| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Feb 2019 16:43:57 +0200
From: Nikolay Aleksandrov <nikolay@...ulusnetworks.com>
To: nicolas.dichtel@...nd.com,
Callum Sinclair <callum.sinclair@...iedtelesis.co.nz>,
davem@...emloft.net, kuznet@....inr.ac.ru, yoshfuji@...ux-ipv6.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next] ipmr: ip6mr: Create new sockopt to clear mfc
cache or vifs
On 08/02/2019 16:18, Nicolas Dichtel wrote:
> Le 08/02/2019 à 05:11, Callum Sinclair a écrit :
>> Currently the only way to clear the mfc cache was to delete the entries
> mfc stands for 'multicast forwarding cache', so 'mfc cache' is a bit strange.
>
>> one by one using the MRT_DEL_MFC socket option or to destroy and
>> recreate the socket.
> Note that if entries were added with MRT_ADD_MFC_PROXY, they will survive to the
> socket destruction. This is not the case with your new cmd. Is it intended?
I think you're referring to MFC_STATIC entries (sk != mroute_sk). It
doesn't matter how you add an entry - they all get cleaned up if added
through the mroute socket.
> Maybe a third option (something like MRT_FLUSH_MFC_PROXY) would be useful to
> avoid confusion?
>
>>
>> Create a new socket option which will clear the multicast forwarding
>> cache on the socket without destroying the socket. The new socket option
>> MRT_FLUSH_ENTRIES will clear all multicast entries on the sockets table
>> and the MRT_FLUSH_VIFS will delete all multicast vifs on the socket
>> table.
>>
>> Signed-off-by: Callum Sinclair <callum.sinclair@...iedtelesis.co.nz>
>> ---
>> include/uapi/linux/mroute.h | 7 +++-
>> include/uapi/linux/mroute6.h | 7 +++-
>> net/ipv4/ipmr.c | 69 ++++++++++++++++++++-------------
>> net/ipv6/ip6mr.c | 74 ++++++++++++++++++++++--------------
>> 4 files changed, 100 insertions(+), 57 deletions(-)
>>
>> diff --git a/include/uapi/linux/mroute.h b/include/uapi/linux/mroute.h
>> index 5d37a9ccce63..673495ca3495 100644
>> --- a/include/uapi/linux/mroute.h
>> +++ b/include/uapi/linux/mroute.h
>> @@ -28,12 +28,17 @@
>> #define MRT_TABLE (MRT_BASE+9) /* Specify mroute table ID */
>> #define MRT_ADD_MFC_PROXY (MRT_BASE+10) /* Add a (*,*|G) mfc entry */
>> #define MRT_DEL_MFC_PROXY (MRT_BASE+11) /* Del a (*,*|G) mfc entry */
>> -#define MRT_MAX (MRT_BASE+11)
>> +#define MRT_FLUSH (MRT_BASE+12) /* Flush all multicast entries and vifs */
> nit: "Flush all mfc entries and/or vifs" ?
>
>> +#define MRT_MAX (MRT_BASE+12)
>>
>> #define SIOCGETVIFCNT SIOCPROTOPRIVATE /* IP protocol privates */
>> #define SIOCGETSGCNT (SIOCPROTOPRIVATE+1)
>> #define SIOCGETRPF (SIOCPROTOPRIVATE+2)
>>
>> +/* MRT_FLUSH optional flags */
>> +#define MRT_FLUSH_ENTRIES 1 /* For flushing all multicast entries */
> Maybe MRT_FLUSH_MFC is more consistent with the previous naming (MRT_ADD_MFC, etc.)
>
>
> Regards,
> Nicolas
>
Powered by blists - more mailing lists