lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250315195910.17659-1-ericwouds@gmail.com>
Date: Sat, 15 Mar 2025 20:59:07 +0100
From: Eric Woudstra <ericwouds@...il.com>
To: Michal Ostrowski <mostrows@...thlink.net>,
	Andrew Lunn <andrew+netdev@...n.ch>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>,
	Pablo Neira Ayuso <pablo@...filter.org>,
	Jozsef Kadlecsik <kadlec@...filter.org>,
	Simon Horman <horms@...nel.org>
Cc: netdev@...r.kernel.org,
	netfilter-devel@...r.kernel.org,
	linux-hardening@...r.kernel.org,
	Eric Woudstra <ericwouds@...il.com>
Subject: [PATCH v10 nf-next 0/3] Add nf_flow_encap_push() for xmit direct

To have the ability to handle xmit direct with outgoing encaps in the
bridge fastpass bypass, we need to be able to handle them without going
through vlan/pppoe devices.

So I've applied, amended and squashed wenxu's patch-set.

This patch also makes it possible to egress from vlan-filtering brlan to
lan0 with vlan tagged packets, if the bridge master port is doing the
vlan tagging, instead of a vlan-device, as seen in the figure below.
Without this patch, this is currently not possible in the
forward-fastpath.

         forward fastpath bypass
 .----------------------------------------.
/                                          \
|                        IP - forwarding    |
|                       /                \  v
|                      /                  wan ...
|                     /
|                     |
|                     |
|    +-------------------------------+
|    |          untagged             |
|    |             to                |
|    |           vlan 1              |
|    |                               |
|    |     brlan (vlan-filtering)    |
|    +---------------+               |
|    |  DSA-SWITCH   |               |
|    |               |    vlan 1     |
|    |               |      to       |
|    |   vlan 1      |   untagged    |
|    +---------------+---------------+
.         /                   \
 ------>lan0                 wlan1
        .
        .
        .
        .
        .
        ^
     vlan 1 tagged packets

Added patch to eliminate array of flexible structures warning.

Added patch to clean up structures.

Split from patch-set: bridge-fastpath and related improvements v9

Eric Woudstra (3):
  net: pppoe: avoid zero-length arrays in struct pppoe_hdr
  netfilter: nf_flow_table_offload: Add nf_flow_encap_push() for xmit
    direct
  netfilter: flow: remove hw_outdev, out.hw_ifindex and out.hw_ifidx

 drivers/net/ppp/pppoe.c               |  2 +-
 include/net/netfilter/nf_flow_table.h |  2 -
 include/uapi/linux/if_pppox.h         |  4 ++
 net/netfilter/nf_flow_table_core.c    |  1 -
 net/netfilter/nf_flow_table_ip.c      | 96 ++++++++++++++++++++++++++-
 net/netfilter/nf_flow_table_offload.c |  2 +-
 net/netfilter/nft_flow_offload.c      | 10 +--
 7 files changed, 102 insertions(+), 15 deletions(-)

-- 
2.47.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ