lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 28 Nov 2016 11:26:13 -0800
From:   Mahesh Bandewar (महेश बंडेवार) 
        <maheshb@...gle.com>
To:     fgao@...ai8.com
Cc:     David Miller <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        linux-netdev <netdev@...r.kernel.org>, gfree.wind@...il.com
Subject: Re: [PATCH net-next v2 1/1] driver: ipvlan: Use NF_IP_PRI_LAST as
 hook priority instead of INT_MAX

On Sun, Nov 27, 2016 at 3:18 AM,  <fgao@...ai8.com> wrote:
> From: Gao Feng <fgao@...ai8.com>
>
> It is better to use NF_IP_PRI_LAST instead of INT_MAX as hook priority.
> The former is good at readability and easier to maintain.
>
This IPvlan hook has to be "absolute" last hook and at this moment
NF_IP_PRI_LAST is set as INT_MAX so it's not altering anything.

If for whatever reasons the value of NF_IP_PRI_LAST changes, there
could be random IPvlan failure. Since that possibility cannot be
denied and there are several places INT_MAX is still used as hook
priority, I don't see any gain in having this patch in fact there
could be future (possible) downside.

> Signed-off-by: Gao Feng <fgao@...ai8.com>
> ---
>  v2: Add the lost header file. It is added in local but not in v1 patch
>  v1: Inital patch
>
>  drivers/net/ipvlan/ipvlan_main.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/ipvlan/ipvlan_main.c b/drivers/net/ipvlan/ipvlan_main.c
> index ab90b22..01c7446 100644
> --- a/drivers/net/ipvlan/ipvlan_main.c
> +++ b/drivers/net/ipvlan/ipvlan_main.c
> @@ -7,6 +7,7 @@
>   *
>   */
>
> +#include "linux/netfilter_ipv4.h"
>  #include "ipvlan.h"
>
>  static u32 ipvl_nf_hook_refcnt = 0;
> @@ -16,13 +17,13 @@
>                 .hook     = ipvlan_nf_input,
>                 .pf       = NFPROTO_IPV4,
>                 .hooknum  = NF_INET_LOCAL_IN,
> -               .priority = INT_MAX,
> +               .priority = NF_IP_PRI_LAST,
>         },
>         {
>                 .hook     = ipvlan_nf_input,
>                 .pf       = NFPROTO_IPV6,
>                 .hooknum  = NF_INET_LOCAL_IN,
> -               .priority = INT_MAX,
> +               .priority = NF_IP_PRI_LAST,
>         },
>  };
>
> --
> 1.9.1
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ