lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <674e57f3766a49909bf304abab2956a4213780cd.camel@gmail.com>
Date:   Mon, 01 Nov 2021 10:41:02 -0700
From:   James Prestwood <prestwoj@...il.com>
To:     netdev@...r.kernel.org
Cc:     davem@...emloft.net, kuba@...nel.org, corbet@....net,
        yoshfuji@...ux-ipv6.org, dsahern@...nel.org, roopa@...dia.com,
        daniel@...earbox.net, vladimir.oltean@....com, idosch@...dia.com,
        nikolay@...dia.com, yajun.deng@...ux.dev, zhutong@...zon.com,
        johannes@...solutions.net, jouni@...eaurora.org
Subject: Re: [PATCH 0/3] Make neighbor eviction controllable by userspace

Sorry about this, 'V8' never made it into the patch subject.

On Mon, 2021-11-01 at 10:36 -0700, James Prestwood wrote:
> v1 -> v2:
> 
>  - It was suggested by Daniel Borkmann to extend the neighbor table
> settings
>    rather than adding IPv4/IPv6 options for ARP/NDISC separately. I
> agree
>    this way is much more concise since there is now only one place
> where the
>    option is checked and defined.
>  - Moved documentation/code into the same patch
>  - Explained in more detail the test scenario and results
> 
> v2 -> v3:
> 
>  - Renamed 'skip_perm' to 'nocarrier'. The way this parameter is used
>    matches this naming.
>  - Changed logic to still flush if 'nocarrier' is false.
> 
> v3 -> v4:
> 
>  - Moved NDTPA_EVICT_NOCARRIER after NDTPA_PAD
> 
> v4 -> v5:
> 
>  - Went back to the original v1 patchset and changed:
>  - Used ANDCONF for IN_DEV macro
>  - Got RCU lock prior to __in_dev_get_rcu(). Do note that the logic
>    here was extended to handle if __in_dev_get_rcu() fails. If this
>    happens the existing behavior should be maintained and set the
>    carrier down. I'm unsure if get_rcu() can fail in this context
>    though. Similar logic was used for in6_dev_get.
>  - Changed ndisc_evict_nocarrier to use a u8, proper handler, and
>    set min/max values.
> 
> v5 -> v6
> 
>  - Added selftests for both sysctl options
>  - (arp) Used __in_dev_get_rtnl rather than getting the rcu lock
>  - (ndisc) Added in6_dev_put
>  - (ndisc) Check 'all' option as well as device specific
> 
> v6 -> v7
> 
>  - Corrected logic checking all and netdev option
> 
> Resend v7:
> 
>  - Fixed (hopefully) the issue with CC's only getting the cover
> letter
> 
> v7 -> v8:
> 
>  - Added selftests for 'all' options
> 
> James Prestwood (3):
>   net: arp: introduce arp_evict_nocarrier sysctl parameter
>   net: ndisc: introduce ndisc_evict_nocarrier sysctl parameter
>   selftests: net: add arp_ndisc_evict_nocarrier
> 
>  Documentation/networking/ip-sysctl.rst        |  18 ++
>  include/linux/inetdevice.h                    |   2 +
>  include/linux/ipv6.h                          |   1 +
>  include/uapi/linux/ip.h                       |   1 +
>  include/uapi/linux/ipv6.h                     |   1 +
>  include/uapi/linux/sysctl.h                   |   1 +
>  net/ipv4/arp.c                                |  11 +-
>  net/ipv4/devinet.c                            |   4 +
>  net/ipv6/addrconf.c                           |  12 +
>  net/ipv6/ndisc.c                              |  12 +-
>  .../net/arp_ndisc_evict_nocarrier.sh          | 220
> ++++++++++++++++++
>  11 files changed, 281 insertions(+), 2 deletions(-)
>  create mode 100755
> tools/testing/selftests/net/arp_ndisc_evict_nocarrier.sh
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ