| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Apr 2023 10:35:47 +0200
From: Sabrina Dubroca <sd@...asysnail.net>
To: Emeel Hakim <ehakim@...dia.com>
Cc: "davem@...emloft.net" <davem@...emloft.net>,
"kuba@...nel.org" <kuba@...nel.org>,
"pabeni@...hat.com" <pabeni@...hat.com>,
"edumazet@...gle.com" <edumazet@...gle.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"leon@...nel.org" <leon@...nel.org>
Subject: Re: [PATCH net-next v4 5/5] macsec: Add MACsec rx_handler change
support
2023-04-13, 06:38:12 +0000, Emeel Hakim wrote:
>
>
> > -----Original Message-----
> > From: Sabrina Dubroca <sd@...asysnail.net>
> > Sent: Wednesday, 12 April 2023 17:59
> > To: Emeel Hakim <ehakim@...dia.com>
> > Cc: davem@...emloft.net; kuba@...nel.org; pabeni@...hat.com;
> > edumazet@...gle.com; netdev@...r.kernel.org; leon@...nel.org
> > Subject: Re: [PATCH net-next v4 5/5] macsec: Add MACsec rx_handler change
> > support
> >
> > External email: Use caution opening links or attachments
> >
> >
> > 2023-04-08, 13:57:35 +0300, Emeel Hakim wrote:
> > > Offloading device drivers will mark offloaded MACsec SKBs with the
> > > corresponding SCI in the skb_metadata_dst so the macsec rx handler
> > > will know to which interface to divert those skbs, in case of a marked
> > > skb and a mismatch on the dst MAC address, divert the skb to the
> > > macsec net_device where the macsec rx_handler will be called.
> >
> > Quoting my reply to v2:
> >
> > ========
> >
> > Sorry, I don't understand what you're trying to say here and in the subject line.
> >
> > To me, "Add MACsec rx_handler change support" sounds like you're changing
> > what function is used as ->rx_handler, which is not what this patch is doing.
> >
> > ========
>
> Sorry that I missed it.
> what do you think of "Don't rely solely on the dst MAC address for skb diversion upon MACsec rx_handler change"
> is it good enough?
But there's no "change of rx_handler". You're just receiving the
packet on the macsec device. I don't understand what you're trying to
say with "change of rx_handler", but to me that's not describing this
patch at all. "change of rx_handler" would describe a patch that
modifies dev->rx_handler.
"Don't rely solely on the dst MAC address to identify destination
MACsec device" looks ok, and should be followed by an explanation:
- why the dst MAC address may not be enough
- why it's not needed when we have metadata
> > > @@ -1048,6 +1052,14 @@ static enum rx_handler_result
> > > handle_not_macsec(struct sk_buff *skb)
> > >
> > > __netif_rx(nskb);
> > > }
> > > +
> > > + if (md_dst && md_dst->type == METADATA_MACSEC &&
> > rx_sc_found) {
BTW, why did you choose to separate that from the previous if/else if?
> > > + skb->dev = ndev;
> > > + skb->pkt_type = PACKET_HOST;
> > > + ret = RX_HANDLER_ANOTHER;
> > > + goto out;
> > > + }
> > > +
> > > continue;
> > > }
--
Sabrina
Powered by blists - more mailing lists