lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 4 Jan 2024 18:33:43 -0800
From: Eyal Birger <eyal.birger@...il.com>
To: Jamal Hadi Salim <jhs@...atatu.com>
Cc: Jakub Kicinski <kuba@...nel.org>, Stephen Hemminger <stephen@...workplumber.org>, netdev@...r.kernel.org, 
	Florian Westphal <fw@...len.de>, victor@...atatu.com
Subject: Re: [PATCH iproute2-next v2] remove support for iptables action

Hi,

On Thu, Jan 4, 2024 at 8:15 AM Jamal Hadi Salim <jhs@...atatu.com> wrote:
>
> On Thu, Jan 4, 2024 at 10:25 AM Jakub Kicinski <kuba@...nel.org> wrote:
> >
> > On Wed, 27 Dec 2023 12:25:24 -0500 Jamal Hadi Salim wrote:
> > > On Tue, Dec 26, 2023 at 1:25 PM Stephen Hemminger
> > > <stephen@...workplumber.org> wrote:
> > > >
> > > > There is an open upstream kernel patch to remove ipt action from
> > > > kernel. This is corresponding iproute2 change.
> > > >
> > > >  - Remove support fot ipt and xt in tc.
> > > >  - Remove no longer used header files.
> > > >  - Update man pages.
> > > >
> > > > Signed-off-by: Stephen Hemminger <stephen@...workplumber.org>
> > >
> > > Does em_ipt need the m_xt*.c? Florian/Eyal can comment. Otherwise,
> > > Reviewed-by: Jamal Hadi Salim <jhs@...atatu.com>
> >
> > Damn, I was waiting for Eyal to comment but you didn't CC
> > either him or Florian 😆️
> >
> > Eyal, would it be possible for you to test if the latest
> > net-next and iproute2 with this patch works for you?
>
> Sorry bout that. Also Florian (who wrote the code).

I tested and it looks like the patch doesn't affect em_ipt, as expected.

I did however run into a related issue while testing - seems that
using the old "ingress" qdisc - that em_ipt iproute2 code still uses -
isn't working, i.e:

$ tc qdisc add dev ipsec1 ingress
Error: Egress block dev insert failed.

This seems to originate from recent commit 913b47d3424e
("net/sched: Introduce tc block netdev tracking infra").

When I disabled that code in my build I was able to use em_ipt
as expected.
Eyal.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ