| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 May 2017 13:39:27 -0700 From: Morgan Yang <morgan.yang1982@...il.com> To: Cong Wang <xiyou.wangcong@...il.com> Cc: Linux Kernel Network Developers <netdev@...r.kernel.org> Subject: Re: Advice on user space application integration with tc I tried on both stock CentOS 7.3 and Ubuntu 16.04 and tc-skbmod was not support (I built tc from the latest versions of iproute2). For tc-pedit, examples from man tc-pedit such as "pedit ex munge" were not supported, but "pedit munge offset" is. On Mon, May 15, 2017 at 1:14 PM, Cong Wang <xiyou.wangcong@...il.com> wrote: > On Thu, May 11, 2017 at 1:45 PM, Morgan Yang <morgan.yang1982@...il.com> wrote: >> Hi All: >> >> I want to build a solution that leverages the filtering and actions of >> tc in kernel space, but have the ability to hook to a userspace >> application that can additional packet processing (such as payload >> masking). I'm curious what are the best ways to go about doing that? I >> have been looking into tc-skbmod and tc-pedit, but as good as they >> are, they would require newer kernels. I have also tried using tc to >> mirror filterd packets to a dummy or tap interface, and have the >> userspace application pick up there, but the performance has been >> supar. I'm hoping to have a solution that avoids the extra mirroring. > > > act pedit exists for a rather long time, I don't think you need a new > kernel to use it, unless of course you have a different definition of > "new kernel". ;)
Powered by blists - more mailing lists