| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4B702711.6080800@trash.net> Date: Mon, 08 Feb 2010 16:00:33 +0100 From: Patrick McHardy <kaber@...sh.net> To: hadi@...erus.ca CC: Herbert Xu <herbert@...dor.apana.org.au>, David Miller <davem@...emloft.net>, Timo Teräs <timo.teras@....fi>, netdev@...r.kernel.org Subject: Re: [RFC]: xfrm by mark jamal wrote: > On Mon, 2010-02-08 at 14:30 +0100, Patrick McHardy wrote: > >> If you simply add the mark to the lookup key, it will break >> existing setups already using marks. I'd suggest to also add >> a mask which is initialized to 0 when no mark attribute is >> present. > > Good point - better safe than sorry (especially after the havoc > that ingress mark caused;->) > > Would it be easier to just add a global sysctl with default being > "dont use marks"? It will be less memory use than a 32-bit mask per > mark.. I'd prefer masks since the mark size is pretty small and its already quite complicated to fit everything in 32 bit in complex setups. We also support masks everywhere else (I believe) for mark values nowadays. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists