lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Oct 2017 23:06:34 -0700 (PDT) From: David Miller <davem@...emloft.net> To: fw@...len.de Cc: ubraun@...ux.vnet.ibm.com, netdev@...r.kernel.org, linux-s390@...r.kernel.org, jwi@...ux.vnet.ibm.com, schwidefsky@...ibm.com, heiko.carstens@...ibm.com, raspl@...ux.vnet.ibm.com, hwippel@...ux.vnet.ibm.com Subject: Re: [PATCH net-next 1/1] net/smc: add SMC rendezvous protocol From: Florian Westphal <fw@...len.de> Date: Thu, 12 Oct 2017 13:14:29 +0200 > Ursula Braun <ubraun@...ux.vnet.ibm.com> wrote: >> On 10/11/2017 11:06 PM, David Miller wrote: >> > From: Ursula Braun <ubraun@...ux.vnet.ibm.com> >> > Date: Tue, 10 Oct 2017 16:14:19 +0200 >> > >> >> The goal of this patch is to leave common TCP code unmodified. Thus, >> >> it uses netfilter hooks to intercept TCP SYN and SYN/ACK >> >> packets. For outgoing packets originating from SMC sockets, the >> >> experimental option is added. For inbound packets destined for SMC >> >> sockets, the experimental option is checked. >> > >> > I think this really isn't going to pass. >> > >> > It's a user experience nightmare when the kernel inserts and >> > deletes filtering rules outside of what the user configures >> > on their system. > > It depends if the hook is passive or not (i.e. mangles > payload/metadata or returns verdict other than NF_ACCEPT). > > OUTPUT hook added here is not passive as it mangles tcp options. > >> > This approach was also considerd for ipv6 ILA, and the same >> > pushback was given. > > ahem. > net/ipv6/ila/ila_xlat.c: err = nf_register_net_hooks(net, ila_nf_hook_ops, My bad, I thought we had decided against that. Oh well.
Powered by blists - more mailing lists