| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Dec 2013 16:10:18 +0100 From: Valentina Giusti <valentina.giusti@...-carit.de> To: Florian Westphal <fw@...len.de> CC: <netfilter-devel@...r.kernel.org>, <netdev@...r.kernel.org>, <jpa@...gle.com>, <pablo@...filter.org>, <daniel.wagner@...-carit.de> Subject: Re: [PATCH v3 1/2] netfilter_queue: enable UID/GID socket info retrieval On 12/20/2013 04:03 PM, Florian Westphal wrote: > Valentina Giusti <valentina.giusti@...-carit.de> wrote: >>> I think this should be 'return 0'? >> I put return -1 because I think that if userspace has requested to >> receive UID and GID, then it should be dumped only packets that have >> that information available. >> Are you suggesting that it should be otherwise? > > Yes, doing that doesn't make sense to me. > And it is inconsitent: > Packets without socket information are queued normally > in your patch, but suddently if its a timewait socket > its an error? > > Why would we want timewait packets to NOT be queued? > vs. for example forwarded packets? > > Userspace can test for presence of the attributes, i.e. > no NFQA_UID attribute -> no socket present, or lack of uid > information. > > If you have a counter-example? > Sorry no, I think you are right, thanks for the explanation. Should I resend the patch or is it a change small enough that can be done when applied? Unless there are still other comments, ofc. Thanks, - Val -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists