| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180423200844.bq3ksj262brrifnj@breakpoint.cc>
Date: Mon, 23 Apr 2018 22:08:44 +0200
From: Florian Westphal <fw@...len.de>
To: Ahmed Abdelsalam <amsalam20@...il.com>
Cc: Pablo Neira Ayuso <pablo@...filter.org>, fw@...len.de,
davem@...emloft.net, dav.lebrun@...il.com,
linux-kernel@...r.kernel.org, netfilter-devel@...r.kernel.org,
coreteam@...filter.org, netdev@...r.kernel.org
Subject: Re: [nf-next] netfilter: extend SRH match to support matching
previous, next and last SID
Ahmed Abdelsalam <amsalam20@...il.com> wrote:
> > > @@ -50,6 +62,12 @@ struct ip6t_srh {
> > > __u8 segs_left;
> > > __u8 last_entry;
> > > __u16 tag;
> > > + struct in6_addr psid_addr;
> > > + struct in6_addr nsid_addr;
> > > + struct in6_addr lsid_addr;
> > > + struct in6_addr psid_msk;
> > > + struct in6_addr nsid_msk;
> > > + struct in6_addr lsid_msk;
> >
> > This is changing something exposed through UAPI, so you will need a
> > new revision for this.
>
> Could you please advice what should be done in this case?
You need to add
struct ip6t_srh_v1 {
/* copy of struct ip6t_srh here */
/* new fields go here */
};
Look at xt_conntrack.c, conntrack_mt_reg[] for an example of
multi-revision match.
You can probably re-origanise code to avoid too much duplication.
See 5a786232eb69a1f870ddc0cfd69d5bdef241a2ea in nf.git for an example,
it makes v0 into a v1 struct at runtime and re-uses new v1 code
for old v0.
Powered by blists - more mailing lists