lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Feb 2014 09:50:25 +0100 From: Nicolas Dichtel <nicolas.dichtel@...nd.com> To: Pravin Shelar <pshelar@...ira.com> CC: David Miller <davem@...emloft.net>, netdev <netdev@...r.kernel.org>, "Templin, Fred L" <Fred.L.Templin@...ing.com>, Steffen Klassert <steffen.klassert@...unet.com>, Hannes Frederic Sowa <hannes@...essinduktion.org> Subject: Re: [PATCH net] net: Clear local_df only if crossing namespace. Le 12/02/2014 18:05, Pravin Shelar a écrit : > On Wed, Feb 12, 2014 at 1:32 AM, Nicolas Dichtel > <nicolas.dichtel@...nd.com> wrote: >> Le 12/02/2014 05:26, Pravin Shelar a écrit : >> >>> On Mon, Feb 10, 2014 at 6:11 PM, Hannes Frederic Sowa >>> <hannes@...essinduktion.org> wrote: >>>> >>>> On Mon, Feb 10, 2014 at 01:00:14PM -0800, Pravin Shelar wrote: >>>>> >>>>> On Fri, Feb 7, 2014 at 4:58 PM, Hannes Frederic Sowa >>>>> <hannes@...essinduktion.org> wrote: >>>>>> >>>>>> May I know because of wich vport, vxlan or gre, you did this change? >>>>>> >>>>> It affects both gre and vxlan. >>>> >>>> >>>> Ok, thanks. >>>> >>>>>> I am feeling a bit uncomfortable handling remote and local packets that >>>>>> differently on lower tunnel output (local_df is mostly set on locally >>>>>> originating packets). >>>>> >>>>> >>>>> For ip traffic it make sense to turn on local_df only for local >>>>> traffic, since for remote case we can send icmp (frag-needed) back to >>>>> source. No such thing exist for OVS tunnels. ICMP packet are not >>>>> returned to source for the tunnels. That is why to be on safe side, >>>>> local_df is turned on for tunnels in OVS. >>>> >>>> >>>> I have a proposal: >>>> >>>> I don't like it that much because of the many arguments. But I currently >>>> don't see another easy solution. Maybe we should make bool xnet an enum >>>> and >>>> test with bitops? >>>> >>>> I left the clearing of local_df in skb_scrub_packet as we need it for the >>>> dev_forward_skb case and it should be done that in any case. >>>> >>>> This diff is slightly compile tested. ;) >>>> >>>> I can test and make proper submit if you agree. >>>> >>>> What do you think? >>>> >>> >>> I am not sure why the caller can not just set skb->local_df before >>> calling iptunnel_xmit() rather than passing extra arg to this >>> function? >>> There are not that many caller of this function. >> >> The benefit is that it ensures that future callers will think about this >> point >> ;-) >> > > But that add extra test cases in fast path. > For example OVS we can not reset skb->mark in skb_scrub_packet(). I am > going to send patch for that too. Do you think I should add another > argument for skb-mark clear too ? Maybe this will be the same argument than local_df: 'bool ovs' (probably find a better name ;-)) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists