From: Florian Westphal <fw@strlen.de>
To: Ursula Braun <ubraun@linux.vnet.ibm.com>
Cc: David Miller <davem@davemloft.net>,
netdev@vger.kernel.org, linux-s390@vger.kernel.org,
jwi@linux.vnet.ibm.com, schwidefsky@de.ibm.com,
heiko.carstens@de.ibm.com, raspl@linux.vnet.ibm.com,
hwippel@linux.vnet.ibm.com
Subject: Re: [PATCH net-next 1/1] net/smc: add SMC rendezvous protocol
Date: Thu, 12 Oct 2017 13:14:29 +0200 [thread overview]
Message-ID: <20171012111429.GG26835@breakpoint.cc> (raw)
In-Reply-To: <b37b38df-cbb8-ca86-d460-9d3ec7acc2c6@linux.vnet.ibm.com>
Ursula Braun <ubraun@linux.vnet.ibm.com> wrote:
> On 10/11/2017 11:06 PM, David Miller wrote:
> > From: Ursula Braun <ubraun@linux.vnet.ibm.com>
> > Date: Tue, 10 Oct 2017 16:14:19 +0200
> >
> >> The goal of this patch is to leave common TCP code unmodified. Thus,
> >> it uses netfilter hooks to intercept TCP SYN and SYN/ACK
> >> packets. For outgoing packets originating from SMC sockets, the
> >> experimental option is added. For inbound packets destined for SMC
> >> sockets, the experimental option is checked.
> >
> > I think this really isn't going to pass.
> >
> > It's a user experience nightmare when the kernel inserts and
> > deletes filtering rules outside of what the user configures
> > on their system.
It depends if the hook is passive or not (i.e. mangles
payload/metadata or returns verdict other than NF_ACCEPT).
OUTPUT hook added here is not passive as it mangles tcp options.
> > This approach was also considerd for ipv6 ILA, and the same
> > pushback was given.
ahem.
net/ipv6/ila/ila_xlat.c: err = nf_register_net_hooks(net, ila_nf_hook_ops,
FWIW at least the input hook seems ok to me provided it would use
skb_header_pointer for tcp header access (there is no guarantee
tcp_hdr() works or that the tcp header has been sanity checked in any
way).
Perhaps its time to consider moving net/netfilter/core.c into net/core
and rename NF_HOOK to NET_HOOK?
next prev parent reply other threads:[~2017-10-12 11:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-10 14:14 [PATCH net-next 1/1] net/smc: add SMC rendezvous protocol Ursula Braun
2017-10-11 21:06 ` David Miller
2017-10-12 10:48 ` Ursula Braun
2017-10-12 11:14 ` Florian Westphal [this message]
2017-10-13 6:06 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171012111429.GG26835@breakpoint.cc \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=heiko.carstens@de.ibm.com \
--cc=hwippel@linux.vnet.ibm.com \
--cc=jwi@linux.vnet.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=raspl@linux.vnet.ibm.com \
--cc=schwidefsky@de.ibm.com \
--cc=ubraun@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.