lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <ifgroup-20071129-165736-1196351856-panther@balabit.hu>
Date:	Thu, 29 Nov 2007 17:11:41 +0100
From:	Laszlo Attila Toth <panther@...abit.hu>
To:	David Miller <davem@...emloft.net>
Cc:	Patrick McHardy <kaber@...sh.net>, netdev@...r.kernel.org,
	Laszlo Attila Toth <panther@...abit.hu>
Subject: [PATCHv7 0/5 + 3] Interface group patches

Hello,

This is the 7th version of our interface group patches.

The interface group value can be used to manage different interfaces
at the same time such as in netfilter/iptables. 

As earlier discussed, it can be used for advanced routing, tc command
and so on [1].

An u_int32_t member was added to net devices indicating the interface
group number of the device which can be get/set via netlink.

The xt_ifgroup netfilter match is for checking this value with an
optional mask.

Changes:
  -  The first patch of the previous version splitted into 2 separate
  patches.

  - The ip command now let values larger than 0xff be set, octal, decimal
  and hexadecimal values are valid and in the range of 0x00-0xff any
  name can be used (from /etc/iproute2/rt_ifgroup).

  - added sysfs support to read/write the ifgroup value


Other patches are for userpace programs:
 * iptables

 * iproute2. Because kernel 2.6.24-rc1 introduced a new enum value,
   IFLA_NET_NS_PID, and it wasn't in the iproute2 code, the first
   patch simply adds this value. The second patch adds support of
   interface group.

Usage:
 ip link set eth0 group 684    # set
 ip link set eth0 group 0      # unset
 iptables -A INPUT -m ifgroup --ifgroup-in 4/0xf -j ACCEPT
 iptables -A FORWARD -m ifgroup --ifgroup-in 4  ! --ifgroup-out 5 -j DROP

Patches:
 [1/5] Remove unnecessary locks from rtnetlink (in do_setlink)
 [2/5] rtnetlink: send a single notification on device state changes
 [3/5] Interface group: core (netlink) part
 [4/5] Ifgroup read/write support in sysfs
 [5/5] Netfilter Interface group match
 [iptables]Interface group match
 [iproute2 1/2] Added IFLA_NET_NS_PID as in kernel v2.6.24-rc1
 [iproute2 2/2] Interface group as new ip link option



Rererences:
 [1] http://marc.info/?l=linux-netdev&m=119556459514598&w=2
--
Laszlo Attila Toth
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ