lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20121203235216.GA11723@1984>
Date:	Tue, 4 Dec 2012 00:52:16 +0100
From:	Pablo Neira Ayuso <pablo@...filter.org>
To:	Jan Engelhardt <jengelh@...i.de>
Cc:	Dries De Winter <dries.dewinter@...il.com>,
	David Miller <davem@...emloft.net>, kaber@...sh.net,
	netdev@...r.kernel.org, netfilter-devel@...r.kernel.org
Subject: Re: [PATCH] net: ICMPv6 packets transmitted on wrong interface if
 nfmark is mangled

On Tue, Dec 04, 2012 at 12:38:25AM +0100, Jan Engelhardt wrote:
> 
> On Monday 2012-12-03 22:31, Dries De Winter wrote:
> >
> >Not fixing this means that skb->mark is unavailable for use on ICMPv6
> >packets because it will inevitably put those packets on the wrong
> >interface. [...]
> >
> >I use skb->mark for QoS, not for routing so I don't expect
> >the outgoing interface to be affected by my markers.
> 
> Why would it do that, if one has no routes joined to a fwmark NNN
> routing rule?

iptables_mangle assumes that ip_route_me_harder needs to be called if
the mark has changed.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ