lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 19 Nov 2018 23:19:25 +0200
From:   Or Gerlitz <gerlitz.or@...il.com>
To:     David Miller <davem@...emloft.net>
Cc:     Pablo Neira Ayuso <pablo@...filter.org>,
        Linux Netdev List <netdev@...r.kernel.org>,
        thomas.lendacky@....com, Florian Fainelli <f.fainelli@...il.com>,
        Ariel Elior <ariel.elior@...ium.com>,
        Michael Chan <michael.chan@...adcom.com>, santosh@...lsio.com,
        madalin.bucur@....com,
        "Zhuangyuzeng (Yisen)" <yisen.zhuang@...wei.com>,
        Salil Mehta <salil.mehta@...wei.com>,
        Jeff Kirsher <jeffrey.t.kirsher@...el.com>,
        Tariq Toukan <tariqt@...lanox.com>,
        Saeed Mahameed <saeedm@...lanox.com>,
        Jiri Pirko <jiri@...lanox.com>,
        Ido Schimmel <idosch@...lanox.com>,
        Jakub Kicinski <jakub.kicinski@...ronome.com>,
        peppe.cavallaro@...com, grygorii.strashko@...com,
        Andrew Lunn <andrew@...n.ch>,
        Vivien Didelot <vivien.didelot@...oirfairelinux.com>,
        alexandre.torgue@...com, joabreu@...opsys.com,
        linux-net-drivers@...arflare.com,
        Ganesh Goudar <ganeshgr@...lsio.com>,
        Or Gerlitz <ogerlitz@...lanox.com>
Subject: Re: [PATCH 00/12 net-next,v2] add flow_rule infrastructure

On Mon, Nov 19, 2018 at 10:14 PM David Miller <davem@...emloft.net> wrote:
> From: Pablo Neira Ayuso <pablo@...filter.org>
> Date: Mon, 19 Nov 2018 01:15:07 +0100
>
> > This patchset introduces a kernel intermediate representation (IR) to
> > express ACL hardware offloads, as already described in previous RFC and
> > v1 patchset [1] [2]. The idea is to normalize the frontend U/APIs to use
> > the flow dissectors and the flow actions so drivers can reuse the
> > existing TC offload driver codebase - that has been converted to use the
> > flow_rule infrastructure.
>
> I'm go to bring up the elephant in the room.

> I think the real motivation here is to offload netfilter rules to HW,
> and you should be completely honest about that.

Thanks Dave for clarifying.

So.. (A) why the TC path isn't enough for CT offloading? if we could have
just do it, that would have sound really cool. (B) why do we have to deal
with EIRs (Elephants In Rooms)? (C) who can address A && B?

Or.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ