lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 27 Mar 2015 12:36:27 +0000
From:	Thomas Graf <tgraf@...g.ch>
To:	Jiri Pirko <jiri@...nulli.us>
Cc:	Hannes Frederic Sowa <hannes@...essinduktion.org>,
	netdev@...r.kernel.org, davem@...emloft.net, jhs@...atatu.com,
	jesse@...ira.com
Subject: Re: [patch net-next] tc: introduce OpenFlow classifier

On 03/27/15 at 01:28pm, Jiri Pirko wrote:
> Fri, Mar 27, 2015 at 12:44:02PM CET, tgraf@...g.ch wrote:
> >On 03/27/15 at 07:07am, Jiri Pirko wrote:
> >> well, you can do *everything* with cls_bpf now that it supports ebpf.
> >> But I think it is a big hammer. cls_openflow suppose to be just
> >> replacement for existing ovs classification, with very simple and well
> >> understood uapi.
> >
> >The current linear filtering approach makes it not suitable
> >right now. No doubt that unifying flow classification would
> >be great to have.
> >
> >Once you start building some form of wildcarded hash tables
> >into this, I see a lot of overlap with cls_flow appearing.
> >What about extending cls_flow instead? Are you still planning
> >to have one cls_classifier instance per wildcard flow?
> 
> I'm not fan of extending cls_flow. It does something else. It calculates
> hash and set classid according to that. I like better to do cls_openflow
> on side.

You'll probably end up with a hash as well. I doubt that you
want to walk through a linear list of matches in the long term.
Not sure about your plans though.

> >I'm usually all for small steps and take it from there but you
> >are setting a uapi in stone here and once you add linear
> >filtering behaviour you can't just undo it without a ton of
> >flags.
> 
> 
> Sure, what exactly is your uapi change proposal? I'd be glad to
> incorporate it.

You are adding linear matching with first-add-first-match
behaviour. You can't break this order guarantee afterwards.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists