lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 28 Mar 2022 18:42:36 +0200
From:   Toke Høiland-Jørgensen <toke@...hat.com>
To:     Christophe Leroy <christophe.leroy@...roup.eu>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Jamal Hadi Salim <jhs@...atatu.com>,
        Cong Wang <xiyou.wangcong@...il.com>,
        Jiri Pirko <jiri@...nulli.us>, Paolo Abeni <pabeni@...hat.com>
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "cake@...ts.bufferbloat.net" <cake@...ts.bufferbloat.net>
Subject: Re: [PATCH net-next] sch_cake: Take into account guideline
 DEF/DGSIC/36 from French Administration

Christophe Leroy <christophe.leroy@...roup.eu> writes:

> Le 28/03/2022 à 17:43, Toke Høiland-Jørgensen a écrit :
>> Christophe Leroy <christophe.leroy@...roup.eu> writes:
>> 
>>> French Administration has written a guideline that defines additional
>>> DSCP values for use in its networks.
>> 
>> Huh, that's interesting!
>> 
>>> Add new CAKE diffserv tables to take those new values into account
>>> and add CONFIG_NET_SCH_CAKE_DGSIC to select those tables instead of
>>> the default ones.
>> 
>> ...however I don't think we should be including something this
>> special-purpose into the qdisc kernel code, and certainly we shouldn't
>> have a config option that changes the meaning of the existing diffserv
>> keywords!
>
> By the way it doesn't really change meaning. Just enhances it indeed. 
> Because they are not changing the meaning of existing DSCP codes, just 
> adding new ones.

Ah, OK, but then it's even easier, you can just add rules for the new
values using the userspace options and let cake select the rest using
the existing code.

>> Rather, this is something that is best specified from userspace; and in
>> fact Cake already has no less than two different ways to do this: the
>> 'fwmark' option, and setting the skb->priority field. Have you tried
>> using those?
>
> No I have not. In fact I'm just discovering the subject after some 
> people told me "we are contractually required to apply this guideline, 
> please make sure Linux kernel supports it".
>
> I'll give 'fwmark' and/or skb->priority a try. Is there any 
> Documentation on that somewhere ?

Both are documented in the tc-cake man page.

-Toke

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ