lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAF=yD-Jah3+1Sj3-Us72fKNu-__sg7pNb+-kC_knAV=iTHAitQ@mail.gmail.com>
Date: Wed, 28 Jan 2026 21:06:22 -0800
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: Jamal Hadi Salim <jhs@...atatu.com>
Cc: Paolo Abeni <pabeni@...hat.com>, davem@...emloft.net, edumazet@...gle.com, 
	kuba@...nel.org, horms@...nel.org, andrew+netdev@...n.ch, 
	netdev@...r.kernel.org, xiyou.wangcong@...il.com, jiri@...nulli.us, 
	victor@...atatu.com, dcaratti@...hat.com, lariel@...dia.com, 
	daniel@...earbox.net, pablo@...filter.org, kadlec@...filter.org, fw@...len.de, 
	phil@....cc, netfilter-devel@...r.kernel.org, coreteam@...filter.org, 
	zyc199902@...omail.cn, lrGerlinde@...lfence.com, jschung2@...ton.me
Subject: Re: [PATCH net 0/6] net/sched: Fix packet loops in mirred and netem

On Thu, Jan 15, 2026 at 6:33 AM Jamal Hadi Salim <jhs@...atatu.com> wrote:
>
> On Thu, Jan 15, 2026 at 5:23 AM Paolo Abeni <pabeni@...hat.com> wrote:
> >
> > On 1/11/26 5:39 PM, Jamal Hadi Salim wrote:
> > > We introduce a 2-bit global skb->ttl counter.Patch #1 describes how we puti
> > > together those bits. Patches #2 and patch #5 use these bits.
> > > I added Fixes tags to patch #1 in case it is useful for backporting.
> > > Patch #3 and #4 revert William's earlier netem commits. Patch #6 introduces
> > > tdc test cases.
> >
> > Generally speaking I think that a more self-encapsulated solution should
> > be preferable.
> >
>
> I dont see a way to do that with mirred. I am more than happy if
> someone else solves that issue or gives me an idea how to.

It might be informative that there used to be a redirect ttl field. I
removed it as part of tc_verd in commit aec745e2c520 ("net-tc: remove
unused tc_verd fields"). It was already unused by that time. The
mechanism was removed earlier in commit c19ae86a510c ("tc: remove
unused redirect ttl").

The IFB specific redirect logic remains (tc_at_ingress,
tc_skip_classify, from_ingress, redirected). Maybe some of those bits
can be used more efficiently. The cover letter for commit aec745e2c520
had a few suggestions [1].

Another redirect limit we have is XMIT_RECURSION_LIMIT. Though this
assumes running in a single call stack. BPF redirect uses it as of
commit a70b506efe89 ("bpf: enforce recursion limit on redirects"). For
tx. Rx takes netif_rx, so enqueue_to_backlog. So it does not seem that
this can address the entire request.

[1] https://lists.openwall.net/netdev/2017/01/07/92

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ