lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 03 Sep 2012 23:15:57 +0200
From:	Jesper Dangaard Brouer <brouer@...hat.com>
To:	"Patrick McHardy" <kaber@...sh.net>,
	Hans Schillstrom <hans@...illstrom.com>,
	Hans Schillstrom <hans.schillstrom@...csson.com>
Cc:	Jesper Dangaard Brouer <brouer@...hat.com>, netdev@...r.kernel.org,
	netfilter-devel@...r.kernel.org,
	Pablo Neira Ayuso <pablo@...filter.org>
Subject: [RFC PATCH 0/2] RFC: Caching IPv6 exthdr in skb->cb[]

Hi Patrick and Hans,

This is my followup to:
  [PATCH 2/3] ipvs: Fix faulty IPv6 extension header handling in IPVS

Where you proposed improving the overall architecture of IPv6
extension header parsing not only for IPVS but for other related
Netfilter subsystems as well.

We discussed using/extending inet6_skb_parm/IP6CB.  There was not
enough room for extending inet6_skb_parm directly, so I have
introduced a struct inet6_skb_exthdr_cache/IP6CB_EXTHDR, which extend
IP6CB.

The question is if this approach will work.  Can netfilter be allowed
to modify data after inet6_skb_parm/IP6CB, given all the different
HOOKs ?

If we find this is a valid approach, then I'll update the IPVS patches
to also use this.

This patchset is based upon:
 Patrick's tree:  git://github.com/kaber/nf-next-ipv6-nat.git

---

Jesper Dangaard Brouer (2):
      netfilter: More users of ipv6_find_hdr_cb()
      net: Cache IPv6 extension header "skip" parsing


 include/linux/ipv6.h                      |   15 +++++++++++
 include/linux/netfilter_ipv6/ip6_tables.h |   40 +++++++++++++++++++++++++++++
 net/ipv6/netfilter/ip6_tables.c           |    2 +
 net/netfilter/xt_TPROXY.c                 |    2 +
 net/netfilter/xt_socket.c                 |    2 +
 5 files changed, 58 insertions(+), 3 deletions(-)


--
Best regards,
  Jesper Dangaard Brouer
  MSc.CS, Sr. Network Kernel Developer at Red Hat
  Author of http://www.iptv-analyzer.org
  LinkedIn: http://www.linkedin.com/in/brouer
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists