lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <511FD5A7.3050207@redhat.com>
Date:	Sat, 16 Feb 2013 13:53:27 -0500
From:	Vlad Yasevich <vyasevic@...hat.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
CC:	YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>,
	netdev@...r.kernel.org, davem@...emloft.net,
	Ben Greear <greearb@...delatech.com>
Subject: Re: [RFC PATCH net-next (V2)] ipv6: Queue fragments per interface
 for multicast/link-local addresses.

On 02/16/2013 11:15 AM, Eric Dumazet wrote:
> On Sat, 2013-02-16 at 20:39 +0900, YOSHIFUJI Hideaki wrote:
>
>> Could you elaborate, please?
>>
>> The patch does not compare incoming interface if address is
>> non-link-local unicast address.
>
> There must be a reason ipv6 reasm is duplicated in
> net/ipv6/netfilter/nf_conntrack_reasm.c
>
> netfilter uses the notion of ct zone, and several nics can belong to
> same zone.
>
> Anyway your patch touches netfilter land, so must be CC to netfilter
> guys.
>
> M:      Pablo Neira Ayuso <pablo@...filter.org>
> M:      Patrick McHardy <kaber@...sh.net>
> L:      netfilter-devel@...r.kernel.org
>

Looks like netfilter implementation will benefit from a similar patch as 
well.  I like the idea of tagging the reassembly queue with the 
interface and I think it would have application in netfilter as well.
Link-local traffic is limited to the interface already, so that 
shouldn't break netfilter assumptions.  Multicast traffic is also bound
to an interface since group membership is per interface.  If multiple 
interfaces are receiving the same fragmented multicast traffic, we want
multiple reassembly queues, or we'd end up discarding.

-vlad

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ