lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Mar 2016 07:31:35 -0700 From: Eric Dumazet <eric.dumazet@...il.com> To: Gilberto Bertin <gilberto.bertin@...il.com> Cc: netdev@...r.kernel.org, tom@...bertland.com, markzzzsmith@...il.com Subject: Re: [net-next RFC 0/4] SO_BINDTOPREFIX On Wed, 2016-03-23 at 02:26 +0000, Gilberto Bertin wrote: > Since the net-next window just opened, I'm resubmitting my RFC for the > SO_BINDTOSUBNET patch, following Mark Smith's suggestion to rename the > whole thing to a more clear SO_BINDTOPREFIX. Please do not add such monolithic option. BPF is absolutely the way to go here, as it allows for whatever user specified tweaks, like a list of destination subnetwork, or/and a list of source network, or the date/time of the day, or port knocking without netfilter, or ... you name it. Simply add an option to load a BPF filter on a socket, used to vary the various compute_score() functions. No hard coded knowledge in the kernel, but a generic interface.
Powered by blists - more mailing lists