lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <891375df-7395-4512-bd0c-055dac5cbedc@bernat.ch>
Date: Sun, 1 Oct 2023 23:21:24 +0200
From: Vincent Bernat <vincent@...nat.ch>
To: Eric Dumazet <edumazet@...gle.com>, Alce Lafranque <alce@...ranque.net>
Cc: "David S. Miller" <davem@...emloft.net>, Jakub Kicinski
 <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
 David Ahern <dsahern@...nel.org>, Ido Schimmel <idosch@...dia.com>,
 netdev@...r.kernel.org
Subject: Re: [PATCH net-next] vxlan: add support for flowlabel inherit

On 2023-09-30 17:29, Eric Dumazet wrote:

>> $ ./ip/ip link add vxlan1 type vxlan id 100 flowlabel inherit remote 2001:db8::1 local 2001:db8::2
> 
> Side question : How can "flowlabel inherit" can be turned off later
> with an "ip link change ..." ?
> 
> It seems vxlan_nl2flag() would always turn it 'on' for NLA_FLAG type :
> 
> if (vxlan_policy[attrtype].type == NLA_FLAG)
>      flags = conf->flags | mask;  // always turn on
> else if (nla_get_u8(tb[attrtype]))    // dead code for NLA_FLAG
>      flags = conf->flags | mask;
> else
>      flags = conf->flags & ~mask;
> 
> conf->flags = flags;

Most "flags" in vxlan module cannot be changed (see 
vxlan_flag_attr_error()).

IFLA_VXLAN_TTL_INHERIT seems to be the only one using NLA_FLAG. All the 
others are using NLA_U8 and in iproute2, they use XXXX and noXXXX option 
style. I suppose it makes sense to do this way if you don't know what 
the default value is.

For IFLA_VXLAN_TTL_INHERIT, iproute2 treat it as a u8 when reading, but 
as a flag when writing. I don't know if it makes sense to turn it to a 
true flag or if it would be considered as breaking userspace? iproute2 
would be OK, but I suppose that another piece of userland could have put 
the attribute with a value of 0.

For IFLA_VXLAN_LABEL_INHERIT, we can use a proper flag from start.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ