lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAM0EoMnSVQHyQy37OoznsF15+M84o7L2c6UwtKL1Fcuwev4rHA@mail.gmail.com>
Date: Fri, 5 Jan 2024 06:20:10 -0500
From: Jamal Hadi Salim <jhs@...atatu.com>
To: Eyal Birger <eyal.birger@...il.com>
Cc: Jakub Kicinski <kuba@...nel.org>, Stephen Hemminger <stephen@...workplumber.org>, netdev@...r.kernel.org, 
	Florian Westphal <fw@...len.de>, victor@...atatu.com
Subject: Re: [PATCH iproute2-next v2] remove support for iptables action

On Thu, Jan 4, 2024 at 9:33 PM Eyal Birger <eyal.birger@...il.com> wrote:
>
> Hi,
>
> On Thu, Jan 4, 2024 at 8:15 AM Jamal Hadi Salim <jhs@...atatu.com> wrote:
> >
> > On Thu, Jan 4, 2024 at 10:25 AM Jakub Kicinski <kuba@...nel.org> wrote:
> > >
> > > On Wed, 27 Dec 2023 12:25:24 -0500 Jamal Hadi Salim wrote:
> > > > On Tue, Dec 26, 2023 at 1:25 PM Stephen Hemminger
> > > > <stephen@...workplumber.org> wrote:
> > > > >
> > > > > There is an open upstream kernel patch to remove ipt action from
> > > > > kernel. This is corresponding iproute2 change.
> > > > >
> > > > >  - Remove support fot ipt and xt in tc.
> > > > >  - Remove no longer used header files.
> > > > >  - Update man pages.
> > > > >
> > > > > Signed-off-by: Stephen Hemminger <stephen@...workplumber.org>
> > > >
> > > > Does em_ipt need the m_xt*.c? Florian/Eyal can comment. Otherwise,
> > > > Reviewed-by: Jamal Hadi Salim <jhs@...atatu.com>
> > >
> > > Damn, I was waiting for Eyal to comment but you didn't CC
> > > either him or Florian 😆️
> > >
> > > Eyal, would it be possible for you to test if the latest
> > > net-next and iproute2 with this patch works for you?
> >
> > Sorry bout that. Also Florian (who wrote the code).
>
> I tested and it looks like the patch doesn't affect em_ipt, as expected.
>
> I did however run into a related issue while testing - seems that
> using the old "ingress" qdisc - that em_ipt iproute2 code still uses -
> isn't working, i.e:
>
> $ tc qdisc add dev ipsec1 ingress
> Error: Egress block dev insert failed.
>
> This seems to originate from recent commit 913b47d3424e
> ("net/sched: Introduce tc block netdev tracking infra").
>
> When I disabled that code in my build I was able to use em_ipt
> as expected.

Resolved in: https://lore.kernel.org/netdev/20240104125844.1522062-1-jiri@resnulli.us/
Eyal, if you have cycles please give it a try. Jakub, can we get that applied?

cheers,
jamal
> Eyal.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ