lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <49F061F2.9000005@trash.net>
Date:	Thu, 23 Apr 2009 14:41:22 +0200
From:	Patrick McHardy <kaber@...sh.net>
To:	Salatiel Filho <salatiel.filho@...il.com>
CC:	Jan Engelhardt <jengelh@...ozas.de>,
	Jarek Poplawski <jarkao2@...il.com>,
	"Y. D." <duyuyang@...il.com>, netdev <netdev@...r.kernel.org>,
	netfilter-devel <netfilter-devel@...r.kernel.org>
Subject: Re: IMQ bug: kernel reboot immediately

Salatiel Filho wrote:
> On Thu, Apr 23, 2009 at 08:22, Patrick McHardy <kaber@...sh.net> wrote:
>> Salatiel Filho wrote:
>>> Using imq i can shape upload on ppp0 [postrouting] while still having
>>> the internal private ips from the hosts, and i can shape download in
>>> ppp0 [prerouting] after get the correct nat'ed addresses.
>>>
>>> Is there a way to achieve this in IFB ? in a simple way ... :)
>> Currently not, the conntrack association is done at a later point.
>> We could add a classifier or TC action that performs the lookup
>> during ingress classification.
>>
>> Alternatively classifiers using conntrack information (like cls_flow)
>> could perform the lookup directly, but that would probably get a bit
>> ugly since some validation needs to be performed previously and it
>> would add a module dependency on conntrack.
>>
>>
> Using this actions would make  sfq hashing by dest ip or source ip
> work just like it works in imq ?

Not with the SFQ default hash since it classifies based on the
addresses in the IP header. But you could use the flow classifier,
which can use the addresses from the conntrack entry. This would
behave similar to IMQ+SFQ.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ