| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aWlxoaPA4D4-sMa1@lore-desk>
Date: Fri, 16 Jan 2026 00:00:49 +0100
From: Lorenzo Bianconi <lorenzo@...nel.org>
To: Florian Westphal <fw@...len.de>
Cc: Pablo Neira Ayuso <pablo@...filter.org>,
Jozsef Kadlecsik <kadlec@...filter.org>, Phil Sutter <phil@....cc>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Simon Horman <horms@...nel.org>, David Ahern <dsahern@...nel.org>,
Shuah Khan <shuah@...nel.org>, netfilter-devel@...r.kernel.org,
coreteam@...filter.org, netdev@...r.kernel.org,
linux-kselftest@...r.kernel.org
Subject: Re: [PATCH nf-next v2 1/4] netfilter: Introduce tunnel metadata info
in nf_flowtable_ctx struct
> Lorenzo Bianconi <lorenzo@...nel.org> wrote:
> > This is a preliminary patch to introduce IP6IP6 flowtable acceleration.
>
> Would you mind extending this a little bit?
> AFAICS this prepares for IP6IP6 by removing the 'its ipv4'
> assumptions resp. adding needed 'its ipv4' checks:
> no ipv6 support is added here.
ack, I will expand the commit log.
>
> > Signed-off-by: Lorenzo Bianconi <lorenzo@...nel.org>
> > ---
> > net/netfilter/nf_flow_table_ip.c | 80 ++++++++++++++++++++++------------------
> > 1 file changed, 44 insertions(+), 36 deletions(-)
> >
> > diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c
> > index e128b0fe9a7bf50b458df9940d629ea08c521871..14c01b59f76569170057d2465ee5953efb557bcc 100644
> > --- a/net/netfilter/nf_flow_table_ip.c
> > +++ b/net/netfilter/nf_flow_table_ip.c
> > @@ -142,7 +142,18 @@ static bool ip_has_options(unsigned int thoff)
> > return thoff != sizeof(struct iphdr);
> > }
> >
> > -static void nf_flow_tuple_encap(struct sk_buff *skb,
> > +struct nf_flowtable_ctx {
> > + const struct net_device *in;
> > + u32 offset;
> > + u32 hdrsize;
> > + struct {
> > + u32 offset;
> > + u8 proto;
> > + } tun;
> > +};
>
> Could you add comments for the members here?
ack, I will do.
>
> In particular, we now have @offset and @tun.offset.
>
> I can guess that the offset is the start of the inner
> ip header and tun.offset is the start of the header
> following the inner ip header.
ack, right.
>
> This patch would perhaps be easier to review if the
> pure move of the ctx structure and passing the extra
> 'ctx' arg would be in a separate patch.
Ack I will do in v3.
Regards,
Lorenzo
Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)
Powered by blists - more mailing lists