lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <41eb417e-60ea-4e1d-a293-fac362d52403@gmail.com>
Date: Tue, 8 Apr 2025 20:56:04 +0200
From: Eric Woudstra <ericwouds@...il.com>
To: Florian Westphal <fw@...len.de>
Cc: Pablo Neira Ayuso <pablo@...filter.org>,
 Jozsef Kadlecsik <kadlec@...filter.org>,
 Nikolay Aleksandrov <razor@...ckwall.org>, Ido Schimmel <idosch@...dia.com>,
 "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
 Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
 Simon Horman <horms@...nel.org>, netfilter-devel@...r.kernel.org,
 bridge@...ts.linux.dev, netdev@...r.kernel.org
Subject: Re: [PATCH v11 nf-next 1/2] netfilter: bridge: Add conntrack double
 vlan and pppoe



On 4/8/25 8:48 PM, Florian Westphal wrote:
> Eric Woudstra <ericwouds@...il.com> wrote:
>> The thing is, single vlan (802.1Q) can be conntracked without setting up
>> a zone. I've only added Q-in-Q, AD and PPPoE-in-Q. Since single Q (L2)

I forgot to mention only PPPoE here.

>> can be conntracked, I thought the same will apply to other L2 tags.
>>
>> So would single Q also need this restriction added in your opinion?
> 
> I think its too risky to add it now for single-Q case.

Indeed, this would be a regression. I will look into only adding the
restriction to the newly added tags. However, it is inconsistent, which
is the point I was trying making.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ