lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 15 Aug 2012 21:42:03 +0800
From:	Jason Wang <jasowang@...hat.com>
To:	jhs@...atatu.com
CC:	netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
	davem@...emloft.net
Subject: Re: [PATCH] act_mirred: do not drop packets when fails to mirror
 it

On 08/15/2012 08:35 PM, Jamal Hadi Salim wrote:
> On Wed, 2012-08-15 at 17:37 +0800, Jason Wang wrote:
>> We drop packet unconditionally when we fail to mirror it. This is not intended
>> in some cases.
> Hi Jason,
> Did you actually notice the behavior you described or were you going by
> the XXX comment I had in the code?
>
> cheers,
> jamal
Hi Jamal:

I met it actually through the following steps:

- start a kvm guest with tap and make it to be an interface of the bridge
- mirror the ingress traffic of the bridge to the tap
- terminate the qemu process, the tap device is then removed
- all packet goes to bridge would be dropped, so the network of guests 
in the same bridge would be broken

It's hard for the management to forcast the termination of the porcess 
and clean the mirroring before. The realistic way is to remove the 
mirroring after the termination of the process. So, if we drop the 
packets when the mirred device (tap) is removed, in the gap between the 
qemu termitnaion and disabling mirroring, the bridge ( and other VMs 
using the it) would not recevie any packet.

>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists