lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 16 Dec 2012 19:59:22 +0100 (CET) From: Jan Engelhardt <jengelh@...i.de> To: Jamal Hadi Salim <jhs@...atatu.com> cc: Pablo Neira Ayuso <pablo@...filter.org>, Yury Stankevich <urykhy@...il.com>, shemonc@...il.com, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, netfilter-devel@...r.kernel.org Subject: Re: tc ipt action On Sunday 2012-12-16 18:47, Jamal Hadi Salim wrote: > >> old parse has not entered any deprecation stage yet, since there are still >> plugins out there (both the 5 and external ones) that make use of it. >> Right now, both parse and x6_parse are valid. > > True - but we are getting broken because we are using a call that only 5 or so > users provide. It would have saved us time if we got the > a good log message instead of checking for if !m->parse() A certainly safe bet would be to write, at the top of tc/m_xt.c, #if XTABLES_VERSION_CODE > 9 # error Someone call the guy who changed iptables and \ make him fix it^W^W^W^W say you need help. #endif Then I would automatically notify myself of "oh I need fix that too" when I feed any new releases of {iptables, iproute} through the Open Build Service. >> Yes, all those with an x6_ prefix are new. >> Mh, I already dream of plans reducing m_xt to something that >> does not require libxtables.so anymore. > > That would be nice - but someone is going to have to link to libxtables, no? I hope the complete opposite. The following is a rough, it-compiles, untested never-run, draft of a module. The vision here is that userspace only ever sends a chain name to the kernel. The git tree/branch for it is git://git.inai.de/linux xt2-pktsched commit 42c559c148cbbc22bf2cc29f2ad08bc330891838 net_sched: act: new action to call into Xtables2 chains include/net/netfilter/xt_core.h | 8 ++ include/uapi/linux/tc_act/tc_ipt.h | 2 + net/netfilter/xt_core.c | 3 +- net/sched/Kconfig | 9 ++ net/sched/Makefile | 1 + net/sched/act_xtables.c | 238 ++++++++++++++++++++++++++++++++++++ 6 files changed, 260 insertions(+), 1 deletion(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists