lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 02 Oct 2008 11:12:08 +0200
From:	Patrick McHardy <kaber@...sh.net>
To:	Alexey Dobriyan <adobriyan@...il.com>
CC:	netdev@...r.kernel.org, netfilter-devel@...r.kernel.org,
	containers@...ts.linux-foundation.org
Subject: Re: [PATCH 33/33] Enable netfilter in netns

Alexey Dobriyan wrote:
> >From kernel perspective, allow entrance in nf_hook_slow().
>
> Stuff which uses nf_register_hook/nf_register_hooks, but otherwise not netns-ready:
>
> 	DECnet netfilter
> 	ipt_CLUSTERIP
> 	nf_nat_standalone.c together with XFRM (?)
> 	IPVS
> 	several individual match modules (like hashlimit)
> 	ctnetlink
> 	NOTRACK
> 	all sorts of queueing and reporting to userspace
> 	L3 and L4 protocol sysctls, bridge sysctls
> 	probably something else
>
> Anyway critical mass has been achieved, there is no reason to hide netfilter any longer.
>
> >From userspace perspective, allow to manipulate all sorts of                                                                                                                                                                                   
> iptables/ip6tables/arptables rules.
>   

Applied. thanks Alexey.

Is there an easy way to test all this stuff?

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ