| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Jan 2017 12:54:14 +0100
From: Jiri Benc <jbenc@...hat.com>
To: Amir Vadai <amir@...ai.me>
Cc: "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
Jiri Pirko <jiri@...lanox.com>,
Or Gerlitz <ogerlitz@...lanox.com>,
Hadar Har-Zion <hadarh@...lanox.com>
Subject: Re: [PATCH net-next V2 0/3] net/sched: act_pedit: Use offset
relative to conventional network headers
On Thu, 5 Jan 2017 11:54:51 +0200, Amir Vadai wrote:
> You asked me [1] why did I use specific header names instead of layers (L2, L3...),
> and I explained that it is on purpose, this extra information is planned to be used
> by hardware drivers to offload the action.
>
> Some FW/HW parser APIs are such that they need to get the specific header type (e.g
> IPV4 or IPV6, TCP or UDP) and not only the networking level (e.g network or transport).
Don't we need better API specification (and enforcement) then, though?
See below.
> Usage example:
> $ tc filter add dev enp0s9 protocol ip parent ffff: \
> flower \
> ip_proto tcp \
> dst_port 80 \
> action \
> pedit munge ip ttl add 0xff \
> pedit munge tcp dport set 8080 \
> pipe action mirred egress redirect dev veth0
What happens when one does:
tc filter add ... flower ip_proto udp action pedit munge tcp ...
?
Jiri
Powered by blists - more mailing lists