lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4D61FF9C.3080208@redfish-solutions.com>
Date:	Sun, 20 Feb 2011 22:01:00 -0800
From:	Philip Prindeville <philipp_subx@...fish-solutions.com>
To:	Benny Amorsen <benny+usenet@...rsen.dk>
CC:	David Miller <davem@...emloft.net>,
	torsten.schmidt@...06.tu-chemnitz.de, netdev@...r.kernel.org
Subject: Re: [PATCH] ipv4: add DiffServ priority based routing

On 3/12/10 3:18 AM, Benny Amorsen wrote:
> David Miller<davem@...emloft.net>  writes:
>
>> Look, this doesn't work.  QoS handling and policy belongs in the
>> egress point to the network, it's the only way to control this
>> properly and prevent abuse.
> First, QoS is important even within the network. Modern switches come
> pre-configured with sane defaults which ensure that e.g. EF marked
> packets get priority over non-EF-marked packets. Cisco, HP, and
> Linksys-Cisco at least provide a decent out-of-the-box configuration.
>
> This can obviously be abused, but the solution there is the same as in
> network abuses: Either apply the LART or change the configuration of the
> switches to be less trusting. We haven't, so far, had a customer where
> the LART was necessary, much less had to reconfigure a switch.
>
> So why not let Linux provide the same out-of-the-box experience as the
> switches do? If the trust is abused Linux provides lots of tools to make
> it less trusting or even to punish the abusers.
>
>
> /Benny

For those who want to use DiffServ as the out-of-the-box default configuration, and trust the marking on their traffic, I don't understand why certain folks are so adamant about not supporting this.

Torsten's patch to allow rt_tos2priority() to use IPTOS_PRECEDENCE() instead seemed reasonable.

Especially in a network using 802.1p or 802.1q encapsulation.


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ