ae0/0000ffe0 at 20 (success 0 ) > > # Sending packets... > # nmap example.ufpa.br -p 1-65535 > > # Stats... > # tc -s filter show dev eth0 > filter parent 1: protocol ip pref 1 u32 > filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 > filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht > 800 bkt 0 flowid 1:1200 (rule hit 65459 success 1) > match 00001ae0/0000ffe0 at 20 (success 1 ) Ok, you forced me to setup a system and install nmap. ------- bigismall:~# tc -s filter show dev eth0 filter parent 1: protocol ip pref 1 u32 filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1200 (rule hit 15 success 0) match 00001ae0/0000ffe0 at 20 (success 0 ) bigismall:~# nmap bigi -p 1-65535 Starting Nmap 5.00 ( http://nmap.org ) at 2010-02-25 16:40 UTC Interesting ports on bigi (10.0.0.26): Not shown: 65532 closed ports PORT STATE SERVICE 22/tcp open ssh MAC Address: 00:16:2E:12:4D:2E (Unknown) Nmap done: 1 IP address (1 host up) scanned in 65.55 seconds bigismall:~# tc -s filter show dev eth0 filter parent 1: protocol ip pref 1 u32 filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1200 (rule hit 65614 success 32) match 00001ae0/0000ffe0 at 20 (success 32 ) bigismall:~# -------------- cheers, jamal ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2010-02-25 21:47 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <bug-15379-10286@http.bugzilla.kernel.org/>
2010-02-24 22:52 ` [Bugme-new] [Bug 15379] New: u32 classifier port range calculation error Andrew Morton
2010-02-25 3:24 ` jamal
2010-02-25 11:25 ` Reinaldo de Carvalho
2010-02-25 13:24 ` jamal
2010-02-25 19:11 ` Reinaldo de Carvalho
2010-02-25 21:47 ` jamal
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).