| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Aug 2020 11:16:06 -0700
From: Cong Wang <xiyou.wangcong@...il.com>
To: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
Cc: wenxu <wenxu@...oud.cn>,
Linux Kernel Network Developers <netdev@...r.kernel.org>,
Jamal Hadi Salim <jhs@...atatu.com>,
Paul Blakey <paulb@...lanox.com>, Oz Shlomo <ozsh@...lanox.com>
Subject: Re: [PATCH net-next] net/sched: add act_ct_output support
On Tue, Aug 25, 2020 at 8:33 AM Marcelo Ricardo Leitner
<marcelo.leitner@...il.com> wrote:
> I still don't understand Cong's argument for not having this on
> act_mirred because TC is L2. That's actually not right. TC hooks at L2
You miss a very important point that it is already too late to rename
act_mirred to reflect whatever new feature adding to it.
> but deals with L3 and L4 (after all, it does static NAT, mungles L4
> headers and classifies based on virtually anything) since beginning,
> and this is just another case.
So eventually you want TC to deal with all L3 stuff?? I think you are
exaggerating it, modifying L3/L4 headers does not mean it handles L3
protocol. But, doing IP layer fragmentation is clearly doing something
belongs to IP protocol. Look at the code, you never need to call into
IP layer code (except some trivial helpers) until you do CT or
fragmentation. This is why I do not like act_ct either, it fits oddly into
TC.
Why not just do segmentation instead of fragmentation? GSO is
already performed at L2 by software.
Thanks.
Powered by blists - more mailing lists