Re: ip6 dscp fails map lookup

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Florian Westphal <fw@strlen.de>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Florian Westphal <fw@strlen.de>,
	Brian Davidson <davidson.brian@gmail.com>,
	netfilter@vger.kernel.org
Subject: Re: ip6 dscp fails map lookup
Date: Sun, 5 Nov 2023 18:41:39 +0100	[thread overview]
Message-ID: <20231105174139.GA3861@breakpoint.cc> (raw)
In-Reply-To: <ZUfNomFiLekkhB+P@calendula>

Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> > >  	if (shift) {
> > > -		if (ctx->stmt_len > 0 && div_round_up(masklen, BITS_PER_BYTE) > 1) {
> > > +		if (masklen > BITS_PER_BYTE) {
> > 
> > I think this is right but binop xfer
> > won't remove the inserted byteorder conversion
> > in case the shift is to be removed by adjusting
> > a constant right hand side value.
> 
> ctx->stmt_len > 0 is also set from stmt_evaluate_{ct,meta}() so this
> transformation is restricted to statements.
> 
> I was conservative edecd58755a8 with ("evaluate: support shifts larger than
> the width of the left operand") to restrict this transformation to
> statements only.
> 
> Do you think think this applies to other cases too?
> 
> BTW, whatever the final fix is, Fixes: tag for this should be:
> 
> Fixes: 668c18f67203 ("evaluate: place byteorder conversion before rshift in payload statement")

I don't think this is a regression, I do not think it has worked before.

table ip6 t {
	map mapv6 {
		typeof ip6 dscp : meta mark
		elements = { cs1 : 0x0000002a }
	}

	chain output {
		type filter hook output priority filter; policy accept;
		meta mark set ip6 dscp map @mapv6
		meta mark 0x0000002a counter
		ip6 dscp @mapv6 counter
		ip6 dscp cs1 counter
	}
}

A "ping6 -q -Q 0x20 ::1 -c1" should cause all counters
in above ruleset to increment, but that is not the case.

Even before above commit.

next prev parent reply	other threads:[~2023-11-05 17:41 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-11-03 16:18 ip6 dscp fails map lookup Brian Davidson
2023-11-03 19:37 ` Florian Westphal
2023-11-03 21:59   ` Florian Westphal
2023-11-05 17:15     ` Pablo Neira Ayuso
2023-11-05 17:41       ` Florian Westphal [this message]
2023-11-05 17:58         ` Pablo Neira Ayuso
2023-11-05 21:33         ` Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231105174139.GA3861@breakpoint.cc \
    --to=fw@strlen.de \
    --cc=davidson.brian@gmail.com \
    --cc=netfilter@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox