| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAPhsuW6-mdSLFDUdGL1eh2n2Wx32GDsvjCSSyv1dxom1g=uUow@mail.gmail.com>
Date: Fri, 4 Oct 2019 10:53:22 -0700
From: Song Liu <liu.song.a23@...il.com>
To: Stanislav Fomichev <sdf@...gle.com>
Cc: Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
"David S . Miller" <davem@...emloft.net>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Petar Penkov <ppenkov@...gle.com>
Subject: Re: [PATCH bpf-next v2 1/2] bpf/flow_dissector: add mode to enforce
global BPF flow dissector
On Fri, Oct 4, 2019 at 8:58 AM Stanislav Fomichev <sdf@...gle.com> wrote:
>
> Always use init_net flow dissector BPF program if it's attached and fall
> back to the per-net namespace one. Also, deny installing new programs if
> there is already one attached to the root namespace.
> Users can still detach their BPF programs, but can't attach any
> new ones (-EEXIST).
>
> Cc: Petar Penkov <ppenkov@...gle.com>
> Signed-off-by: Stanislav Fomichev <sdf@...gle.com>
Acked-by: Song Liu <songliubraving@...com>
Powered by blists - more mailing lists