| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Jan 2015 18:13:35 +0000 From: Thomas Graf <tgraf@...g.ch> To: Tom Herbert <therbert@...gle.com> Cc: David Miller <davem@...emloft.net>, Linux Netdev List <netdev@...r.kernel.org> Subject: Re: [PATCH net-next 2/2] vxlan: Eliminate dependency on UDP socket in transmit path On 01/20/15 at 09:29am, Tom Herbert wrote: > I didn't see any reason to preclude that, if it needs to be symmetric > in that case it can be forced at the configuration. Being able to > receive RCO but not have to send it to certain peers is important use > case. You may want to consider this also for GBP if there are cases > where we accept GBP from different peers, but only send it to certain > ones. I think asymmetric configurations are fine, in particular receive-only. I was reluctant to the send-only scenario initially as I would expect a VTEP sending RCO frames on UDP dport 8472 to also always be able to accept RCO frames on that port. I can't come up with any specific cases where this would lead to problems though so I have no objections. As for GBP, as processing of the policy group requires additional iptables or OVS rules anyway, such behaviour would be implemented in those rules by either ignoring the mark or dropping such frames. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists