lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 9 Dec 2022 09:53:55 +0200
From:   Nikolay Aleksandrov <razor@...ckwall.org>
To:     Ido Schimmel <idosch@...dia.com>, netdev@...r.kernel.org,
        bridge@...ts.linux-foundation.org
Cc:     davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
        edumazet@...gle.com, roopa@...dia.com, mlxsw@...dia.com
Subject: Re: [PATCH net-next 11/14] bridge: mcast: Allow user space to specify
 MDB entry routing protocol

On 08/12/2022 17:28, Ido Schimmel wrote:
> Add the 'MDBE_ATTR_RTPORT' attribute to allow user space to specify the
> routing protocol of the MDB port group entry. Enforce a minimum value of
> 'RTPROT_STATIC' to prevent user space from using protocol values that
> should only be set by the kernel (e.g., 'RTPROT_KERNEL'). Maintain
> backward compatibility by defaulting to 'RTPROT_STATIC'.
> 
> The protocol is already visible to user space in RTM_NEWMDB responses
> and notifications via the 'MDBA_MDB_EATTR_RTPROT' attribute.
> 
> The routing protocol allows a routing daemon to distinguish between
> entries configured by it and those configured by the administrator. Once
> MDB flush is supported, the protocol can be used as a criterion
> according to which the flush is performed.
> 
> Examples:
> 
>  # bridge mdb add dev br0 port dummy10 grp 239.1.1.1 permanent proto kernel
>  Error: integer out of range.
> 
>  # bridge mdb add dev br0 port dummy10 grp 239.1.1.1 permanent proto static
> 
>  # bridge mdb add dev br0 port dummy10 grp 239.1.1.1 src 192.0.2.1 permanent proto zebra
> 
>  # bridge mdb add dev br0 port dummy10 grp 239.1.1.2 permanent source_list 198.51.100.1,198.51.100.2 filter_mode include proto 250
> 
>  # bridge -d mdb show
>  dev br0 port dummy10 grp 239.1.1.2 src 198.51.100.2 permanent filter_mode include proto 250
>  dev br0 port dummy10 grp 239.1.1.2 src 198.51.100.1 permanent filter_mode include proto 250
>  dev br0 port dummy10 grp 239.1.1.2 permanent filter_mode include source_list 198.51.100.2/0.00,198.51.100.1/0.00 proto 250
>  dev br0 port dummy10 grp 239.1.1.1 src 192.0.2.1 permanent filter_mode include proto zebra
>  dev br0 port dummy10 grp 239.1.1.1 permanent filter_mode exclude proto static
> 
> Signed-off-by: Ido Schimmel <idosch@...dia.com>
> ---
> 
> Notes:
>     v1:
>     * Reject protocol for host entries.
> 
>  include/uapi/linux/if_bridge.h |  1 +
>  net/bridge/br_mdb.c            | 15 +++++++++++++--
>  net/bridge/br_private.h        |  1 +
>  3 files changed, 15 insertions(+), 2 deletions(-)
> 

Acked-by: Nikolay Aleksandrov <razor@...ckwall.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ