| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Yl/badQSLevmpxcr@Laptop-X1>
Date: Wed, 20 Apr 2022 18:07:37 +0800
From: Hangbin Liu <liuhangbin@...il.com>
To: Marcelo Ricardo Leitner <mleitner@...hat.com>
Cc: Eyal Birger <eyal.birger@...il.com>, netdev@...r.kernel.org,
jhs@...atatu.com, xiyou.wangcong@...il.com, jiri@...nulli.us,
davem@...emloft.net, kuba@...nel.org, ahleihel@...hat.com,
dcaratti@...hat.com, aconole@...hat.com, roid@...dia.com,
Shmulik Ladkani <shmulik.ladkani@...il.com>
Subject: Re: [PATCH net] net: sched: act_mirred: Reset ct info when
mirror/redirect skb
On Tue, Apr 19, 2022 at 09:14:38PM +0300, Eyal Birger wrote:
> >
> > I guess I can understand why the reproducer triggers it, but I fail to
> > see the actual use case you have behind it. Can you please elaborate
> > on it?
>
> One use case we use mirred egress->ingress redirect for is when we want to
> reroute a packet after applying some change to the packet which would affect
> its routing. for example consider a bpf program running on tc ingress (after
> mirred) setting the skb->mark based on some criteria.
>
> So you have something like:
>
> packet routed to dummy device based on some criteria ->
> mirred redirect to ingress ->
> classification by ebpf logic at tc ingress ->
> packet routed again
>
> We have a setup where DNAT is performed before this flow in that case the
> ebpf logic needs to see the packet after the NAT.
Hi Marcelo,
Thanks for taking care of this. Would you help following up this issue as
you are more familiar with net sched?
Thanks
Hangbin
Powered by blists - more mailing lists