From: jamal <hadi@cyberus.ca>
To: David Miller <davem@davemloft.net>
Cc: hidden@sch.bme.hu, kaber@trash.net, hidden@balabit.hu,
aschultz@warp10.net, tproxy@lists.balabit.hu,
netdev@vger.kernel.org
Subject: Re: [tproxy,regression] tproxy broken in 2.6.32
Date: Sat, 28 Nov 2009 17:20:15 -0500 [thread overview]
Message-ID: <1259446815.3864.97.camel@bigi> (raw)
In-Reply-To: <20091128.132158.34557470.davem@davemloft.net>
On Sat, 2009-11-28 at 13:21 -0800, David Miller wrote:
> What matters is that this worked for years and we broke it.
But Tproxy just went in.
> There is no other valid discussion about this.
Surely we can have a valid technical discussion, no?
I would like to hear from Krisztian his reasoning for using LOCAL
routes. There may be good reasons.
> The only thing to "pick" right now is whether we revert the
> thing completely or add a sysctl and default it to off.
>
> I prefer the former because nobody is going to turn the thing
> on, especially not distributions, and that's %99.9999 of users.
There is nothing to sysctl control.
IMO, what is at stake here is the check:
-----
if (res.type != RTN_UNICAST)
goto e_inval_res;
----
There are several ways to resolve that:
a) either we say RTN_LOCAL is also legit if some
skb->transparent is set. IMO it is not worth it.
b) have the routing table (as programmed by the user) return
RTN_UNICAST
c)do the approach Krisztian talked about - which is also
user space controlled.
cheers,
jamal
next prev parent reply other threads:[~2009-11-28 22:20 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <db81a9a20911230443h443b3c2l8fab5aef7b09cfa@mail.gmail.com>
[not found] ` <1259137434.9191.3.camel@nienna.balabit>
2009-11-26 17:19 ` [tproxy,regression] tproxy broken in 2.6.32 Andreas Schultz
2009-11-27 8:26 ` KOVACS Krisztian
2009-11-27 9:11 ` Andreas Schultz
2009-11-27 16:05 ` jamal
2009-11-28 15:15 ` KOVACS Krisztian
2009-11-28 15:45 ` jamal
2009-11-28 18:50 ` KOVACS Krisztian
2009-11-28 19:26 ` jamal
2009-11-28 15:46 ` Patrick McHardy
2009-11-28 16:04 ` jamal
2009-11-28 17:07 ` Patrick McHardy
2009-11-28 17:36 ` jamal
2009-11-28 19:05 ` KOVACS Krisztian
2009-11-28 19:44 ` jamal
2009-11-28 21:21 ` David Miller
2009-11-28 22:20 ` jamal [this message]
2009-11-29 20:35 ` KOVACS Krisztian
2009-11-30 12:15 ` jamal
2009-11-30 12:45 ` KOVACS Krisztian
2009-11-30 13:59 ` jamal
2009-12-01 13:34 ` jamal
2009-12-03 6:31 ` David Miller
2009-12-03 13:53 ` jamal
2009-12-03 13:55 ` Patrick McHardy
2009-12-03 14:07 ` KOVACS Krisztian
2009-12-03 14:29 ` jamal
2009-12-13 16:52 ` [PATCH] net: restore ip source validation WAS(Re: " jamal
2009-12-13 18:12 ` Julian Anastasov
2009-12-13 18:38 ` jamal
2009-12-13 19:11 ` jamal
2009-12-13 19:15 ` jamal
2009-12-14 3:10 ` David Miller
2009-12-14 10:19 ` jamal
2009-12-26 1:30 ` David Miller
2009-12-26 15:05 ` jamal
2009-12-26 21:45 ` David Miller
2009-11-30 20:17 ` David Miller
2009-11-28 21:22 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1259446815.3864.97.camel@bigi \
--to=hadi@cyberus.ca \
--cc=aschultz@warp10.net \
--cc=davem@davemloft.net \
--cc=hidden@balabit.hu \
--cc=hidden@sch.bme.hu \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=tproxy@lists.balabit.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.