| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6417F7F3-51F5-4384-B01F-00976D135BE2@darbyshire-bryant.me.uk>
Date: Thu, 13 Jun 2019 11:00:37 +0000
From: Kevin Darbyshire-Bryant <kevin@...byshire-bryant.me.uk>
To: Paul Blakey <paulb@...lanox.com>
CC: Toke Høiland-Jørgensen <toke@...hat.com>,
Jiri Pirko <jiri@...lanox.com>, Roi Dayan <roid@...lanox.com>,
Yossi Kuperman <yossiku@...lanox.com>,
Oz Shlomo <ozsh@...lanox.com>,
Marcelo Ricardo Leitner <marcelo.leitner@...il.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
David Miller <davem@...emloft.net>,
Aaron Conole <aconole@...hat.com>,
Zhike Wang <wangzhike@...com>,
Rony Efraim <ronye@...lanox.com>,
"nst-kernel@...hat.com" <nst-kernel@...hat.com>,
John Hurley <john.hurley@...ronome.com>,
Simon Horman <simon.horman@...ronome.com>,
Justin Pettit <jpettit@....org>
Subject: Re: [PATCH net-next 1/3] net/sched: Introduce action ct
> On 11 Jun 2019, at 16:15, Paul Blakey <paulb@...lanox.com> wrote:
>
>
> On 6/11/2019 4:59 PM, Toke Høiland-Jørgensen wrote:
>> Paul Blakey <paulb@...lanox.com> writes:
>>
>>> Allow sending a packet to conntrack and set conntrack zone, mark,
>>> labels and nat parameters.
>> How is this different from the newly merged ctinfo action?
>>
>> -Toke
>
> Hi,
>
> ctinfo does one of two very specific things,
>
> 1) copies DSCP values that have been placed in the firewall conntrack
> mark back into the IPv4/v6 diffserv field
>
> 2) copies the firewall conntrack mark to the skb's mark field (like
> act_connmark)
It can do both at the same time if required, taking advantage of the single
conntrack entry lookup for both packet/skb mangling operations, but this isn’t
relevant to the discussion really.
>
> Originally ctinfo action was named conndscp (then conntrack, which is
> what our ct shorthand stands for).
>
> We also talked about merging both at some point, but they seem only
> coincidentally related.
>
> don't know how it was then be agreed to be named ctinfo suggesting it
> does something else but the above.
I’m a newbie around here so trying to fit in. conndscp did one thing, then it
suggested that as it was doing a similar lookup to act_connmark that the connmark
functionality could also be integrated. There was a brief flirtation with a
new ‘act ct’ it sort of ‘fell out’ that they were only semi-related in function
by name only.
conndscp was clearly the wrong name for what act_ctinfo had become, amalgamating
two functions, so I thought it’s a “conntrack information lookup/user/extractor/mangler’
and thought ‘ctinfo’ was as good as anything - and nobody screamed and AFAIK no
kittens died :-)
But as a newbie around here I’m happy to fit in with whatever consensus is reached
as long as it is reached.
>
> This action sends packets to conntrack, configures nat, and doesn't get
> "info" from conntrack, while the ctinfo already expects packets to be
> passed conntrack
>
> by some other kernel mechanism.
>
Yeah, one is pulling, the other is pushing :-)
Kevin
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists