lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YgTn2T9y3qW8Cgvw@shredder>
Date:   Thu, 10 Feb 2022 12:24:25 +0200
From:   Ido Schimmel <idosch@...sch.org>
To:     Hans Schultz <schultz.hans@...il.com>
Cc:     davem@...emloft.net, kuba@...nel.org, netdev@...r.kernel.org
Subject: Re: [PATCH net-next v2 0/5] Add support for locked bridge ports (for
 802.1X)

On Thu, Feb 10, 2022 at 10:07:09AM +0100, Hans Schultz wrote:
> On ons, feb 09, 2022 at 18:31, Ido Schimmel <idosch@...sch.org> wrote:
> > On Wed, Feb 09, 2022 at 02:05:32PM +0100, Hans Schultz wrote:
> >> This series starts by adding support for SA filtering to the bridge,
> >> which is then allowed to be offloaded to switchdev devices. Furthermore
> >> an offloading implementation is supplied for the mv88e6xxx driver.
> >
> > [...]
> >
> >> Hans Schultz (5):
> >>   net: bridge: Add support for bridge port in locked mode
> >>   net: bridge: Add support for offloading of locked port flag
> >>   net: dsa: Add support for offloaded locked port flag
> >>   net: dsa: mv88e6xxx: Add support for bridge port locked mode
> >>   net: bridge: Refactor bridge port in locked mode to use jump labels
> >
> > I think it is a bit weird to add a static key for this option when other
> > options (e.g., learning) don't use one. If you have data that proves
> > it's critical, then at least add it in patch #1 where the new option is
> > introduced.
> 
> Do you suggest that I drop patch #5 as I don't have data that it is
> critical?

Yes. That way all the bridge options are consistent. In the future, if
someone reports a performance degradation (unlikely), all the options
can be converted to use a static key.

> 
> >
> > Please add a selftest under tools/testing/selftests/net/forwarding/. It
> > should allow you to test both the SW data path with veth pairs and the
> > offloaded data path with loopbacks. See tools/testing/selftests/net/forwarding/README
> 
> I will do that.

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ