lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87im9mygj8.fsf@toke.dk>
Date:   Mon, 30 Nov 2020 17:07:39 +0100
From:   Toke Høiland-Jørgensen <toke@...hat.com>
To:     Jesper Dangaard Brouer <brouer@...hat.com>,
        Hangbin Liu <liuhangbin@...il.com>
Cc:     Yonghong Song <yhs@...com>, bpf@...r.kernel.org,
        netdev@...r.kernel.org, Daniel Borkmann <daniel@...earbox.net>,
        John Fastabend <john.fastabend@...il.com>,
        Tariq Toukan <tariqt@...lanox.com>,
        Maciej Fijalkowski <maciej.fijalkowski@...el.com>,
        brouer@...hat.com
Subject: Re: [PATCHv2 bpf-next] samples/bpf: add xdp program on egress for
 xdp_redirect_map

Jesper Dangaard Brouer <brouer@...hat.com> writes:

> On Mon, 30 Nov 2020 21:10:20 +0800
> Hangbin Liu <liuhangbin@...il.com> wrote:
>
>> On Mon, Nov 30, 2020 at 10:32:08AM +0100, Jesper Dangaard Brouer wrote:
>> > > I plan to write a example about vlan header modification based on egress
>> > > index. I will post the patch later.  
>> > 
>> > I did notice the internal thread you had with Toke.  I still think it
>> > will be more simple to modify the Ethernet mac addresses.  Adding a
>> > VLAN id tag is more work, and will confuse benchmarks.  You are  
>> 
>> I plan to only modify the vlan id if there has. 
>
> This sentence is not complete, but because of the internal thread I
> know/assume that you mean, that you will only modify the vlan id if
> there is already another VLAN tag in the packet. Let me express that
> this is not good enough. This is not a feasible choice.
>
>> If you prefer to modify the mac address, which way you'd like? Set
>> src mac to egress interface's MAC?
>
> Yes, that will be a good choice, to use the src mac from the egress
> interface.  This would simulate part of what is needed for L3/routing.
>
> Can I request that the dst mac is will be the incoming src mac?
> Or if you are user-friendly add option that allows to set dst mac.

One issue with this is that I think it would be neat if we could output
the egress ifindex as part of the packet data, to verify that different
packets can get different content (in the multicast case). If we just
modify the MAC address this is difficult. I guess we could just decide
to step on one byte in the src MAC or something, but VLAN tags seemed
like an obvious alternative :)

-Toke

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ