lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKD1Yr2J-UgU+Ycu4pf3L51-1tN1fnxQxDo8fLj+9yb4jQuGZg@mail.gmail.com>
Date:	Wed, 30 Apr 2014 13:36:02 +0900
From:	Lorenzo Colitti <lorenzo@...gle.com>
To:	David Newall <davidn@...idnewall.com>
Cc:	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	Hannes Frederic Sowa <hannes@...essinduktion.org>,
	David Miller <davem@...emloft.net>, JP Abgrall <jpa@...gle.com>
Subject: Re: [RFC net-next 0/4] Support UID range routing.

On Mon, Apr 28, 2014 at 11:38 PM, Lorenzo Colitti <lorenzo@...gle.com> wrote:
> The user ID could identify a service (e.g., mail vs. web), different
> users/customers on the a shared server / machine, different users /
> applications on a mobile device, etc.

Example real-world use case: the Android VPN framework currently uses
iptables owner matching to mark packets, fwmark routing, and
masquerade to send traffic on the correct VPN for the user (Android
tablets are multi-user devices).

The use of NAT forces the system to use MSS rewriting instead of PMTUD
and makes it impossible for the app to know its real IP address and
port, breaking apps like SIP clients (in addition to requiring
conntrack to keep state locally-originated connections). Per-UID
routing would solve all these problems in a much cleaner way.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ