lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Apr 2014 17:27:34 +0200 From: Pablo Neira Ayuso <pablo@...filter.org> To: David Miller <davem@...emloft.net> Cc: netfilter-devel@...r.kernel.org, netdev@...r.kernel.org, kaber@...sh.net Subject: Re: [PATCH RFC 0/9] socket filtering using nf_tables On Fri, Apr 04, 2014 at 11:24:32AM -0400, David Miller wrote: > From: Pablo Neira Ayuso <pablo@...filter.org> > Date: Tue, 11 Mar 2014 10:19:11 +0100 > > > The following patchset provides a socket filtering alternative to BPF > > which allows you to define your filter using the nf_tables expressions. > > Generally I like this series, but of course you will need to respin > it against the work that went into net-next recently. Sure, no problem. > I only wonder about the expression implementation module loading > logic when we add an nft filter to a socket. Yes, that needs to be revisited, some people already rised concerns on that. > It seems that if the module doesn't exist, we return -EAGAIN, drop the > mutex, and retry. I see nothing which breaks this loop, it seems like > it can run forever if a module is simply not present. Will recheck this as well. Thanks for the feedback. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists