lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 18 Jun 2019 18:40:07 +0200
From:   Pablo Neira Ayuso <pablo@...filter.org>
To:     wenxu@...oud.cn
Cc:     fw@...len.de, netfilter-devel@...r.kernel.org,
        netdev@...r.kernel.org
Subject: Re: [PATCH net-next] netfilter: bridge: add nft_bridge_pvid to tag
 the default pvid for non-tagged packet

On Sat, Jun 15, 2019 at 08:14:21PM +0800, wenxu@...oud.cn wrote:
[...]
> +static void nft_bridge_pvid_eval(const struct nft_expr *expr,
> +				 struct nft_regs *regs,
> +				 const struct nft_pktinfo *pkt)
> +{
> +	struct sk_buff *skb = pkt->skb;
> +	struct net_bridge_port *p;
> +
> +	p = br_port_get_rtnl_rcu(skb->dev);
> +
> +	if (p && br_opt_get(p->br, BROPT_VLAN_ENABLED) &&
> +	    !skb_vlan_tag_present(skb)) {
> +		u16 pvid = br_get_pvid(nbp_vlan_group_rcu(p));
> +
> +		if (pvid)
> +			__vlan_hwaccel_put_tag(skb, p->br->vlan_proto, pvid);

I see two things here:

#1 Extend new NFT_META_BRIDGE_PVID nft_meta to fetch of 'pvid',
   probably add net/bridge/netfilter/nft_meta_bridge.c for this.

#2 Extend nft_meta to allow to set the vlan tag via
   __vlan_hwaccel_put_tag().

If these two changes are in place, then it should be possible to set
skbuff vlan id based on the pvid, if this is what you need.

This would allow for:

        vlan id set bridge pvid

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ