lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:	Wed, 3 Nov 2010 17:25:55 -0300
From:	Luciano Ruete <lruete@...ure.com.ar>
To:	netdev@...r.kernel.org
Subject: Netfilter MARK on tc ingress and ifb redirect

Hi,

Im developing a FLOSS ISP solution based on iptables/tc/iproute2

2 stumbling blocks that I found in my path

1) It would be very usefull have this working

tc filter add dev eth0 parent :ffff ... action ipt -j CONNMARK --restore-mark

where :ffff is an ingress qdisc, i know that currently this is not working nor 
coded.
Is this anyhow in the sight or TODO list of the iproute2 developers to have 
connmark available in ingress?

If not, how complex will be to implement it? (ie: lines of code number)

2) For a technical reason we need to be able to do:

tc filter action mirred egress redirect dev ifbx

at least twice in the same qdisc tree or nested in the redirected ifb, now 
only the first filter matched returns. That was possible in (i think) pre 2.6.18 
kernels but changed to avoid an infinite loop.

Is there any chance to have that behavior back using a kernel flag or 
something? 

PD: Plz CC me i'm not suscribed (I try but never get the reply)

-- 
Luciano Ruete
Sequre - Sys Admin
Mitre 617, piso 7, of. 1 
+54 261 4254894
Mendoza - Argentina
http://www.sequre.com.ar/
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists