LARTC - Dec 2001 - Two u32 problems: module count and fw

Hi All,
	I found 2 unusual behavior with u32 classifier in Kernel 2.4.12. I’ve u32
compiled as module.
1> u32 filter seems not working if there is already some fw filter used for
some other class. In order to get u32 working I’ve to delete root class,
which in terms delete all fw filters too, and then same command for u32
works. fw is also compiled as module.

2> If I add u32 filter to my classid then it increase module-count, which I
can see in "lsmod". I know this is normal behavior. But if I attach
more u32
filter in same classid it doesn’t increase module-count more. Is this normal
behaviour?
	Also I observed that if I create one more class and if I attach one u32
filter then also module use count remains same.
	Does it mean that u32 used count increase once per device? Because if I
implement shaper class on other device then it increase used count by one.
	Following is implementation specific command line:
# /sbin/tc qdisc add dev eth0 root handle 10: cbq bandwidth 100Mbit avpkt
1000 cell 8
# /sbin/tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 100Mbit
\
rate 100Mbit allot 1514 cell 8 weight 10Mbit prio 8 maxburst 20 avpkt 1000
# /sbin/tc class add dev eth0 parent 10:1 classid 10:010 cbq bandwidth
100Mbit  \
rate 96Kbit allot 1514 cell 8 weight 10Kbit prio 5 maxburst 20 avpkt 1000
bounded
# /sbin/tc qdisc add dev eth0 parent 10:010 red max 12288 min 1500 limit
12288  avpkt 1000 burst 20
# /sbin/tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip
tos 0x10 0xff flowid 10:010
# /sbin/tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip
dst 192.9.203.57 flowid 10:010

	Though u32 is used twich here I can get only one refrence count in “lsmod”
# lsmod
Module                  Size  Used by
cls_u32                 4944   1  (autoclean)
sch_red                 2464   1  (autoclean)

	Now if I create one more class on same device(eth0) and use u32 filter to
classifiy my traffic then also this count remains same(Isn’t surprising?)

# /sbin/tc class add dev eth0 parent 10:0 classid 10:2 cbq bandwidth 100Mbit
\
rate 100Mbit allot 1514 cell 8 weight 10Mbit prio 8 maxburst 20 avpkt 1000
# /sbin/tc class add dev eth0 parent 10:2 classid 10:020 cbq bandwidth
100Mbit  \
rate 96Kbit allot 1514 cell 8 weight 10Kbit prio 5 maxburst 20 avpkt 1000
bounded
# /sbin/tc qdisc add dev eth0 parent 10:020 red max 12288 min 1500 limit
12288  \
avpkt 1000 burst 20
# /sbin/tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip
\
tos 0x10 0xff flowid 10:020

# lsmod
Module                  Size  Used by
cls_u32                 4944   1  (autoclean)
sch_red                 2464   2  (autoclean)

	If I do same process on second device (eth1) then first time it increase
module count by one so now total used count shown is 2. Subsequent u32 usage
does not increase this use count.

	Thanks for any URL on patch of this problem or description of this
behavior.

-- Sumit

On Mon, Dec 24, 2001 at 05:53:16PM +0530, Sumit Pandya
wrote:
> Hi All,
> 	I found 2 unusual behavior with u32 classifier in Kernel 2.4.12. I’ve u32
> compiled as module.
> 1> u32 filter seems not working if there is already some fw filter used
for
> some other class. In order to get u32 working I’ve to delete root class,
> which in terms delete all fw filters too, and then same command for u32
> works. fw is also compiled as module.
Can you write an ''exploit script'' that shows this behaviour?
This will help
attracting the attention of the relevant people.
> 2> If I add u32 filter to my classid then it increase module-count,
which I
> can see in "lsmod". I know this is normal behavior. But if I
attach more u32
> filter in same classid it doesn’t increase module-count more. Is this
normal
> behaviour?
Yes. Usage count is the amount of other modules depending on u32.
> 	If I do same process on second device (eth1) then first time it increase
> module count by one so now total used count shown is 2. Subsequent u32
usage
> does not increase this use count.
Does it cause problems?

If you have the exploit script ready, we can do more.

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://www.tk                              the dot in .tk
Netherlabs BV / Rent-a-Nerd.nl           - Nerd Available -
Linux Advanced Routing & Traffic Control: http://ds9a.nl/lartc

Hi Bert and All,
>> Can you write an ''exploit script'' that shows this
behaviour? This will
help
attracting the attention of the relevant people.

	Where you need scripting? In same post I did also written command line in
sequence which I followed. Okay following is process to simulate problem at
your end.
	Compile cls_fw "Firewall based classifier" and, cls_u32 "U32
classifier" as
module. Now just use following sequence of tc-commands
# Traffic Shapper Registration
/sbin/tc qdisc add dev eth0 root handle 10: cbq bandwidth 100mbps avpkt 1000
cell 8
# The queue discipline on this shaper would be CBQ
/sbin/tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 100mbps
rate 100mbps \
allot 1514 cell 8 weight 10mb prio 8 maxburst 20 avpkt 1000
#---------------            Trafic 1     --------------
# 192.168.1.210 is Special server I''m using u32 classifier for this
machine
/sbin/tc class add dev eth0 parent 10:1 classid 10:2000 cbq bandwidth
100mbps rate 512kbit \
allot 1514 cell 8 weight 50kbit prio 5 maxburst 20 avpkt 1000 bounded
/sbin/tc qdisc add dev eth0 parent 10:2000 red max 64000 min 1500 limit 64kb
avpkt 1000 burst 20
/sbin/tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match \
ip dst 192.168.1.210 flowid 10:2000 order 2048
#---------------            Trafic 2     --------------
# Remaing traffic will be marked with "2" and will be scheduled in
common
trafic
/sbin/tc class add dev eth0 parent 10:1 classid 10:2100 cbq bandwidth
100mbps rate 512kbit allot 1514 cell 8 weight 50kbit prio 5 maxburst 20
avpkt 1000 bounded
/sbin/tc qdisc add dev eth0 parent 10:2100 red max 64000 min 1500 limit 64kb
avpkt 1000 burst 20
/sbin/tc filter add dev eth0 parent 10:0 protocol ip prio 100 handle 2 fw
classid 10:2100

	Now here outcome of last command is an error message "RTNETLINK answers:
Invalid argument"
	Please don''t screw your head in finding arguments to command line.
Why? Coz
if I reverse this sequence of command execution for Trafic 2 and then trafic
1, even in that case last command from the command-bunch of Traffic 1, i.e.
for u32, gives me same error "RTNETLINK answers: Invalid argument". I
observe that if I can use either fw or u32 classifier coz if I try to shape
traffic with same classifier it accepts and do its intended operation.
>>>  If I add u32 filter to my classid then it increase module-count,
which
I can see in "lsmod". I know this is normal behavior. But if I attach
more
u32 filter in same classid it doesn’t increase module-count more. Is this
normal behaviour?
>> Yes. Usage count is the amount of other modules depending on u32.
	Is there any modules which depend on cls_u32 or cls_fw? Or you mean to say
something else here? What I''s mean to say is usage count for both
clas_u32
and cls_fw is increased only once per device (eth0, eth1, ...) not once per
used. So even though I use u32 classifier on with different classid on same
device its usage count remains same in "lsmod" command. But if I use
this
u32 classifier (only first time) then usage count increased by one. Ya its
okay but why it doesn''t increased in subsequent use on other classid
but
same device.
>>> 	If I do same process on second device (eth1) then first time it
increase module count by one so now total used count shown is 2. Subsequent
u32 usage does not increase this use count.
>> Does it cause problems?
	Not any problem sofar its just an anixity to dig into this...

-- Sumit