lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ce7053c5-b06c-45e2-b0f0-eb1a33131853@blackwall.org>
Date: Mon, 24 Feb 2025 10:55:04 +0200
From: Nikolay Aleksandrov <razor@...ckwall.org>
To: Jordan Rife <jordan@...fe.io>, Daniel Borkmann <daniel@...earbox.net>
Cc: netdev@...r.kernel.org, bpf@...r.kernel.org, stephen@...workplumber.org,
 dsahern@...nel.org
Subject: Re: [PATCH iproute2] ip: link: netkit: Support scrub options

On 2/24/25 10:51, Nikolay Aleksandrov wrote:
> On 2/22/25 22:41, Jordan Rife wrote:
>> Add "scrub" option to configure IFLA_NETKIT_SCRUB and
>> IFLA_NETKIT_PEER_SCRUB when setting up a link. Add "scrub" and
>> "peer scrub" to device details as well when printing.
>>
>> $ sudo ./ip/ip link add jordan type netkit scrub default peer scrub none
>> $ ./ip/ip -details link show jordan
>> 43: jordan@nk0: <BROADCAST,MULTICAST,NOARP,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
>>     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535
>>     netkit mode l3 type primary policy forward peer policy forward scrub default peer scrub none numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 524280 tso_max_segs 65535 gro_max_size 65536 gso_ipv4_max_size 65536 gro_ipv4_max_size 65536
>>
>> Link: https://lore.kernel.org/netdev/20241004101335.117711-1-daniel@iogearbox.net/
>>
>> Signed-off-by: Jordan Rife <jordan@...fe.io>
>> ---
>>  ip/iplink_netkit.c | 46 +++++++++++++++++++++++++++++++++++++++++++++-
>>  1 file changed, 45 insertions(+), 1 deletion(-)
>>
> 
> Patch looks good to me, since this is a new feature perhaps it should
> target iproute2-next. Thanks!
> 
> Acked-by: Nikolay Aleksandrov <razor@...ckwall.org>
> 

Aargh, just noticed one minor nit:
"Usage: ... %s [ mode MODE ] [ POLICY ] [scrub SCRUB] [ peer [ POLICY <options> ] ]\n"

The other options are surrounded by spaces but scrub isn't. If you're going to send v2
please add spaces for scrub as well.

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ