| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Sep 2020 12:01:15 -0500 From: Thomas Falcon <tlfalcon@...ux.ibm.com> To: Jakub Kicinski <kuba@...nel.org>, Jiri Pirko <jiri@...nulli.us> Cc: netdev@...r.kernel.org, jiri@...dia.com Subject: Re: Exposing device ACL setting through devlink On 9/21/20 3:37 PM, Jakub Kicinski wrote: > On Sun, 20 Sep 2020 17:21:36 +0200 Jiri Pirko wrote: >>> Yes, this the filtering is done on a virtual switch in Power firmware. I am >>> really just trying to report the ACL list's configured at the firmware level >>> to users on the guest OS. >> We have means to model switches properly in linux and offload to them. >> I advise you to do that. > I think it may have gotten lost in the conversation, but Tom is after > exposing the information to the client side of the switch. AFAIU we > don't have anything like that right now, perhaps the way to go is to > expose enum devlink_port_function_attr on the client side? > > Still - it feels hacky when I think about it. > > IMHO kernel device APIs are not the place to expose network config. > It's not like MVRP results pop up as a netdev attribute. > > Tomorrow Amazon, Google, and all other cloud providers will want to > expose some other info, and we'll have to worry about how to make it > common, drawing the lines, reviewing etc. > > Tom, is there no way higher layer (cloud) APIs can be used to > communicate this information to the guest? None that I know of, Jakub. As far as I know, this information can only be retrieved through the device driver if the user only has access to the guest. Tom
Powered by blists - more mailing lists