lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1459261895.6473.176.camel@edumazet-glaptop3.roam.corp.google.com>
Date:	Tue, 29 Mar 2016 07:31:35 -0700
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Gilberto Bertin <gilberto.bertin@...il.com>
Cc:	netdev@...r.kernel.org, tom@...bertland.com, markzzzsmith@...il.com
Subject: Re: [net-next RFC 0/4] SO_BINDTOPREFIX

On Wed, 2016-03-23 at 02:26 +0000, Gilberto Bertin wrote:
> Since the net-next window just opened, I'm resubmitting my RFC for the
> SO_BINDTOSUBNET patch, following Mark Smith's suggestion to rename the
> whole thing to a more clear SO_BINDTOPREFIX.

Please do not add such monolithic option.

BPF is absolutely the way to go here, as it allows for whatever user
specified tweaks, like a list of destination subnetwork, or/and a list
of source network, or the date/time of the day, or port knocking without
netfilter, or ... you name it.

Simply add an option to load a BPF filter on a socket, used to vary the
various compute_score() functions.

No hard coded knowledge in the kernel, but a generic interface.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ