lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 22 May 2014 00:26:06 +0900
From:	Simon Horman <horms@...ge.net.au>
To:	Jesse Gross <jesse@...ira.com>
Cc:	"dev@...nvswitch.org" <dev@...nvswitch.org>,
	netdev <netdev@...r.kernel.org>,
	Pravin B Shelar <pshelar@...ira.com>,
	Ben Pfaff <blp@...ira.com>, Ravi K <rkerur@...il.com>,
	Joe Stringer <joe@...d.net.nz>
Subject: Re: [PATCH v2.57] datapath: Add basic MPLS support to kernel

On Tue, May 20, 2014 at 07:05:28PM -0700, Jesse Gross wrote:
> On Tue, May 20, 2014 at 3:48 AM, Simon Horman <horms@...ge.net.au> wrote:
> > On Mon, May 19, 2014 at 06:34:05PM -0700, Jesse Gross wrote:
> >> On Thu, May 15, 2014 at 4:07 PM, Simon Horman <horms@...ge.net.au> wrote:
> >> > diff --git a/datapath/actions.c b/datapath/actions.c
> >> > index 603c7cb..7c3ae0c 100644
> >> > --- a/datapath/actions.c
> >> > +++ b/datapath/actions.c
> >> When we set the EtherType at the bottom of the function, I don't think
> >> that it is correct in the presence of VLAN tags because it will set
> >> the outer EtherType.
> >
> > I believe this comes back to the problem we have with tag ordering. A
> > problem which after the most recent discussion of this topic I planned to
> > kick into the long grass by only allowing push MPLS actions on packets with
> > a well defined tag order.
> 
> Right, I subconsciously keep forgetting this even though I know it's there.
> 
> > This is the purpose of the white list in ovs_nla_copy_actions__().  It is
> > supposed to only push MPLS actions for flows with an IPv4, IPv6, ARP, RARP
> > or MPLS ethtype.  However, I now think that the white list likely does not
> > work for VLAN packets as their flow's ethtype will be the inner-ethtype
> > (the one inside the VLAN tag) rather than a VLAN ethtype.
> >
> > I'm unsure how you would like to handle this but one possibility would be
> > simply for push_mpls() to return an error if it is called on an skb with a
> > VLAN tag present or if the ethtype doesn't match a white list. Another is
> > to set the inner ethtype.
> 
> Can't we just look at/track flow->tci to see if there is a vlan?

Yes :)

I had been thinking in terms of OpenFlow flows and thought
this wouldn't work. But I have verified that it does with datapath flows.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists