lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZL+gHkLnLE91YBkS@shredder>
Date: Tue, 25 Jul 2023 13:12:46 +0300
From: Ido Schimmel <idosch@...sch.org>
To: Ratheesh Kannoth <rkannoth@...vell.com>
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org, jhs@...atatu.com,
	xiyou.wangcong@...il.com, jiri@...nulli.us, davem@...emloft.net,
	edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com
Subject: Re: [PATCH net-next] flow_dissector: Add IPSEC dissectors

On Tue, Jul 25, 2023 at 08:54:51AM +0530, Ratheesh Kannoth wrote:
>  Support for dissecting IPSEC field SPI (which is
>  32bits in size) for ESP and AH packets.
> 
>  This implementation does not support NAT-T
>  (encapsulation of ESP packets over UDP).
> 
> Signed-off-by: Ratheesh Kannoth <rkannoth@...vell.com>
> ---
>  include/net/flow_dissector.h |  9 ++++++
>  include/net/flow_offload.h   |  6 ++++
>  include/uapi/linux/pkt_cls.h |  3 ++
>  net/core/flow_dissector.c    | 53 +++++++++++++++++++++++++++++++++++-
>  net/core/flow_offload.c      |  7 +++++
>  net/sched/cls_flower.c       | 18 ++++++++++++

Please split flow dissector and flower changes into separate patches.
Also, you can't add the flow offload bits without a corresponding driver
change. Nobody calls the exported flow_rule_match_ipsec() function.

[...]

> diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h
> index 7865f5a9885b..a90b0e3d351f 100644
> --- a/include/uapi/linux/pkt_cls.h
> +++ b/include/uapi/linux/pkt_cls.h
> @@ -594,6 +594,9 @@ enum {
>  
>  	TCA_FLOWER_KEY_L2TPV3_SID,	/* be32 */
>  
> +	TCA_FLOWER_KEY_SPI,		/* be32 */
> +	TCA_FLOWER_KEY_SPI_MASK,	/* be32 */
> +

This will break existing user space on new kernels. New attributes must
be added at the end.

>  	TCA_FLOWER_L2_MISS,		/* u8 */
>  
>  	TCA_FLOWER_KEY_CFM,		/* nested */

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ