| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Jun 2012 10:29:19 +0800 From: Changli Gao <xiaosuo@...il.com> To: David Miller <davem@...emloft.net> Cc: subramanian.vijay@...il.com, netdev@...r.kernel.org, shemminger@...tta.com, eric.dumazet@...il.com, alexander.h.duyck@...el.com Subject: Re: [PATCH net-next] udp: Add socket early demux support On Wed, Jun 27, 2012 at 5:34 AM, David Miller <davem@...emloft.net> wrote: > > You can't do this. > > If the UDP socket has wildcards, that means the source address of the > route will not be validated. This means we will start accepting > spoofed packets. It also means the route you are caching is going > to be the wrong route since the keys are variable. > > You can only do an early demux where all the keys are fully specified > and there are no wildcards. That why for TCP we only early demux for > established sockets. How about implementing the whole early demux infrastructure on iptables/netfilter like rpfilter and TPROXY, then users have more controls. -- Regards, Changli Gao(xiaosuo@...il.com) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists