| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 30 Sep 2007 17:38:28 +0200 From: Patrick McHardy <kaber@...sh.net> To: Herbert Xu <herbert@...dor.apana.org.au> CC: David Miller <davem@...emloft.net>, hadi@...erus.ca, netdev@...r.kernel.org, kuznet@....inr.ac.ru Subject: Re: [PKT_SCHED]: Add stateless NAT Herbert Xu wrote: > On Sun, Sep 30, 2007 at 08:26:01AM +0800, Herbert Xu wrote: > >>Indeed. The only other case I can think of is defragmentation. >>But even there we should be able to squeeze it into the original >>skb :) > > > OK it won't be pretty but it's definitely doable. We simply > swap the contents of that skb with the head skb that would've > otherwise been returned. > > If this is the only place in netfilter where we need to modify > *pskb then I think it's worthwhile. > > So the question is are there any other places that we haven't > covered which also needs to change *pskb? >From a quick look it seems at least IPv4 and IPv6 don't need to change the skb anywhere else. It seems to be necessary for bridging though to unshare the skb. OTOH br_netfilter.c already unshares the skb for IPv4 and IPv6, so we could simply do this unconditionally before calling the hooks. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists