| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 08 Jun 2007 16:46:32 -0700 From: Ben Greear <greearb@...delatech.com> To: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@....net> CC: Pavel Emelianov <xemul@...nvz.org>, Kirill Korotaev <dev@...nvz.org>, Linux Netdev List <netdev@...r.kernel.org>, David Miller <davem@...emloft.net>, "Eric W. Biederman" <ebiederm@...ssion.com>, Linux Containers <containers@...ts.osdl.org>, Stephen Hemminger <shemminger@...ux-foundation.org>, Patrick McHardy <kaber@...sh.net> Subject: Re: [PATCH] Virtual ethernet tunnel (v.2) Carl-Daniel Hailfinger wrote: > On 08.06.2007 19:00, Ben Greear wrote: >> I have another sysfs patch that allows setting a default skb->mark for >> an interface so that you can set the skb->mark >> before it hits the connection tracking logic, but I'm been told this one >> has very little chance >> of getting into the kernel. The skb->mark patch is only useful (as far >> as I can tell) if you >> also include a patch Patrick McHardy did for me that allowed the >> conn-tracking logic to >> use skb->mark as part of it's tuple. This allows me to do NAT between >> virtual routers >> (routing tables) on the same machine using veth-equivalent drivers to >> connect the >> routers. He thinks this will probably not ever get into the kernel either. > > Are these patches available somewhere? I'm currently doing NAT between > virtual routers by some advanced iproute2/iptables trickery, but I have > no way to handle the occasional tuple conflict. A consolidated patch against 2.6.20.12 is here. It has a lot more than just the patches mentioned above, but it shouldn't hurt anything to have the whole patch applied: http://www.candelatech.com/oss/candela_2.6.20.patch The original patch for using skb->mark as a tuple was written by Patrick McHardy, and is here: http://www.candelatech.com/oss/skb_mark_conntrack.patch His patch merged with my patch to sysfs to set skb->mark on ingress is here: http://www.candelatech.com/oss/conntrack_mark_with_ssyctl.patch Thanks, Ben > > Regards, > Carl-Daniel -- Ben Greear <greearb@...delatech.com> Candela Technologies Inc http://www.candelatech.com - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists