lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 03 Sep 2012 23:15:57 +0200 From: Jesper Dangaard Brouer <brouer@...hat.com> To: "Patrick McHardy" <kaber@...sh.net>, Hans Schillstrom <hans@...illstrom.com>, Hans Schillstrom <hans.schillstrom@...csson.com> Cc: Jesper Dangaard Brouer <brouer@...hat.com>, netdev@...r.kernel.org, netfilter-devel@...r.kernel.org, Pablo Neira Ayuso <pablo@...filter.org> Subject: [RFC PATCH 0/2] RFC: Caching IPv6 exthdr in skb->cb[] Hi Patrick and Hans, This is my followup to: [PATCH 2/3] ipvs: Fix faulty IPv6 extension header handling in IPVS Where you proposed improving the overall architecture of IPv6 extension header parsing not only for IPVS but for other related Netfilter subsystems as well. We discussed using/extending inet6_skb_parm/IP6CB. There was not enough room for extending inet6_skb_parm directly, so I have introduced a struct inet6_skb_exthdr_cache/IP6CB_EXTHDR, which extend IP6CB. The question is if this approach will work. Can netfilter be allowed to modify data after inet6_skb_parm/IP6CB, given all the different HOOKs ? If we find this is a valid approach, then I'll update the IPVS patches to also use this. This patchset is based upon: Patrick's tree: git://github.com/kaber/nf-next-ipv6-nat.git --- Jesper Dangaard Brouer (2): netfilter: More users of ipv6_find_hdr_cb() net: Cache IPv6 extension header "skip" parsing include/linux/ipv6.h | 15 +++++++++++ include/linux/netfilter_ipv6/ip6_tables.h | 40 +++++++++++++++++++++++++++++ net/ipv6/netfilter/ip6_tables.c | 2 + net/netfilter/xt_TPROXY.c | 2 + net/netfilter/xt_socket.c | 2 + 5 files changed, 58 insertions(+), 3 deletions(-) -- Best regards, Jesper Dangaard Brouer MSc.CS, Sr. Network Kernel Developer at Red Hat Author of http://www.iptv-analyzer.org LinkedIn: http://www.linkedin.com/in/brouer -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists