lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <412e6f7f0911110044i22c28ab6pa3a3691c014e76a8@mail.gmail.com> Date: Wed, 11 Nov 2009 16:44:48 +0800 From: Changli Gao <xiaosuo@...il.com> To: hadi@...erus.ca Cc: Stephen Hemminger <shemminger@...tta.com>, "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org Subject: Re: [PATCH] act_mirred: don't go back. On Wed, Nov 11, 2009 at 4:11 PM, jamal <hadi@...erus.ca> wrote: > Hi, > > On Tue, 2009-11-10 at 16:50 +0800, Changli Gao wrote: > >> Where? After skb2 is allocated, there won't be any failure any more. > > > Sorry, yes, your change does look like an improvement. > If you can test a little more - please add my sign-off and submit. OK. I'll do some test first, then send it out for review. > >> >> It's just OK. When using tc, I also found act_mirred doesn't support >> ingress, then I realized that there isn't any difference between >> ingress and egress, as it depends on its parent. However I do think it >> is confused, when it prints: >> filter parent ffff: protocol ip pref 49152 basic handle 0x1 >> action order 1: mirred (Egress Redirect to device ifb0) stolen >> index 5 ref 1 bind 1. >> And the TODO note still is in the source code of act_mirred, it do >> make me wonder for a while! > > Well, you know if you have the energy - doing socket redirect would > be very interesting indeed. Ingress is another beast, it requires some > thinking and a lot more testing depending on the devices because of > possible loops. > The current kernel and iproute2 support ingress in another way, that is attaching the filter to the corresponding ingress qdisc. refter to http://www.linuxfoundation.org/en/Net:IFB . The loops is avoided in netif_receive_skb() and with TTL mechanism. Do you have more documentation or examples about socket redirect? Sorry, I don't know what it is used to do. Is it sth. like ipt_REDIRECT? -- Regards, Changli Gao(xiaosuo@...il.com) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists