lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Jun 2019 16:24:03 -0300 From: Marcelo Ricardo Leitner <marcelo.leitner@...il.com> To: Cong Wang <xiyou.wangcong@...il.com> Cc: Toke Høiland-Jørgensen <toke@...hat.com>, Paul Blakey <paulb@...lanox.com>, Jiri Pirko <jiri@...lanox.com>, Roi Dayan <roid@...lanox.com>, Yossi Kuperman <yossiku@...lanox.com>, Oz Shlomo <ozsh@...lanox.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, David Miller <davem@...emloft.net>, Aaron Conole <aconole@...hat.com>, Zhike Wang <wangzhike@...com>, Rony Efraim <ronye@...lanox.com>, "nst-kernel@...hat.com" <nst-kernel@...hat.com>, John Hurley <john.hurley@...ronome.com>, Simon Horman <simon.horman@...ronome.com>, Justin Pettit <jpettit@....org>, Kevin Darbyshire-Bryant <kevin@...byshire-bryant.me.uk> Subject: Re: [PATCH net-next 1/3] net/sched: Introduce action ct On Fri, Jun 14, 2019 at 11:07:37AM -0700, Cong Wang wrote: > On Tue, Jun 11, 2019 at 9:44 AM Marcelo Ricardo Leitner > <marcelo.leitner@...il.com> wrote: > > I had suggested to let act_ct handle the above as well, as there is a > > big chunk of code on both that is pretty similar. There is quite some > > boilerplate for interfacing with conntrack which is duplicated. > > Why do you want to mix retrieving conntrack info with executing > conntrack? To save on the heavy boilerplate for interfacing with conntrack. > > They are totally different things to me, act_ctinfo merely retrieves > information from conntrack, while this one, act_ct, is supposed to > move packets to conntrack. Seems we have a different understanding for "move packets to conntrack": conntrack will not consume the packets after this. But after act_ct is executed, if not with the clear flag, skb will now have the skb->_nfct entry available, on which flower then will be able to match. So in essence, it is also fetching information from conntrack. I see act_ctinfo is a subset of what act_ct is doing. Marcelo
Powered by blists - more mailing lists