lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 12 Sep 2022 17:16:15 +0000
From:   Vladimir Oltean <vladimir.oltean@....com>
To:     Petr Machata <petrm@...dia.com>
CC:     "Daniel.Machon@...rochip.com" <Daniel.Machon@...rochip.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "Allan.Nielsen@...rochip.com" <Allan.Nielsen@...rochip.com>,
        "UNGLinuxDriver@...rochip.com" <UNGLinuxDriver@...rochip.com>,
        "maxime.chevallier@...tlin.com" <maxime.chevallier@...tlin.com>,
        "kuba@...nel.org" <kuba@...nel.org>,
        "vinicius.gomes@...el.com" <vinicius.gomes@...el.com>,
        "thomas.petazzoni@...tlin.com" <thomas.petazzoni@...tlin.com>
Subject: Re: [RFC PATCH net-next 2/2] net: dcb: add new apptrust attribute

On Mon, Sep 12, 2022 at 06:30:08PM +0200, Petr Machata wrote:
> 
> <Daniel.Machon@...rochip.com> writes:
> 
> > Den Fri, Sep 09, 2022 at 12:29:50PM +0000 skrev Vladimir Oltean:
> >
> >> Let's say I have a switch which only looks at VLAN PCP/DEI if the bridge
> >> vlan_filtering setting is enabled (otherwise, the switch is completely
> >> VLAN unaware, including for QoS purposes).
> >> 
> >> Would it be ok to report through ieee_getapptrust() that the PCP
> >> selector is trusted when under a vlan_filtering bridge, not trusted when
> >> not under a vlan_filtering bridge, and deny changes to ieee_setapptrust()
> >> for the PCP selector? I see the return value is not cached anywhere
> >> within the kernel, just passed to the user.
> >
> > Therefore, in your particular case, with the vlan_filtering on/off,
> > yes that would be OK IMO. Any concerns?
> 
> Yeah, it would make sense to me. With the 802.1q bridge, the reported
> trust level would be [PCP], with 802.1d it would be [].
> 
> As a service to the user, I would accept set requests that just reassert
> the only valid configuration, but otherwise it sounds OK to me.

This sounds good to me too.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ