| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Jul 2016 09:56:02 -0400 From: Jamal Hadi Salim <jhs@...atatu.com> To: Daniel Borkmann <daniel@...earbox.net>, Alexei Starovoitov <alexei.starovoitov@...il.com> Cc: davem@...emloft.net, netdev@...r.kernel.org, xiyou.wangcong@...il.com, nikolay@...ulusnetworks.com Subject: Re: [PATCH net-next 1/1] net_sched: Introduce skbmod action On 16-07-19 09:21 AM, Daniel Borkmann wrote: > True, the 32 bit chunks are more generic and as such you need to put more > effort in user space to handle them, but at the same time gain more > flexibility > w/o having to have a module for each and every proto. I dont see anything wrong with using pedit as a first step; even if you did what Cong said he would do _i wont use it_ given the choice against skbmod. I think we are going in circles now in this discussion. You probably didnt mean to say module per protocol above since we only have one action module [no different than what ebtables or openvswitch does. It may have more justifiable extensions in the future]. > But apart from this, > neither pedit nor tcf_skbmod_run() here handle checksum complete, so you'll > potentially get false positives wrt csum corruption and drops as a result > when using either of the two. > pedit maybe tricky. Any suggestions? On tcf_skbmod_run, mostly ignorance: while doing only ethernet updates; is it still needed to do the checksum complete? cheers, jamal
Powered by blists - more mailing lists