lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 10 Dec 2022 15:33:09 +0200 From: Ido Schimmel <idosch@...dia.com> To: Nikolay Aleksandrov <razor@...ckwall.org> Cc: netdev@...r.kernel.org, bridge@...ts.linux-foundation.org, davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com, edumazet@...gle.com, roopa@...dia.com, mlxsw@...dia.com Subject: Re: [PATCH net-next 09/14] bridge: mcast: Add support for (*, G) with a source list and filter mode On Fri, Dec 09, 2022 at 09:41:05AM +0200, Nikolay Aleksandrov wrote: > On 08/12/2022 17:28, Ido Schimmel wrote: > > In preparation for allowing user space to add (*, G) entries with a > > source list and associated filter mode, add the necessary plumbing to > > handle such requests. > > > > Extend the MDB configuration structure with a currently empty source > > array and filter mode that is currently hard coded to EXCLUDE. > > > > Add the source entries and the corresponding (S, G) entries before > > making the new (*, G) port group entry visible to the data path. > > > > Handle the creation of each source entry in a similar fashion to how it > > is created from the data path in response to received Membership > > Reports: Create the source entry, arm the source timer (if needed), add > > a corresponding (S, G) forwarding entry and finally mark the source > > entry as installed (by user space). > > > > Add the (S, G) entry by populating an MDB configuration structure and > > calling br_mdb_add_group_sg() as if a new entry is created by user > > space, with the sole difference that the 'src_entry' field is set to > > make sure that the group timer of such entries is never armed. > > > > Note that it is not currently possible to add more than 32 source > > entries to a port group entry. If this proves to be a problem we can > > either increase 'PG_SRC_ENT_LIMIT' or avoid forcing a limit on entries > > created by user space. > > > > That can be tricky wrt EHT. If the limit is increased we have to consider the > complexity and runtime, we might have to optimize it. In practice I think it's > rare to have so many sources, but evpn might change that. :) Yea, we don't currently have data as to whether this limit is OK or not. Once we do we can make a more informed decision. Some options: 1. Slightly increase the current limit. 2. Remove the limit and move to an RB tree instead of a list. 3. Only install (*, G) EXCLUDE entries on the VXLAN port and let the VXLAN MDB do more fine-grained filtering. > > > Signed-off-by: Ido Schimmel <idosch@...dia.com> > > --- > > > > Notes: > > v1: > > * Use an array instead of a list to store source entries. > > > > net/bridge/br_mdb.c | 128 +++++++++++++++++++++++++++++++++++++++- > > net/bridge/br_private.h | 7 +++ > > 2 files changed, 132 insertions(+), 3 deletions(-) > > > > Acked-by: Nikolay Aleksandrov <razor@...ckwall.org> Thanks!
Powered by blists - more mailing lists