lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 18 Oct 2010 20:14:12 -0700
From:	Jesse Gross <jesse@...ira.com>
To:	Ben Hutchings <bhutchings@...arflare.com>
Cc:	davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [RFC PATCH 1/7] ebtables: Allow filtering of hardware accelerated
 vlan frames.

On Mon, Oct 18, 2010 at 12:58 PM, Ben Hutchings
<bhutchings@...arflare.com> wrote:
> On Wed, 2010-10-13 at 13:02 -0700, Jesse Gross wrote:
>> An upcoming commit will allow packets with hardware vlan acceleration
>> information to be passed though more parts of the network stack, including
>> packets trunked through the bridge.  This adds support for matching and
>> filtering those packets through ebtables.
>>
>> Signed-off-by: Jesse Gross <jesse@...ira.com>
>> ---
>>  net/bridge/br_netfilter.c       |   16 +++++++++-------
>>  net/bridge/netfilter/ebt_vlan.c |   38 +++++++++++++++++++++++---------------
>>  net/bridge/netfilter/ebtables.c |   15 +++++++++++----
>>  3 files changed, 43 insertions(+), 26 deletions(-)
>>
>> diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
>> index 7f9ce96..d6a4fec 100644
>> --- a/net/bridge/br_netfilter.c
>> +++ b/net/bridge/br_netfilter.c
>> @@ -64,22 +64,24 @@ static int brnf_filter_pppoe_tagged __read_mostly = 0;
>>
>>  static inline __be16 vlan_proto(const struct sk_buff *skb)
>>  {
>> -     return vlan_eth_hdr(skb)->h_vlan_encapsulated_proto;
>> +     if (skb->protocol == htons(ETH_P_8021Q))
>> +             return vlan_eth_hdr(skb)->h_vlan_encapsulated_proto;
>> +     else if (vlan_tx_tag_present(skb))
>> +             return skb->protocol;
>
> If there are two levels of VLAN-encapsulation, this will return either
> the inner or outer tag depending on whether VLAN acceleration is being
> used.  It should behave consistently.

Thanks, you're right.  I fixed it to always use the outer tag (same as
previous behavior).
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ