lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Zs88pbEadxLWLLbn@gmail.com>
Date: Wed, 28 Aug 2024 08:05:09 -0700
From: Breno Leitao <leitao@...ian.org>
To: Jakub Kicinski <kuba@...nel.org>
Cc: fw@...len.de, davem@...emloft.net, edumazet@...gle.com,
	pabeni@...hat.com, Pablo Neira Ayuso <pablo@...filter.org>,
	Jozsef Kadlecsik <kadlec@...filter.org>,
	David Ahern <dsahern@...nel.org>, Shuah Khan <shuah@...nel.org>,
	rbc@...a.com, netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
	netfilter-devel@...r.kernel.org,
	"open list:NETFILTER" <coreteam@...filter.org>,
	"open list:KERNEL SELFTEST FRAMEWORK" <linux-kselftest@...r.kernel.org>
Subject: Re: [PATCH nf-next v3 1/2] netfilter: Make IP_NF_IPTABLES_LEGACY
 selectable

Hello Jakub,

On Wed, Aug 28, 2024 at 07:42:40AM -0700, Jakub Kicinski wrote:
> On Tue, 27 Aug 2024 07:52:40 -0700 Breno Leitao wrote:
> > +++ b/tools/testing/selftests/net/config
> 
> You gotta check all the configs, net is now fine, but bpf still breaks.
> There may be more configs we don't use in CI.

Sure, how can I find which configs I should care about?

> BTW I'm not saying anything about the change itself. There's a non-zero
> chance that netfilter maintainers made the option hidden on purpose..

Right, but it seems there was a plan to have it enabled in the future,
as least that is what I read in a9525c7f6219c ("netfilter: xtables:
allow xtables-nft only builds")

	In the future the _LEGACY symbol will become visible and the select
	statements will be turned into 'depends on', but for now be on safe side
	so "make oldconfig" won't break things.


Also, this was discussed in the thread below, and it seems it is fine to
make the symbols visible:

https://lore.kernel.org/all/20240822132022.GA25665@breakpoint.cc/

Thanks for the review,
--breno

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ