| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 23 Aug 2020 21:49:46 +0200
From: Felix Fietkau <nbd@....name>
To: Linus Lüssing <linus.luessing@...3.blue>,
Stephen Hemminger <stephen@...workplumber.org>
Cc: Nikolay Aleksandrov <nikolay@...ulusnetworks.com>,
netdev@...r.kernel.org, Roopa Prabhu <roopa@...ulusnetworks.com>,
bridge@...ts.linux-foundation.org, gluon@...beck.freifunk.net,
openwrt-devel@...ts.openwrt.org,
"David S . Miller" <davem@...emloft.net>
Subject: Re: [Bridge] [RFC PATCH net-next] bridge: Implement MLD Querier
wake-up calls / Android bug workaround
On 2020-08-23 17:42, Linus Lüssing wrote:
> On Sun, Aug 16, 2020 at 03:08:13PM -0700, Stephen Hemminger wrote:
>> Rather than adding yet another feature to the bridge, could this hack be done by
>> having a BPF hook? or netfilter module?
>
> Hi Stephen,
>
> Thanks for the constructive feedback and suggestions!
>
> The netfilter approach sounds tempting. However as far as I know
> OpenWrt's firewall has no easy layer 2 netfilter integration yet.
> So it has default layer 3 netfilter rules, but not for layer 2.
>
> Ideally I'd want to work towards a solution where things "just
> work as expected" when a user enables "IGMP Snooping" in the UI.
> I could hack the netfilter rules into netifd, the OpenWrt network
> manager, when it configures the bridge. But not sure if the
> OpenWrt maintainers would like that...
>
> Any preferences from the OpenWrt maintainers side?
Enabling bridge netfilter comes with a very significant performance
cost, so it's not something that should be done in a default configuration.
- Felix
Powered by blists - more mailing lists