| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <474EB585.30407@balabit.hu> Date: Thu, 29 Nov 2007 13:50:13 +0100 From: Laszlo Attila Toth <panther@...abit.hu> To: Lutz Jaenicke <ljaenicke@...ominate.com>, David Miller <davem@...emloft.net>, Patrick McHardy <kaber@...sh.net>, netdev@...r.kernel.org, netfilter-devel@...r.kernel.org Subject: Re: [PATCHv6 iptables]Interface group match Lutz Jaenicke írta: > On Tue, Nov 20, 2007 at 02:14:28PM +0100, Laszlo Attila Toth wrote: >> Interface group values can be checked on both input and output interfaces >> with optional mask. > >> Index: extensions/libxt_ifgroup.c >> =================================================================== >> --- extensions/libxt_ifgroup.c (revision 0) >> +++ extensions/libxt_ifgroup.c (revision 0) > >> + info->in_group = strtoul(optarg, &end, 0); > > This is somewhat inconsistent with the iproute patch which targets > specific groups (with names). > Should iptables be allowed to read "/etc/iproute2/rt_ifgroup"? It would be good but cannot be used if a mask is set and only values less than 256 can be used with names. > There is no standard API like getservbyname()... The code of iproute2 should be copied. If Patrick says it is ok, I'll write this part. > > I do have a draft patch for physdev which is however against > iptables-1.3.8 and linux-2.6.19 so it will need some more work > but I will attach it for discussion. Thanks. I will send soon for net-2.6.25 and iptables svn version. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists