| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKD1Yr2J-UgU+Ycu4pf3L51-1tN1fnxQxDo8fLj+9yb4jQuGZg@mail.gmail.com> Date: Wed, 30 Apr 2014 13:36:02 +0900 From: Lorenzo Colitti <lorenzo@...gle.com> To: David Newall <davidn@...idnewall.com> Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, Hannes Frederic Sowa <hannes@...essinduktion.org>, David Miller <davem@...emloft.net>, JP Abgrall <jpa@...gle.com> Subject: Re: [RFC net-next 0/4] Support UID range routing. On Mon, Apr 28, 2014 at 11:38 PM, Lorenzo Colitti <lorenzo@...gle.com> wrote: > The user ID could identify a service (e.g., mail vs. web), different > users/customers on the a shared server / machine, different users / > applications on a mobile device, etc. Example real-world use case: the Android VPN framework currently uses iptables owner matching to mark packets, fwmark routing, and masquerade to send traffic on the correct VPN for the user (Android tablets are multi-user devices). The use of NAT forces the system to use MSS rewriting instead of PMTUD and makes it impossible for the app to know its real IP address and port, breaking apps like SIP clients (in addition to requiring conntrack to keep state locally-originated connections). Per-UID routing would solve all these problems in a much cleaner way. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists