| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Jan 2019 15:19:03 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: petrm@...lanox.com
Cc: netdev@...r.kernel.org, ivecera@...hat.com, jiri@...lanox.com,
idosch@...lanox.com
Subject: Re: [PATCH net-next 00/13] vxlan: Allow vetoing FDB operations
From: Petr Machata <petrm@...lanox.com>
Date: Wed, 16 Jan 2019 23:06:28 +0000
> mlxsw does not implement handling of the more advanced types of VXLAN
> FDB entries. In order to provide visibility to users, it is important to
> be able to reject such FDB entries, ideally with an explanation passed
> in extended ack. This patch set implements this.
>
> In patches #1-#4, vxlan is gradually transformed to support vetoing of
> FDB entries added (or modified) through vxlan_fdb_update(), and the
> default FDB entry added in __vxlan_dev_create().
>
> Patches #5-#7 deal with vxlan_changelink(). The existing code recognizes
> that vxlan_fdb_update() may fail, but doesn't attempt to keep things
> intact if it does. These patches change the function in several steps to
> gracefully handle vetoes (or other failures).
>
> Then in patches #8-#11, extack arguments are added, respectively, to
> ndo_fdb_add(), mlxsw's mlxsw_sp_nve_ops.fdb_replay, the functions that
> connect to the VXLAN vetoing code, and call_switchdev_notifiers(). Note
> that call_switchdev_blocking_notifiers() already does support extack.
>
> Finally in patch #12, mlxsw is extended to add extack messages to
> rejected FDB entries. In patch #13, the functionality is tested.
Series applied, thanks Petr.
Powered by blists - more mailing lists