lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 22 Jul 2013 22:40:35 +0200
From:	Nicolas Dichtel <nicolas.dichtel@...nd.com>
To:	Fan Du <fan.du@...driver.com>
CC:	David Miller <davem@...emloft.net>,
	Steffen Klassert <steffen.klassert@...unet.com>,
	kuznet@....inr.ac.ru, yoshfuji@...ux-ipv6.org, jmorris@...ei.org,
	netdev@...r.kernel.org
Subject: Re: [RFC PATCH net-next] net: split rt_genid for ipv4 and ipv6

Le 22/07/2013 07:43, Fan Du a écrit :
> Adding IPsec and other IPv4/IPv6 maintainers in the list.
>
> On 2013年07月19日 17:33, David Miller wrote:
>> From: Fan Du<fan.du@...driver.com>
>> Date: Fri, 19 Jul 2013 15:50:20 +0800
>>
>>> The original commit is targeted for XFRM policy inserting/removing,
>>> but it uses net genid shared by both IPv4 and IPv6, the side effect is
>>> add/delete IPv4 address will invalidate IPv6 dst in all.
>>>
>>> We *do* need to bump genid when add/delete IPv6 address in scenario I
>>> described here: http://www.spinics.net/lists/netdev/msg243398.html,
>>> but definitely not from add/delete IPv4 address. Moreover test shows
>>> that DCCP still push thousands of packets on wire after delete its
>>> IPv6
>>> address in the same scenario I describe before.
>>>
>>> The impulse to bump genid for IPv6 is much more stronger after this
>>> commit even do it unintentionally.
>>
>> If you really think it will help, and it will still handle the IPSEC
>> case, you can make a seperate genid for ipv4 and ipv6 but that might not
>> work out so cleanly.
>>
>
> At least let me give it a try. Any comments would be truly welcome.
>
>
>  From c79215d64038d62340d77c6ac070d8bb479b2f89 Mon Sep 17 00:00:00 2001
> From: Fan Du <fan.du@...driver.com>
> Date: Mon, 22 Jul 2013 11:31:56 +0800
> Subject: [RFC PATCH net-next] net: split rt_genid for ipv4 and ipv6
>
> Current net name space has only one genid for both IPv4 and IPv6, it has below
> drawbacks:
>
> - Add/delete an IPv4 address will invalidate all IPv6 routing table entries.
> - Insert/remove XFRM policy will also invalidate both IPv4/IPv6 routing table
> entries
>    even when the policy is only applied for one address family.
>
> Thus, this patch attempt to split one genid for two to cater for IPv4 and IPv6
> separately
> in a fine granularity.
>
> Signed-off-by: Fan Du <fan.du@...driver.com>
> ---
>   include/net/net_namespace.h |   33 ++++++++++++++++++++++++++++-----
>   net/ipv4/route.c            |   16 ++++++++--------
>   net/ipv6/af_inet6.c         |    1 +
>   net/ipv6/route.c            |    4 ++--
>   net/xfrm/xfrm_policy.c      |    8 +++++++-
>   5 files changed, 46 insertions(+), 16 deletions(-)
>
> diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
> index 84e37b1..a08e312 100644
> --- a/include/net/net_namespace.h
> +++ b/include/net/net_namespace.h
> @@ -119,8 +119,11 @@ struct net {
>       struct netns_ipvs    *ipvs;
>   #endif
>       struct sock        *diag_nlsk;
> -    atomic_t        rt_genid;
>       atomic_t        fnhe_genid;
> +    atomic_t                rt_genid_ipv4;
> +#if IS_ENABLED(CONFIG_IPV6)
> +    atomic_t                rt_genid_ipv6;
> +#endif
>   };
Why not putting these new fields in 'struct netns_ipv4' and 'struct netns_ipv6'?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ