| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110819152415.00e1c795@nehalam.ftrdhcpuser.net> Date: Fri, 19 Aug 2011 15:24:15 -0700 From: Stephen Hemminger <shemminger@...tta.com> To: "Christian Benvenuti (benve)" <benve@...co.com> Cc: "David Lamparter" <equinox@...c24.net>, "Nick Carter" <ncarter100@...il.com>, "Ed Swierk" <eswierk@...switch.com>, <netdev@...r.kernel.org>, <bridge@...ux-foundation.org>, <netfilter-devel@...r.kernel.org> Subject: Re: [RFC] bridge: add netfilter hook for forwarding 802.1D group addresses On Fri, 19 Aug 2011 17:18:04 -0500 "Christian Benvenuti (benve)" <benve@...co.com> wrote: > The patch description and the code are clearly saying that STP is > an exception, but I am just worried about the users. > Maybe a proper description in the iptables help is sufficient. > > Users may otherwise try to use this new hook for STP too > (for example to generate logs or produce statistics/counters > or divert STP traffic to userspace, etc). STP traffic already goes to userspace. And gets processed by the LOCAL_IN chain. So I don't think it is needed. > Out of curiosity, ... if this gets accepted, shouldn't you provide > NF_BR_LINK_LOCAL_OUT too? > Or maybe you should call it NF_BR_LINK_LOCAL_FWD instead of > NF_BR_LINK_LOCAL_IN? Thanks, that is a better name, I'll change it in next version. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists