| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <57B14D9B.8040802@gmail.com> Date: Sun, 14 Aug 2016 22:05:31 -0700 From: John Fastabend <john.fastabend@...il.com> To: Cong Wang <xiyou.wangcong@...il.com>, Amir Vadai <amir@...ai.me> Cc: Jamal Hadi Salim <jhs@...atatu.com>, Jiri Pirko <jiri@...lanox.com>, Linux Kernel Network Developers <netdev@...r.kernel.org>, Or Gerlitz <ogerlitz@...lanox.com>, Hadar Har-Zion <hadarh@...lanox.com>, Oded Shanoon <odeds@...lanox.com>, Amir Vadai <amirva@...lanox.com> Subject: Re: [RFC net-next 0/2] net/sched: cls_flower, act_mirred: VXLAN redirect using TC On 16-08-14 10:53 AM, Cong Wang wrote: > On Sun, Aug 14, 2016 at 7:06 AM, Amir Vadai <amir@...ai.me> wrote: >> tc qdisc add dev $ETH ingress >> >> # ENCAP rule for ARP >> tc filter add dev $ETH protocol 0x806 parent ffff: prio 11 \ >> flower \ >> action mirred egress redirect dev $VXLAN enc_src_ip 11.11.0.1 enc_dst_ip 11.11.0.2 enc_key_id 11 enc_dst_port 4789 >> >> # ENCAP rule for ICMP >> tc filter add dev $ETH protocol ip parent ffff: prio 10 \ >> flower ip_proto 1 \ >> action mirred egress redirect dev $VXLAN enc_src_ip 11.11.0.1 enc_dst_ip 11.11.0.2 enc_key_id 11 enc_dst_port 4789 >> > > I don't like this. This makes mirred action unnecessarily > complex, it should really just mirror or redirect packets as > it is, why it should be aware of tunnel information? > > I think you probably need to introduce a new tc action > for these tunnel information and pipe it to mirred. > I agree how about a set_tunnel_key() action it could be very similar to the bpf helper routine. Then you can string it together with other actions easily. .John
Powered by blists - more mailing lists