lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 01 Apr 2010 08:34:16 -0400 From: jamal <hadi@...erus.ca> To: Timo Teräs <timo.teras@....fi> Cc: Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, Patrick McHardy <kaber@...sh.net>, netdev@...r.kernel.org Subject: Re: [RFC] SPD basic actions per netdev On Thu, 2010-04-01 at 15:10 +0300, Timo Teräs wrote: > On entry to ip_forward the routing decision has already been made. > Both oif and iif are valid on entry. ah, ok - yes;-> > Currently policy_check() uses oif for SPD matching. indeed it does. So i can see the dilemma with fwd path. It would be nice to be able to classify on both iif and oif. So that leaves only IN direction. If i only worried about that and use skb->skb_iif then at least i wont be breaking the semantics for FWD/OUT (i.e the patch without check for FWD). That would make semantics for selector ifindex as follows: table current patch ---------------------------- OUT fl->oif fl->oif FWD fl->oif fl->oif IN N/A skb->skb_iif By "N/A" it means really you cant set it. If you do it doesnt work. cheers, jamal -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists