| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Jul 2018 05:06:34 -0700
From: dsahern@...nel.org
To: netdev@...r.kernel.org
Cc: nikita.leshchenko@...cle.com, roopa@...ulusnetworks.com,
stephen@...workplumber.org, idosch@...lanox.com, jiri@...lanox.com,
saeedm@...lanox.com, alex.aring@...il.com,
linux-wpan@...r.kernel.org, netfilter-devel@...r.kernel.org,
linux-kernel@...r.kernel.org, David Ahern <dsahern@...il.com>
Subject: [PATCH RFC/RFT net-next 00/17] net: Convert neighbor tables to per-namespace
From: David Ahern <dsahern@...il.com>
Nikita Leshenko reported that neighbor entries in one namespace can
evict neighbor entries in another. The problem is that the neighbor
tables have entries across all namespaces without separate accounting
and with global limits on when to scan for entries to evict.
Resolve by making the neighbor tables for ipv4, ipv6 and decnet per
namespace and making the accounting and threshold limits per namespace.
David Ahern (17):
net/ipv4: rename ipv4_neigh_lookup to ipv4_dst_neigh_lookup
net/neigh: export neigh_find_table
net/ipv4: wrappers for arp table references
net/ipv4: Remove open coded use of arp table
net/ipv6: wrappers for neighbor table references
net/ipv6: Remove open coded use of neighbor table
drivers/net: remove open coding of neighbor tables
net: Remove nd_tbl from ipv6 stub
net: Remove arp_tbl and nd_tbl from headers
net: Add key_len to neighbor constructor
net: Change neigh_table_init and neigh_table_clear signature
net/neigh: Change neigh_xmit to take an address family
net/neighbor: Convert internal functions away from neigh_tables
net/ipv4: Convert arp table to per namespace
net/ipv6: Convert neighbor table to per-namespace
net/decnet: Move neighbor table to per-namespace
net/neighbor: Remove neigh_tables and NEIGH enum
drivers/infiniband/ulp/ipoib/ipoib_main.c | 14 +-
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 35 ++---
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 11 +-
.../net/ethernet/mellanox/mlxsw/spectrum_router.c | 27 ++--
.../net/ethernet/mellanox/mlxsw/spectrum_span.c | 8 +-
.../ethernet/netronome/nfp/flower/tunnel_conf.c | 2 +-
drivers/net/ethernet/rocker/rocker_main.c | 4 +-
drivers/net/ethernet/rocker/rocker_ofdpa.c | 2 +-
drivers/net/vrf.c | 4 +-
drivers/net/vxlan.c | 10 +-
include/net/addrconf.h | 1 -
include/net/arp.h | 25 +++-
include/net/ndisc.h | 75 +++++++++-
include/net/neighbour.h | 17 +--
include/net/net_namespace.h | 3 +
include/net/netns/ipv4.h | 1 +
include/net/netns/ipv6.h | 1 +
net/atm/clip.c | 14 +-
net/bridge/br_arp_nd_proxy.c | 4 +-
net/core/filter.c | 3 +-
net/core/neighbour.c | 115 +++++++++-----
net/decnet/dn_neigh.c | 8 +-
net/ieee802154/6lowpan/tx.c | 2 +-
net/ipv4/arp.c | 130 +++++++++-------
net/ipv4/devinet.c | 8 +-
net/ipv4/fib_semantics.c | 2 +-
net/ipv4/ip_output.c | 2 +-
net/ipv4/route.c | 12 +-
net/ipv6/addrconf.c | 16 +-
net/ipv6/af_inet6.c | 1 -
net/ipv6/ip6_output.c | 4 +-
net/ipv6/ndisc.c | 165 +++++++++++----------
net/ipv6/route.c | 12 +-
net/mpls/af_mpls.c | 33 ++---
net/mpls/mpls_iptunnel.c | 6 +-
net/netfilter/nf_flow_table_ip.c | 4 +-
net/netfilter/nft_fwd_netdev.c | 6 +-
37 files changed, 467 insertions(+), 320 deletions(-)
--
2.11.0
Powered by blists - more mailing lists