| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <88cace34-c54e-dd2b-7045-197136a9a246@ucloud.cn>
Date: Wed, 19 Jun 2019 11:47:22 +0800
From: wenxu <wenxu@...oud.cn>
To: Pablo Neira Ayuso <pablo@...filter.org>
Cc: fw@...len.de, netfilter-devel@...r.kernel.org,
netdev@...r.kernel.org
Subject: Re: [PATCH net-next] netfilter: bridge: add nft_bridge_pvid to tag
the default pvid for non-tagged packet
On 6/19/2019 12:40 AM, Pablo Neira Ayuso wrote:
> On Sat, Jun 15, 2019 at 08:14:21PM +0800, wenxu@...oud.cn wrote:
> [...]
>> +static void nft_bridge_pvid_eval(const struct nft_expr *expr,
>> + struct nft_regs *regs,
>> + const struct nft_pktinfo *pkt)
>> +{
>> + struct sk_buff *skb = pkt->skb;
>> + struct net_bridge_port *p;
>> +
>> + p = br_port_get_rtnl_rcu(skb->dev);
>> +
>> + if (p && br_opt_get(p->br, BROPT_VLAN_ENABLED) &&
>> + !skb_vlan_tag_present(skb)) {
>> + u16 pvid = br_get_pvid(nbp_vlan_group_rcu(p));
>> +
>> + if (pvid)
>> + __vlan_hwaccel_put_tag(skb, p->br->vlan_proto, pvid);
> I see two things here:
>
> #1 Extend new NFT_META_BRIDGE_PVID nft_meta to fetch of 'pvid',
> probably add net/bridge/netfilter/nft_meta_bridge.c for this.
I can get this, it provide a bridge pvid (get meta). But why put it in
nft_meta_bridge.c but not nft_meta.c?
>
> #2 Extend nft_meta to allow to set the vlan tag via
> __vlan_hwaccel_put_tag().
why there is also extend nft_meta? So it's a set meta. Is "vlan id set"
not base on nft_payload ?
>
> If these two changes are in place, then it should be possible to set
> skbuff vlan id based on the pvid, if this is what you need.
>
> This would allow for:
>
> vlan id set bridge pvid
>
Powered by blists - more mailing lists