lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 25 Jan 2012 23:30:46 +0100
From:	Štefan Gula <>
To:	David Miller <>
Subject: Re: [patch v4, kernel version 3.2.1] net/ipv4/ip_gre: Ethernet
 multipoint GRE over IP

2012/1/25 David Miller <>:
> From: Štefan Gula <>
> Date: Wed, 25 Jan 2012 22:01:08 +0100
>> 2012/1/25 Stephen Hemminger <>:
>>> On Wed, 18 Jan 2012 00:33:14 +0100 (CET)
>>> Stefan Gula <> wrote:
>>>> From: Stefan Gula <>
>>>> This patch is an extension for current Ethernet over GRE
>>>> implementation, which allows user to create virtual bridge (multipoint
>>>> VPN) and forward traffic based on Ethernet MAC address information in
>>>> it. It simulates the Bridge behavior learning mechanism, but instead
>>>> of learning port ID from which given MAC address comes, it learns IP
>>>> address of peer which encapsulated given packet. Multicast, Broadcast
>>>> and unknown-multicast traffic is send over network as multicast
>>>> encapsulated GRE packet, so one Ethernet multipoint GRE tunnel can be
>>>> represented as one single virtual switch on logical level and be also
>>>> represented as one multicast IPv4 address on network level.
>>>> Signed-off-by: Stefan Gula <>
>>> Will this break normal usages of GRE?
>>> Compile time options are not acceptable for a standard distribution if
>>> it will break it for the other case. It is fine to add the additional data
>>> structure elements, but the code in the receive path might get broken?
>> No, if you don't decide to compile with given kernel option.. nothing
>> happens and original GRE code is leaved intact.
> Every distribution is going to want to turn the option on to provide
> the feature to their users, so this line of reasoning is not
> acceptable.
On the other hand, if you enable the compile this option, it modifies
the behavior only when you are using this command to create the
ip link add vpn0 type gretap local remote key 12345 ttl 10
please notice two major keywords:
 - gretap
My patch modifies the code behavior only if you used "gretap" and
remote IP must be valid multicast IP address. In every other
combinations it is still using plain original GRE codes. So enabling
it doesn't breaks anything else.
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists