lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Tue, 25 Aug 2020 14:01:27 +0200
From:   Ahmed Abdelsalam <ahabdels@...il.com>
To:     David Miller <davem@...emloft.net>
Cc:     kuznet@....inr.ac.ru, yoshfuji@...ux-ipv6.org, kuba@...nel.org,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        andrea.mayer@...roma2.it
Subject: Re: [net-next v4] seg6: using DSCP of inner IPv4 packets



On 25/08/2020 03:11, David Miller wrote:
> From: Ahmed Abdelsalam <ahabdels@...il.com>
> Date: Mon, 24 Aug 2020 08:51:24 +0000
> 
>> This patch allows copying the DSCP from inner IPv4 header to the
>> outer IPv6 header, when doing SRv6 Encapsulation.
>>
>> This allows forwarding packet across the SRv6 fabric based on their
>> original traffic class.
>>
>> Signed-off-by: Ahmed Abdelsalam <ahabdels@...il.com>
> 
> "Allows" sounds like the behavior is optional, but that is not what
> is happening here.  You are making this DSCP inheritance behavior
> unconditional.
> 
> I've stated that the current behavior matches what other ipv6
> tunneling devices do, and therefore we should keep it that way.
> 
> Furthermore, this behavior has been in place for several releases
> so you cannot change it by default.  People may be depending upon
> how things work right now.
> 

Ok. I added a new sysctl (seg6_inherit_inner_ipv4_dscp) to 
enable/disable the new behavior.

The sysctl will be checked in case of IPv4 traffic.
In the IPv6 case, there is no change as the code is already copying the 
DSCP from the inner IPv6 packet.

I'm sending a new patch.


> Also:
> 
>> @@ -130,6 +129,7 @@ int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh, int proto)
>>   	struct ipv6_sr_hdr *isrh;
>>   	int hdrlen, tot_len, err;
>>   	__be32 flowlabel;
>> +	u8 tos = 0, hop_limit;
> 
> Need to preserve reverse christmas tree here.
> 
Fixed in the new patch.

Powered by blists - more mailing lists