lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 28 Oct 2017 17:03:25 +0300
From:   Ido Schimmel <idosch@...sch.org>
To:     David Ahern <dsahern@...il.com>
Cc:     netdev@...r.kernel.org, jiri@...lanox.com, idosch@...lanox.com,
        johannes.berg@...el.com, petrm@...lanox.com
Subject: Re: [PATCH v2 net-next 3/3] mlxsw: spectrum_router: Return extack
 message on abort due to fib rules

On Fri, Oct 27, 2017 at 05:37:14PM -0700, David Ahern wrote:
> Adding a FIB rule on a spectrum platform silently aborts FIB offload:
>     $ ip ru add pref 99 from all to 192.168.1.1 table 10
>     $ dmesg -c
>     [  623.144736] mlxsw_spectrum 0000:03:00.0: FIB abort triggered. Note that FIB entries are no longer being offloaded to this device.
> 
> This patch reworks FIB rule handling to return a message to the user:
>     $ ip ru add pref 99 from all to 8.8.8.8 table 11
>     Error: spectrum: FIB rules not supported. Aborting offload.
> 
> spectrum currently only checks whether the fib rule is a default rule or
> an l3mdev rule, both of which it knows how to handle. Any other it aborts
> FIB offload. Move the processing to check the rule type inline with the
> user request. If the rule is an unsupported one, then a work queue entry
> is used to abort the offload. Change the rule delete handling to just
> return since it does nothing at the moment.
> 
> Signed-off-by: David Ahern <dsahern@...il.com>

Reviewed-by: Ido Schimmel <idosch@...lanox.com>

I'll follow-up with a patch to notify about IPv6 source-specific routes
that also trigger abort.

Another possible use case for this, is something Petr is working on. We
currently assume IP-in-IP tunnel parameters don't change after creation,
but Petr has a patchset that adds support for NETDEV_CHANGE events in
mlxsw.

It's possible that after parameters are changed, we can no longer
offload the tunnel (for example, because user enabled sequence
counters). With this infrastructure, we can let the user know about it.

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ