| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 Oct 2011 00:04:06 -0400 (EDT) From: David Miller <davem@...emloft.net> To: zenczykowski@...il.com Cc: maze@...gle.com, netdev@...r.kernel.org Subject: Re: [PATCH] net: add sysctl allow_so_priority for SO_PRIORITY setsockopt From: Maciej Żenczykowski <zenczykowski@...il.com> Date: Fri, 21 Oct 2011 15:22:05 -0700 > From: Maciej Żenczykowski <maze@...gle.com> > > This change adds a sysctl (/proc/sys/net/core/allow_so_priority) > with a default of true (1), as such it does not change the default > behaviour of the Linux kernel. > > This sysctl can be set to false (0), this will result in non > CAP_NET_ADMIN processes being unable to set SO_PRIORITY socket > option. > > This is desireable if we want to rely on socket/skb priorities > being inferred from TOS/TCLASS bits. > > Signed-off-by: Maciej Żenczykowski <maze@...gle.com> The socket layer is not the place to enforce this. The ingress into your MPLS/RSVP cloud that actually provides the quality of service is where you control and mangle the TOS as needed. Sorry, I'm not applying anything like this. Any machine on your network can spit out any TOS it wants, and if you have control over the apps change it's behavior there. If you don't have control over the apps then filter and mangle. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists