lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 May 2010 15:33:01 +0200 From: Jiri Bohac <jbohac@...e.cz> To: David Miller <davem@...emloft.net> Cc: fubar@...ibm.com, jbohac@...e.cz, bonding-devel@...ts.sourceforge.net, netdev@...r.kernel.org Subject: Re: [PATCH] bonding: fix arp_validate on bonds inside a bridge On Tue, May 04, 2010 at 04:18:15PM -0700, David Miller wrote: > From: Jay Vosburgh <fubar@...ibm.com> > > Tested and it looks to work as advertised. I see only one minor > > nit, there's a pr_debug that missed being renamed to the new function > > name; here's the whole patch with that fixed. > > I don't think you need the ugly arp hook. > > Instead, it's much cleaner to provide a way for packet type taps to > see the packet before bridge et al. decapsulation. In fact this makes > a lot of sense, wanting to see the device as __netif_receive_skb() saw > it, with no changes whatsoever. > > In fact ptype_all runs before bridging, ING, and MACVLAN decap the > thing, so we could have a 'ptype_base_predecap[]' that we run over > right after those. I was considering exactly this, but I thought it would be rejected because of the overhead for all packets received. In fact, bonding could register the ARP handler in the ptype_all list and check itself whether the packets were ARPs. This would require no changes to __netif_receive_skb() at all, but would cause an extra fuction call and a condition for _every_ packet once a bond with arp_validate would be up. Having a ptype_base_predecap[] hashtable would still cause at least a comparision for _every_ packet, even without bonding being loaded (!). The current patch causes an extra comparison only for packets arriving on boding slaves. If either of the ptype_all or ptype_base_predecap[] method is preferred, I'll be happy to re-work the patch. I just thought performance had bigger priority here. -- Jiri Bohac <jbohac@...e.cz> SUSE Labs, SUSE CZ -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists