lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190611155350.GC3436@localhost.localdomain>
Date:   Tue, 11 Jun 2019 12:53:50 -0300
From:   Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
To:     Toke Høiland-Jørgensen <toke@...hat.com>
Cc:     Paul Blakey <paulb@...lanox.com>, Jiri Pirko <jiri@...lanox.com>,
        Roi Dayan <roid@...lanox.com>,
        Yossi Kuperman <yossiku@...lanox.com>,
        Oz Shlomo <ozsh@...lanox.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        David Miller <davem@...emloft.net>,
        Aaron Conole <aconole@...hat.com>,
        Zhike Wang <wangzhike@...com>,
        Rony Efraim <ronye@...lanox.com>,
        "nst-kernel@...hat.com" <nst-kernel@...hat.com>,
        John Hurley <john.hurley@...ronome.com>,
        Simon Horman <simon.horman@...ronome.com>,
        Justin Pettit <jpettit@....org>,
        Kevin Darbyshire-Bryant <kevin@...byshire-bryant.me.uk>
Subject: Re: [PATCH net-next 1/3] net/sched: Introduce action ct

On Tue, Jun 11, 2019 at 05:34:50PM +0200, Toke Høiland-Jørgensen wrote:
> Paul Blakey <paulb@...lanox.com> writes:
> 
> > On 6/11/2019 4:59 PM, Toke Høiland-Jørgensen wrote:
> >> Paul Blakey <paulb@...lanox.com> writes:
> >>
> >>> Allow sending a packet to conntrack and set conntrack zone, mark,
> >>> labels and nat parameters.
> >> How is this different from the newly merged ctinfo action?
> >>
> >> -Toke
> >
> > Hi,
> >
> > ctinfo does one of two very specific things,
> >
> > 1) copies DSCP values that have been placed in the firewall conntrack 
> > mark back into the IPv4/v6 diffserv field
> >
> > 2) copies the firewall conntrack mark to the skb's mark field (like 
> > act_connmark)
> >
> > Originally ctinfo action was named conndscp (then conntrack, which is 
> > what our ct shorthand stands for).
> >
> > We also talked about merging both at some point, but they seem only 
> > coincidentally related.
> 
> Well, I'm predicting it will create some confusion to have them so
> closely named... Not sure what the best way to fix that is, though...?

I had suggested to let act_ct handle the above as well, as there is a
big chunk of code on both that is pretty similar. There is quite some
boilerplate for interfacing with conntrack which is duplicated.
But it was considered that the end actions are unrelated, and ctinfo
went ahead. (I'm still not convinced of that, btw)

Other than this, which is not an option anymore, I don't see a way to
avoid confusion here. Seems anything we pick now will be confusing
because ctinfo is a generic name, and we also need one here.

  Marcelo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ