| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LSU.2.01.1007191841500.19191@obet.zrqbmnf.qr> Date: Mon, 19 Jul 2010 18:44:33 +0200 (CEST) From: Jan Engelhardt <jengelh@...ozas.de> To: "Gerd v. Egidy" <lists@...dy.de> cc: netfilter-devel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: Are concurrent calls to tc action ipt safe? On Monday 2010-07-19 16:23, Gerd v. Egidy wrote: >AFAIK, current iptables has a short race condition when two rules within the >same table are changed at once. > >E.g. when two users simultaneously call something like this >iptables -t filter -A INPUT -s 192.168.1.1 -j MARK --set-mark 1 >and >iptables -t filter -A INPUT -s 192.168.1.2 -j MARK --set-mark 2 >one of these entries can get lost. There are many serialization techniques possible to serialize iptables execution. >tc filter add dev eth0 parent ffff: protocol ip prio 1 u32 \ >match ip src 192.168.1.1 \ >action ipt -j MARK --set-mark 1 > >Since this call uses the xtables targets I'm currently not sure if the same >problem regarding concurrent changes exists or not. Can anyone tell me if >concurrent calls like this are safe? This target invocation is not in any table, thus there is no race condition. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists