lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 7 May 2013 16:17:40 +0200
From:	Antonio Quartulli <antonio@...n-mesh.com>
To:	Jamal Hadi Salim <jhs@...atatu.com>
CC:	"David S. Miller" <davem@...emloft.net>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: Using skb->mark outside netfilter

On Tue, May 07, 2013 at 06:30:04 -0700, Jamal Hadi Salim wrote:
> On 13-05-07 09:23 AM, Antonio Quartulli wrote:
> 
> > The mark is not really encoded in the batman header.
> >
> > Each node is configured with a mark value (the values have to be the same on
> > everynode in order to make the mechanism work correctly), then batman-adv will
> > advertise to the rest of the mesh which host is sending marked packets.
> >
> [..]
> > Receiving nodes will then restore the mark in the skb each time it is coming from
> > one of those advertised hosts.
> >
> 
> I see - so some control "protocol" will be used to advertise the mark
> and which host will use such a mark? Or are you saying some admin is
> going around and configuring 100 batman nodes? ;->

The mark is locally configured. So no control protocol that advertised it.
It will be a new config option of batman-adv, like others that it already has.

What you are talking about is a common config problem in a mesh network:
whenever you have to change something you have to do it on each and every
node..we can't do anything about that :) Everybody uses is own solution for this.

However the mark is only important locally, because no matter what mark a node
will use, the important part is that batman-adv and tc are using the same (on
the same node).


By the way we will have soon a userspace daemon (namely "alfred") which can be
used to spread "external" information over the mesh and this mark may be one of
them (if we really wanted to coordinate it, but it is not necessary as I
explained before).


> 
> Note: I have no freaking clue in regards to batman or its usage.
> 

no problem :)

> > A future feature may consists in carrying the mark directly into the header so
> > that batman-adv itself does not have to take care about the meaning of such
> > value but will just carry it (we still have to think about it...it is just an
> > idea now)
> >
> 
> I think that may be more interesting because it may allow you to use
> many different marks with many different meanings. It doesnt disqualify
> a control protocol advertising the mark.
> 

Yeah that would really be interesting.
Maybe we will implement it as soon as more uses cases will pop up. Actually this
simple distributed access control is the only purpose we have in mind at the
moment :)

Thank you very much for your valuable feedbacks!

Cheers,

-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ