| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4AEB13A3.50402@trash.net> Date: Fri, 30 Oct 2009 17:26:11 +0100 From: Patrick McHardy <kaber@...sh.net> To: Eric Dumazet <eric.dumazet@...il.com> CC: Herbert Xu <herbert@...dor.apana.org.au>, Adayadil Thomas <adayadil.thomas@...il.com>, netdev@...r.kernel.org Subject: Re: Connection tracking and vlan Eric Dumazet wrote: > Herbert Xu a écrit : >> Adayadil Thomas <adayadil.thomas@...il.com> wrote: >>> If two connections have same 5 tuple, src ip, dst ip, src port, dst >>> port, protocol(tcp/udp) >>> but on different vlans (different vlan id), does the conntrack separate these ? >> Probably not. Patrick, can you confirm this? Yes, you are right. > Very strange, this question about vlan looks like discussion we had > yesterday (or the day before...) about interfaces (versus packet defragmentation) Indeed, we did have that discussion a couple of years ago. IIRC Rusty also suggested to add the interface to the defragmentation key to avoid having fragments from different interfaces being reassembled since iptables interface matches will only match on the interface of the first fragment. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists