lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <dc732572-6f69-6cbe-5df1-ca4d6e6ed131@solarflare.com>
Date:   Tue, 19 May 2020 19:26:42 +0100
From:   Edward Cree <ecree@...arflare.com>
To:     Pablo Neira Ayuso <pablo@...filter.org>
CC:     <davem@...emloft.net>, <netdev@...r.kernel.org>,
        <netfilter-devel@...r.kernel.org>, <jiri@...nulli.us>,
        <kuba@...nel.org>
Subject: Re: [PATCH net-next v2] net: flow_offload: simplify hw stats check
 handling

On 19/05/2020 18:35, Pablo Neira Ayuso wrote:
> Did you test your patch with netfilter? I don't think.
As I mentioned in v1 (and should have repeated on v2, sorry) this is
 compile tested only, as I don't have the hardware to test it.  (I have
 done some testing with the not-yet-upstream sfc_ef100 driver, though.)
But as I'm not a netfilter user, I don't have a handy set of netfilter
 rules to test this with anyway; and my previous attempts to find useful
 documentation on netfilter.org were not fruitful (although I've just
 now found wiki.nftables.org).  I was hoping someone with the domain
 knowledge (and the hardware) could test this.
(Also, for complicated reasons, getting nft built for my ef100 test
 system would be decidedly nontrivial; and any test I do without offload
 hardware at the bottom would necessarily be so synthetic I'm not sure
 I'd trust it to prove anything.)

> Netfilter is a client of this flow offload API, you have to test that
> your core updates do not break any of existing clients.
Okay, but can we distinguish between "this needs to be tested with
 netfilter before it can be merged" and "this is breaking netfilter"?
Or do you have a specific reason why you think this is broken, beyond
 merely 'it isn't tested'?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ