mirror of https://github.com/torvalds/linux.git
0279957171
Follows up on: https://lore.kernel.org/all/20220809170518.164662-1-cascardo@canonical.com/ handle of 0 implies from/to of universe realm which is not very sensible. Lets see what this patch will do: $sudo tc qdisc add dev $DEV root handle 1:0 prio //lets manufacture a way to insert handle of 0 $sudo tc filter add dev $DEV parent 1:0 protocol ip prio 100 \ route to 0 from 0 classid 1:10 action ok //gets rejected... Error: handle of 0 is not valid. We have an error talking to the kernel, -1 //lets create a legit entry.. sudo tc filter add dev $DEV parent 1:0 protocol ip prio 100 route from 10 \ classid 1:10 action ok //what did the kernel insert? $sudo tc filter ls dev $DEV parent 1:0 filter protocol ip pref 100 route chain 0 filter protocol ip pref 100 route chain 0 fh 0x000a8000 flowid 1:10 from 10 action order 1: gact action pass random type none pass val 0 index 1 ref 1 bind 1 //Lets try to replace that legit entry with a handle of 0 $ sudo tc filter replace dev $DEV parent 1:0 protocol ip prio 100 \ handle 0x000a8000 route to 0 from 0 classid 1:10 action drop Error: Replacing with handle of 0 is invalid. We have an error talking to the kernel, -1 And last, lets run Cascardo's POC: $ ./poc 0 0 -22 -22 -22 Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com> Acked-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| act_api.c | ||
| act_bpf.c | ||
| act_connmark.c | ||
| act_csum.c | ||
| act_ct.c | ||
| act_ctinfo.c | ||
| act_gact.c | ||
| act_gate.c | ||
| act_ife.c | ||
| act_ipt.c | ||
| act_meta_mark.c | ||
| act_meta_skbprio.c | ||
| act_meta_skbtcindex.c | ||
| act_mirred.c | ||
| act_mpls.c | ||
| act_nat.c | ||
| act_pedit.c | ||
| act_police.c | ||
| act_sample.c | ||
| act_simple.c | ||
| act_skbedit.c | ||
| act_skbmod.c | ||
| act_tunnel_key.c | ||
| act_vlan.c | ||
| cls_api.c | ||
| cls_basic.c | ||
| cls_bpf.c | ||
| cls_cgroup.c | ||
| cls_flow.c | ||
| cls_flower.c | ||
| cls_fw.c | ||
| cls_matchall.c | ||
| cls_route.c | ||
| cls_rsvp.c | ||
| cls_rsvp.h | ||
| cls_rsvp6.c | ||
| cls_tcindex.c | ||
| cls_u32.c | ||
| em_canid.c | ||
| em_cmp.c | ||
| em_ipset.c | ||
| em_ipt.c | ||
| em_meta.c | ||
| em_nbyte.c | ||
| em_text.c | ||
| em_u32.c | ||
| ematch.c | ||
| sch_api.c | ||
| sch_atm.c | ||
| sch_blackhole.c | ||
| sch_cake.c | ||
| sch_cbq.c | ||
| sch_cbs.c | ||
| sch_choke.c | ||
| sch_codel.c | ||
| sch_drr.c | ||
| sch_dsmark.c | ||
| sch_etf.c | ||
| sch_ets.c | ||
| sch_fifo.c | ||
| sch_fq.c | ||
| sch_fq_codel.c | ||
| sch_fq_pie.c | ||
| sch_frag.c | ||
| sch_generic.c | ||
| sch_gred.c | ||
| sch_hfsc.c | ||
| sch_hhf.c | ||
| sch_htb.c | ||
| sch_ingress.c | ||
| sch_mq.c | ||
| sch_mqprio.c | ||
| sch_multiq.c | ||
| sch_netem.c | ||
| sch_pie.c | ||
| sch_plug.c | ||
| sch_prio.c | ||
| sch_qfq.c | ||
| sch_red.c | ||
| sch_sfb.c | ||
| sch_sfq.c | ||
| sch_skbprio.c | ||
| sch_taprio.c | ||
| sch_tbf.c | ||
| sch_teql.c | ||