lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAM_iQpW9kUzip+p8fCkD4wH7KbAv8aR-Fqa0iRwPYdzk8+4Tqw@mail.gmail.com>
Date:	Sun, 22 Dec 2013 11:42:28 -0800
From:	Cong Wang <xiyou.wangcong@...il.com>
To:	Jamal Hadi Salim <jhs@...atatu.com>
Cc:	Linux Kernel Network Developers <netdev@...r.kernel.org>,
	"David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH net-next v4 3/8] net_sched: mirred: remove action when the
 target device is gone

On Sun, Dec 22, 2013 at 8:15 AM, Jamal Hadi Salim <jhs@...atatu.com> wrote:
>
>
> I am sorry Cong - I will still object to this change. I dont want
> to even bother testing it.
> You are making some serious policy decisions in the kernel.
> Such policy decisions should be made by user space not the kernel.

You know qdiscs and filters are removed too when the device
is gone, right? So isn't that also a policy you are talking about?

This doesn't make any sense to me, if it did, you should remove
all net device notifications in kernel, right?

> Whoever made the idiotic decision of removing the device should
> modify or delete the flow rule - at minimal they
> may deserve some warning. Deleting the action is wrong. It is simple
> graph theory.

Have you ever thought about how hard it is to remove a mirred action
upon the device removal? Even with libnl, we still have to:

1) monitor the device removal notification
2) search the action cache to get the action matches the target device
3) search for the filters that contains such actions
4) remove the action by changing the filters it is attached

Try it and see how much more work you will do, compare it with
this kernel patch. It would not be hard to conclude which is easier.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ