| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4E569571.1080603@monom.org> Date: Thu, 25 Aug 2011 20:33:21 +0200 From: Daniel Wagner <wagi@...om.org> To: Stephen Hemminger <shemminger@...tta.com> CC: Chris Friesen <chris.friesen@...band.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>, Glauber Costa <glommer@...allels.com>, Linux Containers <containers@...ts.osdl.org>, netdev@...r.kernel.org, David Miller <davem@...emloft.net>, Pavel Emelyanov <xemul@...allels.com> Subject: Re: [RFC] per-containers tcp buffer limitation Hi Stephen, On 08/25/2011 05:44 PM, Stephen Hemminger wrote: > What about using netfilter (with extensions)? We already have iptables > module to match on uid or gid. It wouldn't be hard to extend this to > other bits of meta data like originating and target containers. >From reading the man pages the "owner" extension of netfilter would only allow to match on outgoing traffic. Would it be possible to extend this to also match on incoming traffic? Sorry to be completely ignorant here. thanks, daniel -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists