lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <554F9DE8.3000507@plumgrid.com>
Date:	Sun, 10 May 2015 11:05:28 -0700
From:	Alexei Starovoitov <ast@...mgrid.com>
To:	Pablo Neira Ayuso <pablo@...filter.org>
CC:	netdev@...r.kernel.org, davem@...emloft.net, jhs@...atatu.com,
	daniel@...earbox.net
Subject: Re: [PATCH 2/2 net-next] net: move qdisc ingress filtering code where
 it belongs

On 5/10/15 10:59 AM, Pablo Neira Ayuso wrote:
> On Sun, May 10, 2015 at 10:45:42AM -0700, Alexei Starovoitov wrote:
>> On 5/10/15 9:59 AM, Pablo Neira Ayuso wrote:
>>> The qdisc ingress filtering code is embedded into the core most likely because
>>> at that time we had no RCU in place to define a hook. This is semantically
>>> wrong as this violates the most basic rules of encapsulation.
>>
>> Yet another attempt to sneak in 'qdisc_ingress_hook' to kill TC ?
>> Just add another hook for netfilter. Seriously. Enough of these
>> politics.
>
> Absolutely not. I will not kill TC because people like jamal likes it,
> and that's more than an argument to me to keep it there.
>
> I have to ask you to stop harassing me all over with non-technical
> comments: "evil", "funny", ...

Please, I never called you 'evil'. Though we're arguing, it's ok,
because we both want the best for the kernel. We just not on the same
page yet.
'funny' also doesn't apply to you.
If you feel offended, I'm sorry. I didn't mean it at all.

> I'm getting quite enough of this, you stop that.

agree. let's articulate on exact technical means.
So, please, state clearly why you so much insisting of combining
existing tc and future netfilter hook into one that creates long
term head aches? What is wrong with two hooks?

>> Again, Daniel's patch accelerates super-critical ingress path even more.
>> Care to carefully read it first?
>
> No, Daniel is *not* benchmarking the netif_received_core() with no
> filtering at all.

sorry, not true. We did benchmark all combinations. Daniel posted
his, I'll send numbers from my box as well.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ