lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 1 May 2012 00:22:30 +0200
From:	Antonio Quartulli <ordex@...istici.org>
To:	David Miller <davem@...emloft.net>
Cc:	netdev@...r.kernel.org, b.a.t.m.a.n@...ts.open-mesh.org
Subject: Re: [PATCH 06/15] batman-adv: Distributed ARP Table - add snooping
 functions for ARP messages

On Mon, Apr 30, 2012 at 01:05:55 -0400, David Miller wrote:
> From: Antonio Quartulli <ordex@...istici.org>
> Date: Sun, 29 Apr 2012 10:57:38 +0200
> 
> > In case of an ARP message going in or out the soft_iface, it is intercepted and
> > a special action is performed. In particular the DHT helper functions previously
> > implemented are used to store all the ARP entries belonging to the network in
> > order to provide a fast and unicast lookup instead of the classic broadcast
> > flooding mechanism.
> > Each node stores the entries it is responsible for (following the DHT rules) in
> > its soft_iface ARP table. This makes it possible to reuse the kernel data
> > structures and functions for ARP management.
> > 
> > Signed-off-by: Antonio Quartulli <ordex@...istici.org>
> 
> Sorry, I'm not letting subsystems outside of net/ipv4/arp.c and related
> code make changes to the ARP table.
> 
> I plan to make major surgery to the way neighbour table entries are
> handled and therefore the less people who get their grubby paws
> directly in there, the better.
> 
> Find a way to propagate the ARP packet into the properl ARP receive
> path to cause the state update to occur, I'm not letting you trigger
> it by hand in the batman-adv code.
> 
> Sorry.


Hello David,

I perfectly understand. We did it that way because we thought that we could use
the exported API.

At this point, in my honest opinion, it is better to postpone this new feature
for a later pull request.

However this patch also contains a procedure which queries the neigh table in
order to understand whether a given host is known or not.
Would it be possible to do that in another way (Without manually touching the
table)?

Instead, in the next patch (patch 06/15) batman-adv manually increase the neigh
timeouts. Do you think we should avoid doing that as well? If we are allowed to
do that, how can we perform the same operation in a cleaner way?

Last question: why can't other modules use exported functions? Are you going to
change them as well?


Thank you very much,

-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ