** Description changed: - The tc police burst option limits the size of the burst to to 4 GB, - i.e., UINT_MAX for a 32 bit unsigned int. However, the underlying - implementation of burst is computed as "time at the specified rate", and - for higher rates, a burst size exceeding 4 GB is feasible without - modification to the kernel + [Impact] + The tc police burst option limits the size of the burst up to 4 GiB, i.e., UINT_MAX for a 32 bit unsigned int. However, the underlying implementation of burst is computed as "time at the specified rate", and for higher rates, a burst size exceeding 4 GiB is feasible without modification to the kernel. + Conversely, there can be bursts smaller that 4 GiB that overflow the burst time calculation and that was not detected. + + [Test Plan] + All the following commands must be run as root. We are assuming the tested interface is eth0. + + Add fq_codel queuing discipline + + # tc qdisc add dev eth0 root fq_codel + + Check the assigned discipline number + + # tc -s qdisc show dev eth0 + qdisc fq_codel nnnn: root refcnt 13 limit ... + + Note the 4 digits nnnn number. + + 1) Tests before the patch is applied + + Try to set a filter wit a burst of exactly 4Gb at 10Gbit rate and see + that it fails: + + # tc filter add dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw police rate 10Gbit peakrate 10Gbit burst 4294967296 mtu 64Kb conform-exceed reclassify + Error: argument "4294967296" is wrong: buffer + + Try to set a filter with a burst that is greater than the maximum time: + + # tc filter add dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw + police rate 1Mbit peakrate 10Gbit burst 34375000 mtu 64Kb conform-exceed + reclassify + + Check if it was set correctly: + + # tc -raw filter get dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw + filter parent nnnn: protocol ip pref 1 fw chain 0 handle 0x1 police 0x1 rate 1Mbit burst 15261b mtu 64Kb [001d1bf8] peakrate 10Gbit action reclassify overhead 0b + + We can see a result with the overflowed buffer (burst is 15261b) + + 2) Tests after the patch is applied: + + Try to set a filter with a burst of exactly 4Gb at 10Gbit rate: + + # tc filter add dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw + police rate 10Gbit peakrate 10Gbit burst 4294967296 mtu 64Kb conform- + exceed reclassify + + We can check that it was set correctly (burst is 4Gb): + + # tc -raw filter get dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw + filter parent nnnn: protocol ip pref 1 fw chain 0 handle 0x1 police 0x1 rate 10Gbit burst 4Gb mtu 64Kb [03333334] peakrate 10Gbit action reclassify overhead 0b + + Remove the filter: + + # tc filter del dev eth0 protocol ip prio 1 parent nnnn: + + Try to set a filter with a burst that is greater than the maximum time: + + # tc filter add dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw + police rate 1Mbit peakrate 10Gbit burst 34375000 mtu 64Kb conform-exceed + reclassify + + Check that if it was set correctly: + # tc -raw filter get dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw + POLICE: burst out of range + + We see that it is out of range + + [Where problems could occur] + Externally the only difference with the installed patch is that some commands that will previously overflow without errors will now fail. That might break some scripts but it can be argued that they were already broken before.
** Description changed: [Impact] The tc police burst option limits the size of the burst up to 4 GiB, i.e., UINT_MAX for a 32 bit unsigned int. However, the underlying implementation of burst is computed as "time at the specified rate", and for higher rates, a burst size exceeding 4 GiB is feasible without modification to the kernel. Conversely, there can be bursts smaller that 4 GiB that overflow the burst time calculation and that was not detected. [Test Plan] All the following commands must be run as root. We are assuming the tested interface is eth0. Add fq_codel queuing discipline # tc qdisc add dev eth0 root fq_codel Check the assigned discipline number # tc -s qdisc show dev eth0 qdisc fq_codel nnnn: root refcnt 13 limit ... Note the 4 digits nnnn number. 1) Tests before the patch is applied - Try to set a filter wit a burst of exactly 4Gb at 10Gbit rate and see + Try to set a filter with a burst of exactly 4Gb at 10Gbit rate and see that it fails: # tc filter add dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw police rate 10Gbit peakrate 10Gbit burst 4294967296 mtu 64Kb conform-exceed reclassify Error: argument "4294967296" is wrong: buffer Try to set a filter with a burst that is greater than the maximum time: # tc filter add dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw police rate 1Mbit peakrate 10Gbit burst 34375000 mtu 64Kb conform-exceed reclassify Check if it was set correctly: # tc -raw filter get dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw filter parent nnnn: protocol ip pref 1 fw chain 0 handle 0x1 police 0x1 rate 1Mbit burst 15261b mtu 64Kb [001d1bf8] peakrate 10Gbit action reclassify overhead 0b We can see a result with the overflowed buffer (burst is 15261b) 2) Tests after the patch is applied: Try to set a filter with a burst of exactly 4Gb at 10Gbit rate: # tc filter add dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw police rate 10Gbit peakrate 10Gbit burst 4294967296 mtu 64Kb conform- exceed reclassify We can check that it was set correctly (burst is 4Gb): # tc -raw filter get dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw - filter parent nnnn: protocol ip pref 1 fw chain 0 handle 0x1 police 0x1 rate 10Gbit burst 4Gb mtu 64Kb [03333334] peakrate 10Gbit action reclassify overhead 0b + filter parent nnnn: protocol ip pref 1 fw chain 0 handle 0x1 police 0x1 rate 10Gbit burst 4Gb mtu 64Kb [03333334] peakrate 10Gbit action reclassify overhead 0b Remove the filter: # tc filter del dev eth0 protocol ip prio 1 parent nnnn: Try to set a filter with a burst that is greater than the maximum time: # tc filter add dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw police rate 1Mbit peakrate 10Gbit burst 34375000 mtu 64Kb conform-exceed reclassify Check that if it was set correctly: # tc -raw filter get dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw POLICE: burst out of range We see that it is out of range [Where problems could occur] Externally the only difference with the installed patch is that some commands that will previously overflow without errors will now fail. That might break some scripts but it can be argued that they were already broken before. ** Description changed: [Impact] The tc police burst option limits the size of the burst up to 4 GiB, i.e., UINT_MAX for a 32 bit unsigned int. However, the underlying implementation of burst is computed as "time at the specified rate", and for higher rates, a burst size exceeding 4 GiB is feasible without modification to the kernel. Conversely, there can be bursts smaller that 4 GiB that overflow the burst time calculation and that was not detected. [Test Plan] All the following commands must be run as root. We are assuming the tested interface is eth0. Add fq_codel queuing discipline # tc qdisc add dev eth0 root fq_codel Check the assigned discipline number # tc -s qdisc show dev eth0 qdisc fq_codel nnnn: root refcnt 13 limit ... - Note the 4 digits nnnn number. + Note the 4 digits nnnn number. It should be substituted for the nnnn + number in the rest of the following commands. 1) Tests before the patch is applied Try to set a filter with a burst of exactly 4Gb at 10Gbit rate and see that it fails: # tc filter add dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw police rate 10Gbit peakrate 10Gbit burst 4294967296 mtu 64Kb conform-exceed reclassify Error: argument "4294967296" is wrong: buffer Try to set a filter with a burst that is greater than the maximum time: # tc filter add dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw police rate 1Mbit peakrate 10Gbit burst 34375000 mtu 64Kb conform-exceed reclassify Check if it was set correctly: # tc -raw filter get dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw filter parent nnnn: protocol ip pref 1 fw chain 0 handle 0x1 police 0x1 rate 1Mbit burst 15261b mtu 64Kb [001d1bf8] peakrate 10Gbit action reclassify overhead 0b We can see a result with the overflowed buffer (burst is 15261b) 2) Tests after the patch is applied: Try to set a filter with a burst of exactly 4Gb at 10Gbit rate: # tc filter add dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw police rate 10Gbit peakrate 10Gbit burst 4294967296 mtu 64Kb conform- exceed reclassify We can check that it was set correctly (burst is 4Gb): # tc -raw filter get dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw filter parent nnnn: protocol ip pref 1 fw chain 0 handle 0x1 police 0x1 rate 10Gbit burst 4Gb mtu 64Kb [03333334] peakrate 10Gbit action reclassify overhead 0b Remove the filter: # tc filter del dev eth0 protocol ip prio 1 parent nnnn: Try to set a filter with a burst that is greater than the maximum time: - # tc filter add dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw - police rate 1Mbit peakrate 10Gbit burst 34375000 mtu 64Kb conform-exceed - reclassify - - Check that if it was set correctly: - # tc -raw filter get dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw + # tc filter add dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw police rate 1Mbit peakrate 10Gbit burst 34375000 mtu 64Kb conform-exceed reclassify POLICE: burst out of range We see that it is out of range [Where problems could occur] Externally the only difference with the installed patch is that some commands that will previously overflow without errors will now fail. That might break some scripts but it can be argued that they were already broken before. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iproute2 in Ubuntu. https://bugs.launchpad.net/bugs/2125448 Title: Burst parameter of tc police only allows 4GB while the kernel can support much more Status in iproute2 package in Ubuntu: New Bug description: [Impact] The tc police burst option limits the size of the burst up to 4 GiB, i.e., UINT_MAX for a 32 bit unsigned int. However, the underlying implementation of burst is computed as "time at the specified rate", and for higher rates, a burst size exceeding 4 GiB is feasible without modification to the kernel. Conversely, there can be bursts smaller that 4 GiB that overflow the burst time calculation and that was not detected. [Test Plan] All the following commands must be run as root. We are assuming the tested interface is eth0. Add fq_codel queuing discipline # tc qdisc add dev eth0 root fq_codel Check the assigned discipline number # tc -s qdisc show dev eth0 qdisc fq_codel nnnn: root refcnt 13 limit ... Note the 4 digits nnnn number. It should be substituted for the nnnn number in the rest of the following commands. 1) Tests before the patch is applied Try to set a filter with a burst of exactly 4Gb at 10Gbit rate and see that it fails: # tc filter add dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw police rate 10Gbit peakrate 10Gbit burst 4294967296 mtu 64Kb conform-exceed reclassify Error: argument "4294967296" is wrong: buffer Try to set a filter with a burst that is greater than the maximum time: # tc filter add dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw police rate 1Mbit peakrate 10Gbit burst 34375000 mtu 64Kb conform- exceed reclassify Check if it was set correctly: # tc -raw filter get dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw filter parent nnnn: protocol ip pref 1 fw chain 0 handle 0x1 police 0x1 rate 1Mbit burst 15261b mtu 64Kb [001d1bf8] peakrate 10Gbit action reclassify overhead 0b We can see a result with the overflowed buffer (burst is 15261b) 2) Tests after the patch is applied: Try to set a filter with a burst of exactly 4Gb at 10Gbit rate: # tc filter add dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw police rate 10Gbit peakrate 10Gbit burst 4294967296 mtu 64Kb conform- exceed reclassify We can check that it was set correctly (burst is 4Gb): # tc -raw filter get dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw filter parent nnnn: protocol ip pref 1 fw chain 0 handle 0x1 police 0x1 rate 10Gbit burst 4Gb mtu 64Kb [03333334] peakrate 10Gbit action reclassify overhead 0b Remove the filter: # tc filter del dev eth0 protocol ip prio 1 parent nnnn: Try to set a filter with a burst that is greater than the maximum time: # tc filter add dev eth0 protocol ip prio 1 parent nnnn: handle 1 fw police rate 1Mbit peakrate 10Gbit burst 34375000 mtu 64Kb conform-exceed reclassify POLICE: burst out of range We see that it is out of range [Where problems could occur] Externally the only difference with the installed patch is that some commands that will previously overflow without errors will now fail. That might break some scripts but it can be argued that they were already broken before. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/2125448/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
