| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Aug 2014 12:52:01 -0700 (PDT) From: David Miller <davem@...emloft.net> To: jiri@...nulli.us Cc: netdev@...r.kernel.org, kuznet@....inr.ac.ru, jmorris@...ei.org, yoshfuji@...ux-ipv6.org, stephen@...workplumber.org, cwang@...pensource.com, pshelar@...ira.com, nicolas.dichtel@...nd.com, therbert@...gle.com, dborkman@...hat.com, edumazet@...gle.com Subject: Re: [patch net-next 1/3] net: propagate sock pointer through netfilter hooks From: Jiri Pirko <jiri@...nulli.us> Date: Mon, 25 Aug 2014 21:29:26 +0200 > Mon, Aug 25, 2014 at 08:51:03PM CEST, davem@...emloft.net wrote: >>From: Jiri Pirko <jiri@...nulli.us> >>Date: Mon, 25 Aug 2014 16:05:10 +0200 >> >>> Dave, I see that the patchset is in state "Changes requested". I do not >>> think I understand what is needed to be done at this point. Would you >>> please tell me? Thanks. >> >>I said there is too much churn so I want an alternative approach >>considered. >> >>Also want you to fix the ipv6 fragmentation error too. > > > Hmm. When skb->x adding is no-go and propagating sk through nf hooks is > no go, I really do not see the way to fix this... I might be missing > something though... Change the order of operations so that sk can be evaluated and tested earlier in the code paths, before the NF_HOOK executes. Or only store the boolean result of the test in the sk_buff. Please, try to be creative, do not just see black and white. :-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists