lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Oct 2011 08:40:23 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Dan Siemon <dan@...erfire.com> Cc: netdev <netdev@...r.kernel.org> Subject: Re: [PATCH] cls_flow: Add tunnel support to the flow classifier Le dimanche 16 octobre 2011 à 19:06 -0400, Dan Siemon a écrit : > When used on an interface carrying tunneled traffic the flow classifier > can't look into the tunnels so all of the traffic within the tunnel is > treated as a single flow. This does not allow any type of intelligent > queuing to occur. This patch adds new keys to the flow classifier which > look inside the tunnel. Presently IP-IP, IP-IPv6, IPv6-IPv6 and IPv6-IP > tunnels are supported. > > If you are interested I have posted some background and experimental > results at: > http://www.coverfire.com/archives/2011/10/16/making-the-linux-flow-classifier-tunnel-aware/ > > The related iproute2 patch can be found at the above URL as well. > > Signed-off-by: Dan Siemon <dan@...erfire.com> > Hi Dan You're adding a lot of code (omitting the diffstat :( ) for a specific usage, yet GRE tunnels are not supported. IPv6 part is also a bit limited : It assumes TCP/UDP headers are the first ones. Maybe its time to use ipv6_skip_exthdr() ? Note also that if we pull (with pskb_network_may_pull()) too many bytes, we kill routing performance on paged frags devices, wich are now becoming very common. Adding tunnel support and deep packet inspection might require the use of skb_header_pointer() wich does the copy of needed data without requiring expensive reallocation of skb head. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists