lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Mon, 26 May 2008 13:23:18 -0700
From:	Ben Greear <greearb@...delatech.com>
To:	NetDev <netdev@...r.kernel.org>
Subject: Adding multiple multicast routing tables.

I am working on adding support for multiple multicast routing tables, and
would welcome some feedback if anyone has comments.

It looks like there are several globals currently.  I would plan to wrap 
those
in a 'mroute_table_entry struct and have the global be a hash of these
routing tables.

Inside this table, I'd add a hash of vifs (no more max limit for vifs),
the mroute_socket for this table, and 32-bit vif_index (routing-table id).

In the ip_mroute_setsockopt, add a 32-bit table-id to all of the
optnames.  This will increase the optlen by 4 for all options,
so we can know it's the new API.  For MRT_INIT, could pass
in something like this, for instance:

struct foo {
  uint32 mrt_table_idx;
  uint32 mrt_version;
}

Or, use entirely new MRT_* sockopts so there is no chance
of confusion.  I plan to update xorp to support this API, so I can be 
flexible on
the API.

User space will need a way to detect the new API.  I could probably
just try to INIT with a larger optlen.  2.6.25 (and probably many previous kernels) 

appears to error nicely if optlen != sizeof(int), so I can trigger on that.

The mcast table ID would be associated directly with the 'regular' routing
table index, so if the mcast is table-id 4444, then any routes 
associated with it
should be added to the unicast routing table 4444.  Or, it could be mapped,
but I am not sure there is much benefit for that added complexity.

getsockopt and the ioctl would need similar changes to the setsockopt.

ip_mr_input looks interesting...not sure how to decide which mroute_socket
it uses...maybe it doesn't matter?

And, for things like pim_rcv*, might need some sort of table lookup to
map a skb->dev into a mroute table so that it can handle the reg_vif_num
thing.  To make this really fast, a new member could be added to struct netdev.

A netdev may belong to no more that one mcast routing table.  If someone 
wants
to share NICS, they can use something like mac-vlans to multiplex the 
physical
device.

Suggestions are welcome.

Thanks,
Ben

-- 
Ben Greear <greearb@...delatech.com> 
Candela Technologies Inc  http://www.candelatech.com


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ