lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 21 Sep 2020 13:37:04 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     Jiri Pirko <jiri@...nulli.us>
Cc:     Thomas Falcon <tlfalcon@...ux.ibm.com>, netdev@...r.kernel.org,
        jiri@...dia.com
Subject: Re: Exposing device ACL setting through devlink

On Sun, 20 Sep 2020 17:21:36 +0200 Jiri Pirko wrote:
> >Yes, this the filtering is done on a virtual switch in Power firmware. I am
> >really just trying to report the ACL list's configured at the firmware level
> >to users on the guest OS.  
> 
> We have means to model switches properly in linux and offload to them.
> I advise you to do that.

I think it may have gotten lost in the conversation, but Tom is after
exposing the information to the client side of the switch. AFAIU we
don't have anything like that right now, perhaps the way to go is to
expose enum devlink_port_function_attr on the client side?

Still - it feels hacky when I think about it. 

IMHO kernel device APIs are not the place to expose network config.
It's not like MVRP results pop up as a netdev attribute. 

Tomorrow Amazon, Google, and all other cloud providers will want to
expose some other info, and we'll have to worry about how to make it
common, drawing the lines, reviewing etc.

Tom, is there no way higher layer (cloud) APIs can be used to
communicate this information to the guest?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ