| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <577CD74B.5070805@mojatatu.com> Date: Wed, 6 Jul 2016 06:02:51 -0400 From: Jamal Hadi Salim <jhs@...atatu.com> To: Cong Wang <xiyou.wangcong@...il.com> Cc: David Miller <davem@...emloft.net>, Linux Kernel Network Developers <netdev@...r.kernel.org>, Daniel Borkmann <daniel@...earbox.net>, nikolay@...ulusnetworks.com Subject: Re: [PATCH v2 net-next 1/1] net sched actions: mirred add support for setting Dst MAC address On 16-07-05 02:19 PM, Cong Wang wrote: > On Tue, Jul 5, 2016 at 4:04 AM, Jamal Hadi Salim <jhs@...atatu.com> wrote: >> Second arguement usability, from: >> to: >> $TC filter add dev $ETH parent 1: protocol ip prio 10 \ >> u32 match ip protocol 1 0xff flowid 1:2 \ >> action mirred egress redirect dev $SPANPORT dst 02:15:15:15:15:15 >> >> given that I have to do this many many times in scripts and the >> second policy is better eye candy. > > How about adding a "wrapper" in iproute2 pedit action to make > it accept "dst mac xx:xx:xx:xx:xx:xx"? Like what we did for u32 > filters. > Thats what we do today. Its fugly and debugging is nasty (having to stare at 10s or hundreds of outputs looking at offset and bytes when something goes wrong). It is ok to use pedit as a starting point because you can quickly craft things without any kernel changes. But when you start heavily using something handcrafted its usability starts affecting you. I will work on and send the skbmod patch next time i get cycles. cheers, jamal
Powered by blists - more mailing lists