| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Mar 2016 19:16:22 +0100 From: Jiri Benc <jbenc@...hat.com> To: Tom Herbert <tom@...bertland.com> Cc: Linux Kernel Network Developers <netdev@...r.kernel.org> Subject: Re: [PATCH net-next 1/5] vxlan: implement GPE in L2 mode On Mon, 29 Feb 2016 09:13:50 -0800, Tom Herbert wrote: > As defined now, GPB can't be used with VXLAN-GPE at all, but when I > read your patch it looks very much like GPB is being checked and > allowed in the VXLAN-GPE path. The fact that "if (vs->flags & > VXLAN_F_GBP)" always fails for VXLAN-GPE packets because of > configuration constraints is not at all obvious, and really this just > results in an unnecessary conditional that gives the same answer for > every single VXLAN-GPE packet which we've already checked for just a > few lines above. At least the check for GPB could be moved to an else > block of " if (vs->flags & VXLAN_F_GPE)", this alone improves clarity > and eliminates an unnecessary conditional in the VXLAN-GPE path. The problem here is ordering. GPE needs to be called before iptunnel_pull_header, while GBP needs to be called after udp_tun_rx_dst (and hence after iptunnel_pull_header). I agree that it's a check that's done for every packet and would be nice to get rid of. On the other hand, the amount of processing in the rx path of vxlan is so huge that it hardly matters. Yes, we should work on overall vxlan performance and it's something I'm actually looking into. As for not being obvious that the GBP processing can't happen, I see your point. I'll add a comment that explains this to the code in v2. Thanks, Jiri
Powered by blists - more mailing lists