lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Jan 2017 12:54:14 +0100 From: Jiri Benc <jbenc@...hat.com> To: Amir Vadai <amir@...ai.me> Cc: "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org, Jiri Pirko <jiri@...lanox.com>, Or Gerlitz <ogerlitz@...lanox.com>, Hadar Har-Zion <hadarh@...lanox.com> Subject: Re: [PATCH net-next V2 0/3] net/sched: act_pedit: Use offset relative to conventional network headers On Thu, 5 Jan 2017 11:54:51 +0200, Amir Vadai wrote: > You asked me [1] why did I use specific header names instead of layers (L2, L3...), > and I explained that it is on purpose, this extra information is planned to be used > by hardware drivers to offload the action. > > Some FW/HW parser APIs are such that they need to get the specific header type (e.g > IPV4 or IPV6, TCP or UDP) and not only the networking level (e.g network or transport). Don't we need better API specification (and enforcement) then, though? See below. > Usage example: > $ tc filter add dev enp0s9 protocol ip parent ffff: \ > flower \ > ip_proto tcp \ > dst_port 80 \ > action \ > pedit munge ip ttl add 0xff \ > pedit munge tcp dport set 8080 \ > pipe action mirred egress redirect dev veth0 What happens when one does: tc filter add ... flower ip_proto udp action pedit munge tcp ... ? Jiri
Powered by blists - more mailing lists