| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080729183128.GA2556@ami.dom.local> Date: Tue, 29 Jul 2008 20:31:28 +0200 From: Jarek Poplawski <jarkao2@...il.com> To: Denys Fedoryshchenko <denys@...p.net.lb> Cc: netdev@...r.kernel.org Subject: Re: incoming interface + ifb0 On Tue, Jul 29, 2008 at 04:26:36PM +0300, Denys Fedoryshchenko wrote: > On Tuesday 29 July 2008, Jarek Poplawski wrote: > > > I didn't use this nor checked enough, so I can be wrong, but > > since ingress with ifb0 is in prerouting, you probably can't use > > rt_iif. You shouldn't filter at ifb on "dev" neither - it's "ifb" > > at the moment. You need to match skb->iif with something (flow?). > Yes > I want to create on outgoing device or ifb(preffered) - tree of flows. > Cause each interface = customer - i need to classify customers by flows. > > Since customer can have multiple/spoofed ip's - i cannot filter by ip for now. > So iif only my choice seems. > > Maybe if i do redirect on outgoing to ifb on outgoing device it will work? I doubt you can do something like this - or I miss something. IMHO, you could try with this flow filter on ifb as a replacement for ipt + fw. Otherwise, if you can schedule on outgoing devs, you can use e.g. cls_route. On the other hand ppp usually enables controlling of clients, so maybe you should better try to use this more. Jarek P. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists