lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 18 Aug 2010 20:42:00 +0800
From:	Changli Gao <xiaosuo@...il.com>
To:	hadi@...erus.ca
Cc:	"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [PATCH 5/8] net_sched: cls_flow: use proto_ports_offset() to
 support AH message

On Wed, Aug 18, 2010 at 7:02 PM, jamal <hadi@...erus.ca> wrote:
> On Wed, 2010-08-18 at 13:05 +0800, Changli Gao wrote:
>
>> -static int has_ports(u8 protocol)
>> -{
>> -     switch (protocol) {
>> -     case IPPROTO_TCP:
>> -     case IPPROTO_UDP:
>> -     case IPPROTO_UDPLITE:
>> -     case IPPROTO_SCTP:
>> -     case IPPROTO_DCCP:
>> -     case IPPROTO_ESP:
>> -             return 1;
>> -     default:
>> -             return 0;
>> -     }
>> -}
>> -
>>  static u32 flow_get_proto_src(struct sk_buff *skb)
>>  {
>>       switch (skb->protocol) {
>>       case htons(ETH_P_IP): {
>>               struct iphdr *iph;
>> +             int poff;
>>
>>               if (!pskb_network_may_pull(skb, sizeof(*iph)))
>>                       break;
>>               iph = ip_hdr(skb);
>> -             if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) &&
>> -                 has_ports(iph->protocol) &&
>> -                 pskb_network_may_pull(skb, iph->ihl * 4 + 2))
>> -                     return ntohs(*(__be16 *)((void *)iph + iph->ihl * 4));
>> +             if (iph->frag_off & htons(IP_MF|IP_OFFSET))
>> +                     break;
>> +             poff = proto_ports_offset(iph->protocol);
>> +             if (poff >= 0 &&
>
>
> I dont think this maintains the same semantic. Ex: In the original code
> AH returns 0. In your case it returns 4 and passes the above test.
> Same with the other spot.
>

I suppose we want to spread the traffic as possible as we can. For
ESP, we use the SPI as a key. And I think we can also use SPI in the
AH header as a key. It does change the semantic slightly for AH, but I
should not hurt, as the only effect is that the AH traffic is
distributed into different flows according to their different SPI.

-- 
Regards,
Changli Gao(xiaosuo@...il.com)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ