lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Dec 2015 13:23:23 -0800 From: Joe Stringer <joe@....org> To: Or Gerlitz <gerlitz.or@...il.com> Cc: Jarno Rajahalme <jarno@....org>, Jesse Gross <jesse@...nel.org>, Or Gerlitz <ogerlitz@...lanox.com>, Haggai Eran <haggaie@...lanox.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, Ilya Lesokhin <ilyal@...lanox.com>, Rony Efraim <ronye@...lanox.com>, Hadar Hen Zion <hadarh@...lanox.com>, Tal Anker <Ankertal@...lanox.com> Subject: Re: OVS VXLAN decap rule has full match on TTL for the outer headers? On 10 December 2015 at 13:06, Or Gerlitz <gerlitz.or@...il.com> wrote: > On Wed, Dec 9, 2015 at 2:22 AM, Joe Stringer <joe@....org> wrote: >> On 8 December 2015 at 13:23, Or Gerlitz <gerlitz.or@...il.com> wrote: >>> On Tue, Dec 8, 2015 at 9:20 PM, Joe Stringer <joe@....org> wrote: > >>>>> Apologies for the delayed response, we haven't found anything >>>>> interesting yet although we've mostly looked at plain set-field >>>>> actions with a combination of kernel/userspace versions. I plan to >>>>> carve out some time later this week to take another look. > >>>> (resending due to teething issues with new email and plain-text, sorry >>>> for the spam) > >>>> As far as the mask, I briefly discussed this with Jarno and it seems >>>> like it could be something as simple as zeroing the ip_ttl mask in >>>> tnl_wc_init(). > >>> to make sure I follow, will that have the consequence that we (user + >>> kernel) will practically not be testing the ttl for these flows? > >> Yes, it would cause userspace to 'wildcard' the field so the kernel >> flows that are installed will ignore it during lookup. > > Cool, any chance this is gonna fit into your schedule to meet 4.4? if > not, for 4.5? > > Also, can the patch be made simple/small enough to go into -stable as well? It's a userspace change. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists