| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aWZgos3epThP36en@strlen.de>
Date: Tue, 13 Jan 2026 16:11:30 +0100
From: Florian Westphal <fw@...len.de>
To: Lorenzo Bianconi <lorenzo@...nel.org>
Cc: Pablo Neira Ayuso <pablo@...filter.org>,
Jozsef Kadlecsik <kadlec@...filter.org>, Phil Sutter <phil@....cc>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Simon Horman <horms@...nel.org>, David Ahern <dsahern@...nel.org>,
Shuah Khan <shuah@...nel.org>, netfilter-devel@...r.kernel.org,
coreteam@...filter.org, netdev@...r.kernel.org,
linux-kselftest@...r.kernel.org
Subject: Re: [PATCH nf-next v2 1/4] netfilter: Introduce tunnel metadata info
in nf_flowtable_ctx struct
Lorenzo Bianconi <lorenzo@...nel.org> wrote:
> This is a preliminary patch to introduce IP6IP6 flowtable acceleration.
Would you mind extending this a little bit?
AFAICS this prepares for IP6IP6 by removing the 'its ipv4'
assumptions resp. adding needed 'its ipv4' checks:
no ipv6 support is added here.
> Signed-off-by: Lorenzo Bianconi <lorenzo@...nel.org>
> ---
> net/netfilter/nf_flow_table_ip.c | 80 ++++++++++++++++++++++------------------
> 1 file changed, 44 insertions(+), 36 deletions(-)
>
> diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c
> index e128b0fe9a7bf50b458df9940d629ea08c521871..14c01b59f76569170057d2465ee5953efb557bcc 100644
> --- a/net/netfilter/nf_flow_table_ip.c
> +++ b/net/netfilter/nf_flow_table_ip.c
> @@ -142,7 +142,18 @@ static bool ip_has_options(unsigned int thoff)
> return thoff != sizeof(struct iphdr);
> }
>
> -static void nf_flow_tuple_encap(struct sk_buff *skb,
> +struct nf_flowtable_ctx {
> + const struct net_device *in;
> + u32 offset;
> + u32 hdrsize;
> + struct {
> + u32 offset;
> + u8 proto;
> + } tun;
> +};
Could you add comments for the members here?
In particular, we now have @offset and @tun.offset.
I can guess that the offset is the start of the inner
ip header and tun.offset is the start of the header
following the inner ip header.
This patch would perhaps be easier to review if the
pure move of the ctx structure and passing the extra
'ctx' arg would be in a separate patch.
Powered by blists - more mailing lists