lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 23 May 2024 10:52:25 -0400
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: Chengen Du <chengen.du@...onical.com>, 
 Willem de Bruijn <willemdebruijn.kernel@...il.com>
Cc: Paolo Abeni <pabeni@...hat.com>, 
 davem@...emloft.net, 
 edumazet@...gle.com, 
 kuba@...nel.org, 
 alexandre.ferrieux@...nge.com, 
 netdev@...r.kernel.org, 
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH] af_packet: Handle outgoing VLAN packets without hardware
 offloading

Chengen Du wrote:
> Hi Willem, all,
> 
> Thank you for highlighting the QinQ and L2.5 issues.
> These are areas I am not very familiar with, and I appreciate your guidance.
> 
> To address the QinQ and L2.5 issues, the third approach seems like a
> promising solution.
> If I understand correctly, in the QinQ scenario, we need to preserve
> the link layer header because it includes two VLAN tags.
> For the L2.5 issue, we can adjust by pulling mac_len instead of
> skb_network_offset.
> In summary, we may need to retain the link layer header to enable
> receivers to parse different protocol scenarios.
> 
> Although this approach can resolve all issues, it requires the
> receiver's cooperation to implement the parsing logic of the link
> layer header.

I was about to bring up the same.

Existing BPF filters may expect L3 headers. A change like this will
have to be opt-in through a socket option.

Since I see no better option to support all L2.5 protocols, if this
is something that tcpdump/pcap would use, we should do it.

> I am concerned that this implementation may take time and adding it
> directly into the kernel could place time pressure on existing users.
> 
> I would like to propose some ideas and welcome your thoughts on them.
> Firstly, I suggest we address the VLAN issue using the second
> approach, as it appears to be a bug and can be resolved without
> affecting current users.

Agreed. Let me respond in more detail to your original patch.

> Secondly, we could introduce the link layer header preservation via a
> new packet socket flag.
> Receivers could implement and test this by enabling the socket flag.
> This way, we avoid disrupting existing receiver behavior while
> providing the capability to parse more complex protocols.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ