lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Jun 2016 21:14:52 -0700 From: David Ahern <dsa@...ulusnetworks.com> To: netdev@...r.kernel.org Cc: David Ahern <dsa@...ulusnetworks.com> Subject: [PATCH net-next 0/2] net: vrf: Improve use of FIB rules Currently, VRFs require 1 oif and 1 iif rule per address family per VRF. As the number of VRF devices increases it brings scalability issues with the increasing rule list. All of the VRF rules have the same format with the exception of the specific table id to direct the lookup. Since the table id is available from the oif or iif in the loopup, the VRF rules can be consolidated to a single rule that pulls the table from the VRF device. This solution still allows a user to insert their own rules for VRFs, including rules with additional attributes. Accordingly, it is backwards compatible with existing setups and allows other policy routing as desired. David Ahern (2): net: Add l3mdev rule net: vrf: Add l3mdev rules on first device create drivers/net/vrf.c | 114 ++++++++++++++++++++++++++++++++++++++++- include/net/fib_rules.h | 24 ++++++++- include/net/l3mdev.h | 12 +++++ include/uapi/linux/fib_rules.h | 1 + net/core/fib_rules.c | 33 ++++++++++-- net/ipv4/fib_rules.c | 5 +- net/ipv6/fib6_rules.c | 5 +- net/l3mdev/l3mdev.c | 38 ++++++++++++++ 8 files changed, 220 insertions(+), 12 deletions(-) -- 2.1.4
Powered by blists - more mailing lists