lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALx6S35SpmROZkco+1FF3UgW-U3t3RrM84XU2CyZg5Sv2aWO6A@mail.gmail.com>
Date:   Sat, 14 Dec 2019 10:44:43 -0800
From:   Tom Herbert <tom@...bertland.com>
To:     Simon Horman <simon.horman@...ronome.com>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Linux Kernel Network Developers <netdev@...r.kernel.org>,
        Tom Herbert <tom@...ntonium.net>
Subject: Re: [PATCH v5 net-next 1/7] ipeh: Create exthdrs_options.c and ipeh.h

On Sun, Oct 6, 2019 at 6:02 AM Simon Horman <simon.horman@...ronome.com> wrote:
>
> On Thu, Oct 03, 2019 at 02:57:58PM -0700, Tom Herbert wrote:
> > From: Tom Herbert <tom@...ntonium.net>
> >
> > Create exthdrs_options.c to hold code related to specific Hop-by-Hop
> > and Destination extension header options. Move related functions in
> > exthdrs.c to the new file.
> >
> > Create include net/ipeh.h to contain common definitions for IP extension
> > headers.
> >
> > Signed-off-by: Tom Herbert <tom@...bertland.com>
>
> Hi Tom,
>
> I'm not entirely clear on the direction this patchset it going in -
> I assume its part of a larger journey - but in isolation this
> patch seems fine to me.

Hi Simon,

Sorry for the delayed response.

The overall direction here is to make extension headers as well as
TLVs more usable and better performance. This patch isolates extension
headers and TLV processing as a common facility which will allow
multiple uses (SR TLVs can use this, IPv4 DestOpt and HBH options, and
potentially other use cases of TLVs). Also, this set allows
non-privileged applications to set DO and HBH options with correct
permissions per option type and also validates options are properly
formed per some rules (for instance the length of an option being set
by an application can be validated that it falls in a required range).

Future patch sets will allow setting specific HBH and DO options on a
socket (as opposed to all or nothing currently done). Experimental
options will be allowed following the same format used for TCP
experimental options. I'd also like to add ability to parse options in
flow dissector and probably a BPF helper for XDP.

>
> Reviewed-by: Simon Horman <simon.horman@...ronome.com>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ