| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160926013504.GA1959@breakpoint.cc>
Date: Mon, 26 Sep 2016 03:35:04 +0200
From: Florian Westphal <fw@...len.de>
To: Jamal Hadi Salim <jhs@...atatu.com>
Cc: Florian Westphal <fw@...len.de>,
Shmulik Ladkani <shmulik.ladkani@...il.com>,
"David S. Miller" <davem@...emloft.net>,
WANG Cong <xiyou.wangcong@...il.com>,
Eric Dumazet <edumazet@...gle.com>, netdev@...r.kernel.org,
Daniel Borkmann <daniel@...earbox.net>
Subject: Re: [PATCH net-next 4/4] net/sched: act_mirred: Implement ingress
actions
Jamal Hadi Salim <jhs@...atatu.com> wrote:
> On 16-09-25 02:31 PM, Florian Westphal wrote:
> >Shmulik Ladkani <shmulik.ladkani@...il.com> wrote:
> >>We can later address any loop-detection improvements in mirred.
> >>WDYT?
> >
> >You can address this after fixing infamous spinlock recursion hard
> >lockup (which has existed forever):
> >
> >tc qdisc add dev eth0 root handle 1: prio
> >tc filter add dev eth0 parent 1: protocol ip u32 match u32 0 0 flowid
> >1:2 action mirred egress redirect dev eth0
> >
> >(only do this on toy vm)
> >
>
> Realize didnt respond to this. Seems very simple to fix:
> if skb->dev->ifindex and m->tcfm_dev->ifindex are the
> same, then you can drop the packet.
Yes, but I think we get same issue when we deal with stacked
interfaces, and redirect is to e.g. vlan on top of physical device.
And we have such loops even without tc, for instance when placing
both veth ends in same bridge :-(
Powered by blists - more mailing lists