lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 22 Jun 2008 04:59:16 +0400 From: Alexey Dobriyan <adobriyan@...il.com> To: kaber@...sh.net Cc: netdev@...r.kernel.org, netfilter-devel@...r.kernel.org, den@...nvz.org, xemul@...nvz.org, ebiederm@...ssion.com, benjamin.thery@...l.net, dlezcano@...ibm.com Subject: [PATCH 00/25] Conntracking and NAT in netns Hi, patchbomb below makes significant parts of connection tracking and NAT code usable in netns and independent from other netns. Status is that it is lightly tested but more or less works, I used it on a box which provides NAT for another with all netdevices moved to netns, routing and iptables rules set up and rules flushed in init_net. So far so good. Weak points: a) races during netns destruction or conntrack modules unload (see more in patches) b) grabbing netns from skb->dev or skb->dst->dev these places should be checked with extreme scrunity :-\ c) some stuff not converted (pptp, h323) -- it's like 10 minutes to make a patch and full day to setup and test it :^) d) IPv6 conntracking wasn't tested. e) ordering probably should be redone (or it shouldn't since netfilter is banned in netns as is, so nobody will care) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists