lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 20 Nov 2018 08:39:12 +0100
From:   Jiri Pirko <jiri@...nulli.us>
To:     David Miller <davem@...emloft.net>
Cc:     pablo@...filter.org, netdev@...r.kernel.org,
        thomas.lendacky@....com, f.fainelli@...il.com,
        ariel.elior@...ium.com, michael.chan@...adcom.com,
        santosh@...lsio.com, madalin.bucur@....com,
        yisen.zhuang@...wei.com, salil.mehta@...wei.com,
        jeffrey.t.kirsher@...el.com, tariqt@...lanox.com,
        saeedm@...lanox.com, jiri@...lanox.com, idosch@...lanox.com,
        jakub.kicinski@...ronome.com, peppe.cavallaro@...com,
        grygorii.strashko@...com, andrew@...n.ch,
        vivien.didelot@...oirfairelinux.com, alexandre.torgue@...com,
        joabreu@...opsys.com, linux-net-drivers@...arflare.com,
        ganeshgr@...lsio.com, ogerlitz@...lanox.com
Subject: Re: [PATCH 00/12 net-next,v2] add flow_rule infrastructure

Mon, Nov 19, 2018 at 09:12:29PM CET, davem@...emloft.net wrote:
>From: Pablo Neira Ayuso <pablo@...filter.org>
>Date: Mon, 19 Nov 2018 01:15:07 +0100
>
>> This patchset introduces a kernel intermediate representation (IR) to
>> express ACL hardware offloads, as already described in previous RFC and
>> v1 patchset [1] [2]. The idea is to normalize the frontend U/APIs to use
>> the flow dissectors and the flow actions so drivers can reuse the
>> existing TC offload driver codebase - that has been converted to use the
>> flow_rule infrastructure.
>
>I'm go to bring up the elephant in the room.
>
>I think the real motivation here is to offload netfilter rules to HW,
>and you should be completely honest about that.

Sure, but this patchset is mainly about making the parsing code in
drivers common no matter from where the "flow rule" comes. If later on
the netfilter code will use it, through another ndo/notifier/whatever,
that is side a nice side-effect in my opinion.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ